Jamf Blog
Illustration of mobile device management, showing employees at work in varying places and in varying ways.
May 24, 2022 by Haddayr Copley-Woods

Apple Mobile Device Management FAQ

The world of Apple Mobile Device Management (MDM) can sometimes raise questions. Here are some of the most frequently asked questions, some answers, and some suggestions for further reading.

What is Apple Mobile Device Management (MDM)?

Apple’s expansion in the enterprise has brought with it a more productive workforce and the ability for employees to truly work anywhere.

But more freedom, an expanding perimeter and a new operating system can offer challenges, as well.

Organizations of any size must keep everyone’s devices running optimally, ensure hardware and networks are protected at all times and provide the proper access to each employee: not too little, not too much.

To ensure speed, consistency and automation of security best practices, your organization will need an MDM.

A good Apple MDM provides:

  • Remote device, inventory and app management
  • Visibility into device states and automated OS updates and patch management
  • Compliance with policies, configurations and updates without need for IT to touch a device

A great Apple MDM is purpose-built for Apple and provides:

  • A way for employees to request apps they need, when they need them
  • Integrations with threat prevention and remediation solutions
  • A way to ensure secure connections to your network and data as well as for individual employees

With a powerful MDM service such as Jamf Pro or Jamf Now managing your devices, your organization will provide better service to your employees, free up IT time and better manage risk. You’ll also be able to offer remote workers a better experience, create engaging and useful onboarding experiences and ensure a safer connection for all devices and users.

Frequently asked questions about Apple MDM

Q: What is device supervision?

Device supervision gives organizations more control over organization-issued iOS devices. Supervision allows Mac administrators to apply safety or data use restrictions. It also allows IT to automatically update apps and to push out configurations and features useful to everyone in a company.

Watch this video to learn about why device supervision is important for businesses.

Q: What is Apple Business Manager?

It's a simple, web-based portal for IT administrators to easily buy Apple devices in volume. Businesses can use Apple Business Manager as a database of their Apple device purchases as well as a database of App Store apps. With Apple Business Manager, your organization will not need an Apple ID for every individual, and each device you purchase through Apple Business Manager will automatically enroll in your MDM and simplify initial device setup.

That means you can assign names, users, groups and apps before devices are shipped to your location. Even better, especially with the right onboarding workflow provided by a comprehensive MDM? Delivered directly to the end user’s home.

Do you really need Apple Business Manager? If you want to get the most out of your Apple fleet, absolutely.

Get a comprehensive overview of how to get started with Apple Business Manager by watching our webinar.

What is Apple School Manager?

This web-based portal helps IT administrators deploy iPad and Mac in schools. It allows you to set up devices and get apps and books for students and teachers. And, especially when in conjunction with a school-focused MDM like Jamf School that partners with educational apps, it can provide tools to create engaging lessons, collaborate and power remote learning.

Q: What is an Apple ID? What is a Managed Apple ID?

An Apple ID is an identifier and authenticator. Individuals can use an Apple ID to buy items from the App Store and to continue their settings across your iPhone, iPad, Mac, Apple Watch and other Apple devices with one login. While you can use individual Apple IDs to manage devices in an organization, it’s a more secure and easily-controlled process to instead use Managed Apple IDs.

Managed Apple IDs, created by Apple Business Manager, are IDs unique to your organization and separate from Apple IDs employees create themselves. IT can use Managed Apple IDs to control access as well as push all apps and tools out to Apple devices. This increases security as each app can be properly vetted before reaching devices. Learn in more detail how Managed Apple IDs can help your organization.

Q: What is a zero-touch deployment?

Zero-touch deployment is a way for businesses to equip, secure and maintain their Apple devices without ever having to touch the device. This is an absolute must for those with a remote workforce and those who want to push out updates and patches the instant they are available.

Read our beginner’s guide to zero-touch deployment to learn more. Already sold and you just need details? This blog post on how to enable zero-touch deployment for your organization is a detailed, step-by-step instructional blog on how to use Jamf Pro and Jamf Connect to do exactly that.

Q: What is Apple Configurator 2?

Apple Configurator 2 simplifies Apple configuration settings for iPad, iPhone, iPod touch and Apple TV devices in your school or business wirelessly.

From one interface screen, IT can view the operating system version, serial number, hardware IDs and addresses, available capacity and log messages of all connected devices. From there, staff can update software, install apps and configuration profiles and more.

Learn how to enroll mobile devices into Jamf Pro using Apple Configurator 2 and an enrollment URL.

Q: What is Apple Push Notification service (APNs)?

APNs enables data propagation on Apple devices without requiring a constant connection.

As a critical layer for Apple deployment programs, security features and MDM, APNs is absolutely vital for organizations focused on security and efficiency. Learn more details in our blog post about APNs.

Q. What can an MDM access on a device?

Apple does not relax its privacy policies for businesses that are managing Apple devices, so access to individual devices is limited. Mainly, MDMs can monitor:

  • Installed apps
  • OS versions
  • Device inventory
  • Security warnings
  • Configuration settings related to the MDM
  • Remote lock and wipe in case of a lost or stolen device
  • Location tracking, but only in lost mode — not continual monitoring of location.

Q: What can’t an MDM access on a device?

MDMs do not have access to control of a user’s iPhone, even if that iPhone was issued by the company. IT cannot use MDM to move around your files or send messages on your behalf. They can’t access texts, emails, photos or other personal messages or data within apps on a device.

Photo of Haddayr Copley-Woods
Haddayr Copley-Woods
Haddayr Copley-Woods is a senior copywriter at Jamf. She writes about tech, specializing in Apple and Jamf with a focus on education, accessibility and security.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.