Simple to deploy

Simple to deploy. At any scale.

Whether you have ten devices or ten thousand, it’s easier than ever to integrate, manage, deploy, and secure your Apple devices. With Apple Business Manager, devices can be distributed directly to employees and used right out of the box all without manual configuration.

Simplifying every step of the device lifecycle.

iPhone, iPad, Mac, and Apple TV fit right into your existing corporate infrastructure. Apple makes it easy for IT teams to administer devices, manage configurations, distribute apps and content, and secure corporate data. And with flexible deployment models, IT can get employees up and running faster than ever with the best tools for their jobs.

Get started with Apple Business Manager.

Apple Business Manager is a web-based portal helping IT administrators deploy iPhone, iPad, Mac, and Apple TV. They can easily provide employees with access to Apple services, set up device enrollment, and distribute apps, books, and custom apps — all from one place.

Devices.

Enroll devices to be set up automatically with MDM. Streamline and customize the setup process for employees.

Content.

Easily buy apps and books for employees. And now distribute custom apps within your organization.

People.

Create Managed Apple IDs for employees and assign privileges for additional users on your IT team.

Integrate with any environment.

Wi-Fi and Networking.

Email.

File Providers.

Directory Services.

Identity Providers.

Wi-Fi and Networking VPN Email File Providers Directory Services Identity Providers.

Resources for Apple Business Manager.

Flexible deployment options for every scenario.

Apple makes it easy to choose the right deployment option to meet the needs of your organization. Protect company information while maintaining privacy for employees who bring their own device to work with User Enrollment. IT can establish a higher level of control on organization-owned devices with supervision and Device Enrollment.

User Enrollment.

Private and secure for BYOD.

New enrollment method.

User Enrollment allows employees to protect their privacy while IT keeps corporate data safe. Behind the scenes, a separate volume keeps managed data cryptographically separated.

Only manage what’s necessary.

IT can manage a subset of configurations and policies while restricting certain management tasks such as remotely wiping the entire device or collecting personal information.

Two Apple IDs, one device.

Employees bringing their own device to work can also bring their existing Apple ID alongside a Managed Apple ID for corporate data. All data is kept separate and private.

User Enrollment.

When a personal device is enrolled with User Enrollment, MDM is limited to certain management functions.

Configure Per app VPN.

Install and configure apps.

Require a passcode.

Enforce certain restrictions.

Access inventory of work apps.

Remove work data only.

Access personal information.

Access inventory of personal apps.

Remove any personal data.

Collect any logs on the device.

Take over personal apps.

Require a complex passcode.

Remotely wipe the entire device.

Access device location.

Device Enrollment.

For corporate-owned devices.

Automated enrollment.

IT can automatically provision devices into MDM during setup — right out of the box. IT can also customize the onboarding experience to streamline the process for employees.

Higher level of control.

By using supervision, IT can use controls not available for other deployment models, including additional security configurations, non-removable MDM and software update management.

Flexible models.

Provide devices to employees for their daily use, share devices among employees for common tasks, or configure devices for a specific purpose locked into a single app.

Device Enrollment.

When an Apple device is supervised, IT has a higher level of control to configure settings and apply restrictions.

Configure global proxies.

Install, configure, and remove apps.

Require a complex passcode.

Enforce all restrictions.

Access inventory of all apps.

Remotely erase the entire device.

Manage software updates.

Remove system apps.

Modify the wallpaper.

Lock into a single app.

Bypass Activation Lock.

Place device in Lost Mode.

Shared iPad.

With Shared iPad, organizations that share devices among employees can provide a more personalized experience. Before each shift, employees can pick up any iPad and sign in with a Managed Apple ID to access their documents, mail, and apps. For devices that do not need to be personalized, the new temporary sessions feature allows any user to access iPad and have their data removed automatically when they sign out.

Resources for deployment.

Manage with ease.

All Apple devices have a built-in, secure management framework enabling IT to configure settings, manage devices, and set up security features remotely over the air. IT can easily create profiles to ensure employees have everything they need to be secure and productive. Apple devices enable IT to manage with a light touch without having to lock down features or disable functionality and still keep company data protected.

One simple framework.

With the secure management framework in iOS, iPadOS, macOS, and tvOS, IT can configure and update settings, deploy applications, monitor compliance, query devices, and remotely wipe corporate data. The framework supports organization‑owned and employee‑owned devices.

Configure and control.

MDM supports configuration for apps, accounts, and data on each device. This includes integrated features such as password and policy enforcement. Controls remain transparent to employees while ensuring their personal information stays private. And IT maintains necessary oversight without disrupting the productivity employees need to succeed.

Variety of MDM solutions.

Whether your business uses a cloud-based or on-premise server, MDM solutions are available from a wide range of vendors with a variety of features and pricing for ultimate flexibility. And each solution utilizes the Apple management framework in iOS, iPadOS, tvOS, and macOS to manage features and settings for each platform.

Software update management.

IT can delay over‑the‑air updates for supervised iOS, iPadOS, macOS, and tvOS devices. This gives IT time and flexibility to complete a thorough certification. Once IT certifies a version of each release, they can decide what version users should download and install. Then, IT can directly push the update to all employees to ensure they have the latest security features on all their devices.

Personal information is always private. Regardless of enrollment method.

Every Apple product is designed with privacy in mind. On-device processing is used whenever possible, the collection and use of data is limited, and everything is designed to provide users with transparency and controls for their data.

The MDM protocol allows IT to interact with an Apple device but limits the exposure of certain information and settings. Regardless of deployment model, the MDM framework can never access personal information including email, messages, browser history, and device location.

Resources for management.

Simplified access to corporate data and services.

iOS, iPadOS, and macOS make it easier than ever for IT to integrate with your organization’s directory service or cloud identity provider. IT can now link Apple Business Manager to Microsoft Azure Active Directory, making it seamless for employees to access Apple services with a Managed Apple ID.

Managed Apple IDs for employees.

Managed Apple IDs are created, owned, and managed by the organization and are designed for BYOD and organization-owned devices. Organizations can use Apple Business Manager to automatically create Managed Apple IDs for employees. This enables employees to collaborate with Apple apps and services as well as access corporate data in managed apps that use iCloud Drive. Managed Apple IDs can also be used alongside a personal Apple ID on employee owned devices when organizations leverage User Enrollment.

Sign on once.

The latest versions of iOS, iPadOS, and macOS introduce a new system-wide extension framework for single sign-on to make it easier for employees to sign in to corporate apps and websites. The new extension framework requires support from cloud identity providers and is configurable through MDM. And for organizations using Kerberos, a first-party extension provides password management and local password sync for internal applications.

Microsoft Azure AD authentication.

With federated authentication, IT teams can connect Apple Business Manager to Microsoft Azure Active Directory enabling employees to use their existing user names and passwords as Managed Apple IDs. Employees can access Apple services including iCloud Drive, Notes, Reminders, and collaboration all with their existing credentials. And Managed Apple IDs are automatically created when a user first signs into an Apple device with their Azure AD username and password.

To prepare for this simplified sign-in experience:

Verify your business uses Microsoft Azure Active Directory.

Determine the business domains you’d like to link to Apple Business Manager.

Set up the connection to Microsoft Azure Active Directory in Apple Business Manager.