8 things you should know about Apple device management

Emily Brown

Jul 13, 2020

8 min read

Apple devices are fast gaining traction as a favorite in the enterprise market with their business-friendly features. Using a Mobile Device Management (MDM) solution, the IT admins can easily deploy and manage bulk Apple devices including iPhones, iPads, MacBooks, and Apple TVs. Originally, there were concerns about switching to Apple devices for enterprise citing reasons such as the higher cost and unfriendly developer environment. Now, these reservations are no longer valid. It has been noted that the Total Cost of Ownership (TCO) is actually lower for Apple devices in the long run. Apple has also made great strides for enterprise use from the developer point of view. Here are 8 things every IT admin should know about Apple Device Management

1. Modern out-of-box methods for provisioning and deployment

Out of box enrollment
Out-of-the-box Enrollment
Bulk deployment and management of devices used to be a headache for every IT admin. With a suitable MDM solution integrated with your Apple Business Manager account, Apple devices can be directly enrolled in the MDM server using just the serial number or the order number of the devices. Pre-configured settings such as app settings, email settings, network settings, or security settings can be pushed as profiles to these devices. On turning on the new device for the first time, the device would be automatically enrolled in the MDM server and the pushed profiles would be installed. With Hexnode, the admin can manage the enrolled devices remotely from a Web Console

2. Apple Push Notification Service(APNs)

First introduced in June 2009, APNs is an Apple cloud service that handles the communication between Apple devices and third-party services. To communicate with the Apple devices, the Hexnode MDM server sends a notification to the APNs server which in turn communicates with the devices.  

How does APNs work?
How does APNs work?

The first step for managing any Apple device is configuring APNs with the MDM server.

How to create an APNs certificate?

1. Create a Certificate Signing Request from your Hexnode Web Console.
2. Upload the Self-Signed certificate in the Apple Server.
3. Upload the APNs certificate back to the portal.

3. Apple Business/School Manager

Apple device management is incomplete without Apple Business Manager (ABM). Whether it is to automate device deployment or app purchasing and deployment, it can be done simply with the seamless integration of Apple Business Manager with a suitable MDM solution. Apple Business Manager is a consolidated service including both Apple Device Enrollment Program (Apple DEP) and Volume Purchasing Program (VPP). With Apple Business Manager, you can enroll the Apple devices quickly and easily with Hexnode, deploy them and simplify the setup and onboarding process, all without physically touching the devices. The IT admin can also assign managed Apple IDs to the employees as required using the Apple Business/School Manager account.

Integrating Apple Business Manager with Hexnode

1. Download the certificate file from Hexnode Web Portal.
2. Login to your Apple Business Manager Account and upload the certificate under “Add MDM Server”.
3. Save and download the server token.
4. Go back to your Hexnode Web Portal and upload the server token. Configure the authentication settings and save.

4. Apps and Books for Business

Previously Apple VPP (Volume Purchasing Program), Apps and Books are now available directly by logging into your Apple Business Manager account. Apps and Books allows the admin to purchase, distribute, and manage the apps and books in bulk. Both App Store apps and custom apps developed for organizational use can be purchased and distributed using Apps and Books. The ability to distribute custom apps used to be limited to organizations with Apple Business Manager account. The functionality has now been extended to Apple School Manager as well. The custom apps can be published in the App Store or be published and distributed privately through Apps and Books

5. Developer community and tools 

Apple has become a developer-friendly platform with its Apple Developer Program and Apple Developer Enterprise Program. There is also an incredibly active developer community to help with app development. The Apple Developer Program allows the developer to distribute apps on the App Store, test beta versions of apps, and distribute custom apps to businesses using an MDM solution integrated with an Apple Business Manager account. The Apple Developer Enterprise Program allows large organizations to develop and deploy proprietary apps securely and privately for internal use within the organization. These developer-friendly measures are a boon for the effective management of Apple devices

6. Regular free OS and Software updates

There are no OS platforms completely immune against cyberattacks. However, Apple’s platforms are certainly a forerunner in the race of security. There are regular OS updates and software updates that are absolutely free of cost. These updates have continuous security patches in addition to being rich in features.

How can you manage the updates for the managed devices?

Hexnode allows you to schedule the OS updates in supervised iOS and macOS devices. The OS updates can be forced for iOS devices. The updates can be downloaded and installed or be just downloaded. For a managed supervised macOS device, there are more options. The admin can configure a policy to notify, download, download and install, install instantly or install the OS updates later on.

7. Security

There are built-in security features for Apple devices such as device encryption, Touch ID, Lost mode, and regular OS updates. Using an MDM solution, you can additionally ensure the security of the managed devices in different ways:

1. Network security using VPN: The VPN will ensure that all the data is sent through a private network maximizing data security. The VPN settings can be configured in a policy and pushed to managed devices remotely using your Hexnode Web Portal.

2. Web Content Filtering: This feature allows you to restrict the users to specific webpages. Blacklisting a website would allow the user to access all the websites except the blacklisted ones. On whitelisting a website URL, the users would be able to access only the whitelisted webpages and would be denied access to other websites.

3. Password Policies: Strong password policies can be enforced for securing the corporate data in the Apple devices. The passcode can be made mandatory and you can set a passcode age so that the passcode is changed frequently.

4. Firewall and FileVault for macOS: A firewall creates a barrier between the internal and external networks. Using an MDM, the firewall settings can be configured in a policy and pushed to the managed macOS device.  

5. Lost Mode and Remote Wipe: Management of lost devices is a crucial requirement for any IT admin. A lost iPhone or iPad can be instantly put into Lost Mode with Hexnode. The Lost Mode disables all device features and locks down the device with a custom message. To prevent any leakage of sensitive corporate data, the lost Apple devices can be remotely wiped from the Hexnode Web Portal.

8. Business Container for Personal devices

Bring Your Own Device (BYOD) is the practice of employees using their own personal devices in the workplace. This could be a potential nightmare for device management if the required security measures are not taken properly. Apple strikes a balanced chord between IT control and user empowerment with its business container for iOS devices. While the admin is able to configure, manage and secure the devices while controlling the corporate data flowing through them, the users are also able to use their own personal devices they are familiar with. 

Mobile Device Management Solution for Apple Device Management 

Apple Device Management is a breeze if done with the right knowledge and tools. A Mobile Device Management solution is necessary to efficiently manage all the deployed Apple devices with minimum effort. Reduced support costs, remote management of devices from a single web portal, integrating with directory services, automating redundant IT tasks such as password policy and device restrictions are just a few examples of what you can do with an efficient mobile device management solution. For purpose-oriented devices, Hexnode can be used to lock down an iPhone or iPad into Kiosk Mode. The iPhone/iPad is restricted to a single application or a set of required applications and restricts the user from accessing any other unwanted apps. The Kiosk Mode has far-reaching benefits in many industries such as retail, healthcare, travel, restaurant, and hospitality industries.  

Mobile Device Management Solution
Every year, Apple keeps adding on lucrative features and options for its enterprise customers. While choosing an MDM, make sure that you choose one that keeps itself updated with the latest features and benefits so that you do not miss out on any interesting and useful options. 
Emily Brown

Reading is therapy and writing is healing...sincerely, a cool nerd.

Share your thoughts