Skip to content

Product

Device Harmony

Device Management

Vulnerability Management

Endpoint Detection & Response

Pricing

Support

Use Cases

Deploy

Secure

Configure

Manage

Integrate

Features

Liftoff

Passport

Auto Apps

Managed OS

Migration

Compliance

Integrations

Resources

Blog

Customer Stories

MacAdmins Community

Security Details

Company

About Kandji

Careers

News & Press

Contact

Log in Request Access
Request Access

What Is an Apple MDM Server?

Introduction to MDM Servers

An Apple MDM (mobile device management) server is a type of endpoint management software that works with Apple devices, including but not limited to computers running macOS as well asi Phone and iPad devices running iOS and iPadOS. The purpose of an Apple MDM server is to provide IT admins with a single point of control over a fleet of Apple devices to ensure effective and consistent security, configuration, compliance, and software provisioning.

How Does an MDM Server and the MDM Protocol Work?

To manage Apple devices, an MDM server must support the Apple MDM protocol, which defines the profiles and commands that admins can distribute to Apple clients. There are MDM servers that can work with all major operating systems, including Windows and Android. But Apple-focused offerings such as Kandji provide a deeper set of features and greater level of control over devices that use macOS, iOS, iPadOS, or tvOS than those cross-platform MDM solutions.

To access that additional functionality, many organizations choose to deploy an Apple-focused MDM server such as Kandji to manage devices that use one of Apple’s operating systems, in tandem with a cross-platform MDM server to manage Windows and Android devices. Those cross-platform technologies may be referred to by other names, including Universal Endpoint Management (UEM) and Enterprise Mobility Management (EMM). Some of these management solutions implement or augment their support for MDM with proprietary agents designed for different device types.

What Are the Benefits of an MDM Server?

MDM started as an organizational response to the BYOD (bring your own device) trend, when employees began bringing personal devices to work and using them primarily to access company email on the go. The prospect of lost or stolen devices falling into the wrong hands quickly compelled organizations to find workflows to enforce password authentication on mobile devices and the ability to wipe those devices. MDM provided that kind of remote management.

Since then, device-management software vendors have gone beyond those basic security measures to add configuration, monitoring, and software distribution/update features. For managing Apple devices, access to the full functionality of the Apple MDM protocol requires an Apple-specific MDM solution. Among the MDM features that cross-platform device-management solutions can’t provide:

  • Full integration with Apple Business Manager: Companies that support Apple devices almost always use Apple Business Manager for device enrollment. Coupled with such an Apple MDM solution, Apple Business Manager also helps admins seamlessly create Managed Apple IDs for employees; distribute and update standard iOS and MacOS software environments; and continuously monitor the location and activity of managed devices.
  • Automated remediation: When unauthorized changes to managed devices occur, an Apple-focused MDM solution can restore the proper settings automatically, even while the device is offline.
  • Management of user privileges by group: Most companies divide users into different tiers, with each group accorded its own set of access control settings for company applications and data. The best Apple MDM solutions let admins manage those groups easily as well as maintain custom profiles for users with unique needs.
  • Automated software updates: Unpatched software remains a key vector for cyberattacks. The ability to automate the distribution of iOS and macOS patches, not to mention updates for apps that run in those environments, is a key differentiator for Apple MDM solutions.
  • Meeting regulatory compliance standards: Businesses face increasing liability if their infrastructure, including endpoints, fails to meet compliance standards. The best Apple MDM solutions provide tools that make it easier for admins to ensure Apple devices conform with compliance standards such as ISO/IEC 27001.

The main benefit of MDM solutions is to reduce the time admins spend on repetitive tasks such as device enrollment. An Apple-focused MDM server provides the functionality admins need to automate Apple-specific tasks, from scripting user device setups to effecting changes in configurations that impact all members of a certain group of Apple users.

How to Set Up and Configure an Apple MDM Server?

MDM servers tend to be cloud-based solutions rather than installed on-premises. To start implementing cloud MDM, admins sign up for a corporate account with Apple and specify their MDM solution in Apple Business Manager.

The next step is to configure the APN (Apple Push Notification) service, which enables an MDM solution to communicate with Apple devices. This requires the admin to create an APNs certificate using a Managed Apple ID provisioned through Apple Business Manager. The MDM system can automatically enroll every device that has already been logged by Apple Business Manager, which contains records of all Apple devices bought by an organization.

Admins can then set up the MDM server to enable Apple apps and books to be downloaded so they can be pushed from the server to enrolled devices as needed. The MDM server can be integrated with whichever directory service (such as Microsoft Active Directory) an organization has chosen to automatically sync user directories. After this setup and configuration is complete, admins can then implement and enforce security policies, authentication schemes, and access control across users and their devices can commence.

Managing Apple Devices at Scale

Organizations with more than a handful of end-users need MDM. Without it, device management becomes a high-touch manual effort requiring constant troubleshooting, compromising security and regulatory compliance. Automated services, particularly those related to pushing out software and profile updates, can save tremendous amounts of admin time, as can templates for common rights and permissions profiles.

Apple-focused MDM servers offer control over Apple devices at a deep level–but MDM servers specifically designed for managing Apple devices vary widely. Apple admins need to evaluate and compare solutions for themselves to determine the best Apple MDM server for their organization.

Related Terms:

Related Guides: