Operation Manual

ManualsBrandsApple ManualsOtheriOS Implementierung

Chapter 7 Conguration and management 60

To enable management, Apple devices are enrolled with an MDM server using an enrollment

conguration prole and can be done by the user directly. For company-owned devices, MDM

enrollment can be automated using the Device Enrollment Program (described in this chapter).

When an administrator initiates an MDM policy, option, or command, the Apple devices receive

notication of the action through the APNs. With a network connection, devices can receive

APNs commands anywhere in the world.

Enrollment

Enrolling Apple devices enables cataloging and asset management. The enrollment process

typically leverages Simple Certicate Enrollment Protocol (SCEP), which lets a device create and

enroll unique identity certicates for authentication to an organization’s services.

In most cases, users decide whether or not to enroll their Apple device in MDM, and they can

disassociate from MDM at any time. Organizations should consider incentives for users to remain

managed. For example, require MDM enrollment for Wi-Fi network access by using the MDM

solution to automatically provide the wireless credentials. When a user leaves MDM, their device

attempts to notify the MDM server.

The Device Enrollment Program can also be used to automatically enroll Apple devices your

organization owns in MDM during initial setup. You can also supervise the iOS devices, so users

with these devices won’t be able to bypass MDM or unenroll their devices.

For more information, see Device Enrollment Program.

Congure

Once an Apple device is enrolled, it can be dynamically congured with settings and policies

by the MDM server, which sends conguration proles to the device that are automatically,

and silently, installed by either iOS or OS X.

Conguration proles can be signed, encrypted, and locked—preventing the settings from being

altered or shared—ensuring that only trusted users and Apple devices that are congured to

your specications can access your network and services. If a user disassociates their device from

MDM, all of the settings installed by MDM are removed.

A redesigned user interface for proles in iOS 8 shows users what has been congured

and restricted by MDM. Accounts, apps, books, and restrictions can now be easily viewed.

Provisioning proles are no longer visible to the user in iOS 8 and expired proles are

automatically removed.

Accounts

MDM can help your users get up and running quickly by setting up their mail and other

accounts automatically. Depending on the MDM solution you use and its integration with your

internal systems, account payloads can also be pre-populated with a user’s name, mail address,

and, where applicable, certicate identities for authentication and signing.

MDM can congure the following types of accounts:

•

Calendar

•

Contacts

•

Exchange ActiveSync

•

Identity

•

Jabber

•

LDAP

100% resize factor