APPLE BUSINESS MANAGER - Out of the Box Experience for iPhone/iPads/MacBooks

Mobile devices have become an integral part of our working world. The possible uses of modern smartphones have little to do with a simple telephone. However, this also applies to the associated complexity when it comes to setting up, managing and securing them.

Mobile devices should support us in our work and not make it more difficult for us. We have already explained how important this aspect is, especially at the beginning of an employment relationship, in “Onboarding 2020 - modern working from the start”.

But how can this complexity be reduced to such an extent that it appears simple for new employees?

Apple has been offering the “Device Enrollment Program” (DEP) since 2014, which enabled companies to automatically connect iPhones and iPads to a device management system for the first time. The program has since been expanded to include the “macOS” and “tvOS” operating systems and, together with the “Volume Purchase Program” (VPP), has been merged into the so-called “Apple Business Manager” (ABM).

The web-based tool enables the automated assignment of new and existing Apple devices to a Unified Endpoint Management System (UEM). As soon as a device is started for the first time or after a reset, automatic enrollment takes effect and the device is assigned to a UEM system.

Functionality

To go through the setup wizard, it is essential to configure a network connection, be it via WLAN or mobile radio. Only then can the device be activated. The serial number of the device is transmitted to Apple and used to check whether a corresponding ABM registration exists.

The device uses the returned information to establish a connection to the UEM system. The user is informed that the device will now be configured automatically via remote management. From this point on, the further behaviour of the device can be defined by the administrator of the organization via an enrolment profile.

Incidentally, there is also a similar program for Android (Google ZeroTouch), which we have described here.

In our video example, we show how easy it can be to register an iPhone for an employee.

In our case, the user is forced to log in. This procedure is recommended in most use cases. One advantage of user-specific registration, in addition to protection against unauthorized access, is the individual handling of security guidelines and the assignment of applications. However, it is also possible to register devices completely without user assignment.

In any case, the UEM platform controls which settings of the setup wizard are displayed. Hiding sequences that are not required enables a considerable streamlining of the initial configuration and thus time savings in every registration process. Of course, the skipped points can be made later in the device settings, provided they are not blocked by a corresponding policy. Furthermore, administrative settings such as supervision mode are set up in the background.

This gives companies better control over Apple devices, as the administration has additional functionalities at its disposal, such as Updating applications, filtering Internet usage, preventing AppStore access, and much more.

Once the setup wizard has been run through and the initial configuration completed, the security guidelines are sent to the device and the specified applications are installed. By using customized wallpapers, the user can be visually guided through the following process steps, as shown in the video.