Skip to content
Site Header
Pricing
Contact Sales Start Free Trial
Start Free Trial
background image

What is an MDM Server?

Apple MDM Definitions

Back to Definitions

Table of Contents

Introduction to MDM Servers

An Apple MDM (mobile device management) server is a type of endpoint management software that works with Apple devices, including but not limited to computers running macOS as well asi Phone and iPad devices running iOS and iPadOS. The purpose of an Apple MDM server is to provide IT admins with a single point of control over a fleet of Apple devices to ensure effective and consistent security, configuration, compliance, and software provisioning.

How Does an MDM Server and the MDM Protocol Work?

To manage Apple devices, an MDM server must support the Apple MDM protocol, which defines the profiles and commands that admins can distribute to Apple clients. There are MDM servers that can work with all major operating systems, including Windows and Android. But Apple-focused offerings such as Kandji provide a deeper set of features and greater level of control over devices that use macOS, iOS, iPadOS, or tvOS than those cross-platform MDM solutions.

To access that additional functionality, many organizations choose to deploy an Apple-focused MDM server such as Kandji to manage devices that use one of Apple’s operating systems, in tandem with a cross-platform MDM server to manage Windows and Android devices. Those cross-platform technologies may be referred to by other names, including Universal Endpoint Management (UEM) and Enterprise Mobility Management (EMM). Some of these management solutions implement or augment their support for MDM with proprietary agents designed for different device types.

What Are the Benefits of an MDM Server?

MDM started as an organizational response to the BYOD (bring your own device) trend, when employees began bringing personal devices to work and using them primarily to access company email on the go. The prospect of lost or stolen devices falling into the wrong hands quickly compelled organizations to find workflows to enforce password authentication on mobile devices and the ability to wipe those devices. MDM provided that kind of remote management.

See Kandji in Action

Experience Apple device management and security that actually gives you back your time.

Start Free Trial Contact Sales

Since then, device-management software vendors have gone beyond those basic security measures to add configuration, monitoring, and software distribution/update features. For managing Apple devices, access to the full functionality of the Apple MDM protocol requires an Apple-specific MDM solution. Among the MDM features that cross-platform device-management solutions can’t provide:

  • Full integration with Apple Business Manager: Companies that support Apple devices almost always use Apple Business Manager for device enrollment. Coupled with such an Apple MDM solution, Apple Business Manager also helps admins seamlessly create Managed Apple IDs for employees; distribute and update standard iOS and MacOS software environments; and continuously monitor the location and activity of managed devices.
  • Automated remediation: When unauthorized changes to managed devices occur, an Apple-focused MDM solution can restore the proper settings automatically, even while the device is offline.
  • Management of user privileges by group: Most companies divide users into different tiers, with each group accorded its own set of access control settings for company applications and data. The best Apple MDM solutions let admins manage those groups easily as well as maintain custom profiles for users with unique needs.
  • Automated software updates: Unpatched software remains a key vector for cyberattacks. The ability to automate the distribution of iOS and macOS patches, not to mention updates for apps that run in those environments, is a key differentiator for Apple MDM solutions.
  • Meeting regulatory compliance standards: Businesses face increasing liability if their infrastructure, including endpoints, fails to meet compliance standards. The best Apple MDM solutions provide tools that make it easier for admins to ensure Apple devices conform with compliance standards such as ISO/IEC 27001.

The main benefit of MDM solutions is to reduce the time admins spend on repetitive tasks such as device enrollment. An Apple-focused MDM server provides the functionality admins need to automate Apple-specific tasks, from scripting user device setups to effecting changes in configurations that impact all members of a certain group of Apple users.

How to Set Up and Configure an Apple MDM Server?

MDM servers tend to be cloud-based solutions rather than installed on-premises. To start implementing cloud MDM, admins sign up for a corporate account with Apple and specify their MDM solution in Apple Business Manager.

The next step is to configure the APN (Apple Push Notification) service, which enables an MDM solution to communicate with Apple devices. This requires the admin to create an APNs certificate using a Managed Apple ID provisioned through Apple Business Manager. The MDM system can automatically enroll every device that has already been logged by Apple Business Manager, which contains records of all Apple devices bought by an organization.

Admins can then set up the MDM server to enable Apple apps and books to be downloaded so they can be pushed from the server to enrolled devices as needed. The MDM server can be integrated with whichever directory service (such as Microsoft Active Directory) an organization has chosen to automatically sync user directories. After this setup and configuration is complete, admins can then implement and enforce security policies, authentication schemes, and access control across users and their devices can commence.

Managing Apple Devices at Scale

Organizations with more than a handful of end-users need MDM. Without it, device management becomes a high-touch manual effort requiring constant troubleshooting, compromising security and regulatory compliance. Automated services, particularly those related to pushing out software and profile updates, can save tremendous amounts of admin time, as can templates for common rights and permissions profiles.

Apple-focused MDM servers offer control over Apple devices at a deep level–but MDM servers specifically designed for managing Apple devices vary widely. Apple admins need to evaluate and compare solutions for themselves to determine the best Apple MDM server for their organization.

Featured Resources:

Learn about Apple Device Management

Visit the Kandji Blog for more content

Read the Apple MDM Buyers Guide

More Kandji Content

  • ResourcesApple in the Enterprise Report 2024

    Apple in the Enterprise Report 2024

    Discover the trends shaping enterprise technology as Apple devices continue to gain ground in the corporate world.

    Learn more
  • Virtual EventKandji June Product Update 2024

    Introducing Assignment Maps

    Watch the virtual event recap from our latest product announcement. Kandji unveils new assignment features and automations that make administration easy and efficient regardless of scale and complexity.

    Watch the event
  • From The Customer StoriesDemandbase Saves 50 Hours a Month

    Demandbase Saves 50 Hours a Month with Automated Device Management

    Read how Demandbase reduced Mac-related support tickets by 75% after switching to Kandji.

    Keep reading
Background Amber waves

Manage and secure your Apple devices at scale.

Start Free Trial