Deploy devices using Apple School Manager or Apple Business Manager
You can automatically enroll devices in your mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.
You do this using Apple School Manager or Apple Business Manager. These are simple, web-based portals that provide you with a fast, streamlined way to deploy Apple devices that your organization has purchased—either directly from Apple or from a participating Apple Authorized Reseller or cellular carrier.
You can also manually add Apple devices by using Apple Configurator for iPhone and Apple Configurator for Mac.
Important: Third-party MDM server tokens expire after 1 year and must be replaced. Depending on the MDM vendor, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple School Manager or Apple Business Manager, generate and download a new token for the MDM server and transfer that token to the MDM server for immediate installation. See your MDM vendor’s documentation for information about how to transfer the token.
After your organization signs up for Apple School Manager or Apple Business Manager, you can add manager accounts for users who are authorized to access the web-based portal. From the website, you can establish one or more servers for your MDM solution. You can also add servers at any time. Because Apple School Manager and Apple Business Manager work together with your MDM solution, you can simplify the setup process for users, configure device settings, buy content in volume, assign apps to devices or users, and then install and update the apps wirelessly, even if the App Store is disabled.
For more information, see Device workflow in the Apple School Manager User Guide or Device workflow in the Apple Business Manager User Guide.
To view the certifications that Apple maintains in compliance with the ISO 27001 and 27018 standards for Apple School Manager and Apple Business Manager, see Apple internet services security certifications in Apple Platform Certifications.
Note: To learn whether Apple School Manager or Apple Business Manager is available in your country or region, see the Apple Support article Availability of Apple programs and payment methods for education and business.
Federated authentication
Apple School Manager and Apple Business Manager also integrate with Google Workspace, Microsoft Entra ID, or an identity provider (IdP) using federated authentication, allowing users to use their existing user names and passwords. As a result, your users can leverage their Google Workspace, Microsoft Entra ID, or IdP user name (generally their email address) and password as a Managed Apple Account. They can then use those credentials to sign in to their assigned iPhone, iPad, Mac, Apple Vision Pro, and to Shared iPad. After they’ve signed in to one of those devices, they can then also sign in to iCloud on the web.
To use federated authentication, your Apple devices must meet the following operating system requirements:
iOS 15.5 or later
iPadOS 15.5 or later
macOS 12.4 or later
visionOS 1.1 or later
For more information on federated authentication, see Intro to federated authentication with Apple School Manager or Intro to federated authentication with Apple Business Manager.
Domain capture and account transfer
Managed Apple Accounts allow organizations to manage and own all Apple Accounts using their domain, securing any data associated with those accounts. While many businesses or schools want these capabilities, for various reasons they’ve setup their Apple devices and services using personal Apple Accounts.
SIS and SFTP in Apple School Manager
Apple School Manager is a central element of modern device deployment for education institutions. For more information, see the Apple Deployment Guide for Education to learn more about the steps of deploying Apple devices successfully in your learning environment for both one-to-one and shared deployments (primarily K–12).
So you can quickly create accounts with school rosters and classes, Apple School Manager also integrates with your existing environment. You can also integrate with supported Student Information Systems (SISs). Apple School Manager has added new features to enhance SIS synchronization. These enhancements use Claris Connect and include options to filter by schools and terms, and prevent duplicate entries during data import.
After you’ve authenticated and connected your SIS, specific information—such as management, staff, instructor, student names, and classes—is copied into Apple School Manager. You can then assign roles to your staff, instructors, and students and set their initial passwords. Apple School Manager periodically updates changes from your SIS. At no time is data written back to your SIS. For more information, see Integrate Apple School Manager with your Student Information System (SIS) in the Apple School Manager User Guide.
You can also add accounts manually by uploading account information in .csv files using a Secure File Transport Protocol (SFTP) app, or you can create them right in Apple School Manager. To reduce the possibility of errors, Apple School Manager has Apple-formatted or OneRoster-formatted (version 1.1) .csv templates you can download and use. For more information, see Upload Student Information System data to Apple School Manager in the Apple School Manager User Guide.
Test beta features
You can participate in testing beta features in Apple School Manager and Apple Business Manager. When you do, your organization can help Apple by evaluating new features and by testing with your IT infrastructure, network, and selected users to make sure you’re ready to support employees and staff when the feature is moved out of beta. For more information, see the following:
Apple School Manager User Guide: Participate in beta features in Apple School Manager
Apple Business Manager User Guide: Participate in beta features in Apple Business Manager
Apple Business Essentials
Apple Business Essentials is a complete device management solution that allows you to remotely configure, deploy, and manage Apple devices. Whether your devices are owned by your organization or by your employees, Apple Business Essentials has you covered, and you can get your whole fleet of devices managed. Seamlessly deliver apps and settings—like Keynote, Wi-Fi, VPN, password policies, and manage security functionality like FileVault. Use Collections to protect company data and hardware in case of loss or theft of employee devices. Apple Business Essentials is designed for organizations with under 500 employees. For more information, see the Apple Business Essentials User Guide. To take tutorials about using Apple Business Essentials, see Learn How to Use Apple Business Essentials.