Apple Configurator security
Apple Configurator for Mac features a flexible, secure, device-centric design that lets an administrator quickly and easily configure one or dozens of iOS, iPadOS and tvOS devices connected to a Mac through USB (or tvOS devices paired through Bonjour) before giving them to users. With Apple Configurator for Mac, an administrator can update software, install apps and configuration profiles, rename and change wallpaper on devices, export device information and documents, and much more.
Apple Configurator for Mac can also revive or restore Mac computers with Apple silicon and those with the Apple T2 Security Chip. When a Mac is revived or restored in this manner, the file containing the latest minor updates to the operating systems (macOS, recoveryOS for Apple silicon or sepOS for T2) is securely downloaded from Apple servers and installed directly on the Mac. After a successful revive or restore, the file is deleted from the Mac running Apple Configurator. At no time can the user inspect or use this file outside of Apple Configurator.
Administrators can also choose to add devices to Apple School Manager, Apple Business Manager or Apple Business Essentials using Apple Configurator for Mac or Apple Configurator for iPhone, even if the devices weren’t purchased directly from Apple, an Apple Authorised Reseller or an authorised mobile service provider. When the administrator sets up a device that has been manually enrolled, it behaves like any other device in one of those services, with mandatory supervision and mobile device management (MDM) enrolment. For devices that weren’t purchased directly, the user has a 30-day provisional period to release the device from one of those services, supervision and MDM.
Organisations can also use Apple Configurator for Mac to activate iOS, iPadOS and tvOS devices that have absolutely no internet connection by connecting them to a host Mac with an internet connection while the devices are being set up. Administrators can restore, activate and prepare devices with their necessary configuration including apps, profiles and documents without ever needing to connect to either Wi-Fi or mobile networks. This feature doesn’t allow an administrator to bypass any existing Activation Lock requirements normally required during non-tethered activation.