Manage Apple devices
Introduction
The operating systems iOS, macOS and tvOS were developed exclusively for Apple devices. Relution provides a set of features to configure and control Apple devices. Here, one can learn more about how to get started managing Apple devices.
Certificates
Before starting enrolling the Apple devices, one needs to make sure that the Apple Push Notification Service (APNS) certificate is configured on the server. If there is a new server installed, Relution will already have certificates stored to use.
Enrollment
To be able to manage an Apple device, it must be enrolled in Relution. To do this, a so-called MDM profile is installed on the device. Three different types of enrollment are available for Apple devices.
iOS enrollments →
macOS enrollments →
tvOS-enrollments →
Supervised Mode
Supervised Mode allows to distinguish Apple devices owned by the employer from personal devices. We recommend putting the devices into Supervised Mode for unrestricted management and use of all MDM features. This allows restrictions to disable many features not needed for use in a school or work environment. To learn more about putting the Apple device in this mode, one has to click on the link below.
DEP devices are always supervised. Add devices to DEP using Apple Configurator →
Relution Agent
Relution Agent is always automatically installed on Apple devices during enrollment. It is not necessary for device manageability, but provides a variety of additional useful features for users.
It is recommended to have a sufficient number of device-based VPP licenses for the app available, in this case the installation can run without any user interaction. Otherwise users need to login in with their Apple accounts in the App Store, so no VPP licenses are required for app installation.
Separate business and personal data
Managed Apps Apps that are deployed to your Apple devices through Relution are called managed apps. One can retain control over these apps and can remove them and their associated data as needed. For iOS and macOS devices, one can configure managed apps through the Managed App policy configuration.
Managed Accounts For iOS and macOS devices, Relution lets set up email and other accounts and manage them independently of personal accounts. With Relution, the following accounts can be configured:
- Exchange
- CardDAV
- CalDAV
- Subscribed calendars
- Google Accounts (iOS devices only).
Data separation takes place within the operating system for Apple.
Manage apps
The apps which are wanted to be used on the Apple devices, should be selected and the apps that are not relevant should be blocked or removed. A large number of Apple devices can be managed, distributed and removed efficiently on a large number of Apple devices at the same time.
App Licenses
Every app that is installed on Apple devices through the Public App Store must be licensed. It does not matter if the app is free or not. The license can be obtained either via the user currently logged in via Apple ID or, if working without Apple IDs, via the Apple Volume Purchase Program (VPP). For VPP, access to an Apple School/Business Manager is required. For native apps, this is not necessary.
One can install the apps on Apple devices without users manually initiating the installation, as long as the Apple devices are monitored, i.e. in supervised mode.
App installation without user input →
VPP (Volume Purchase Program) apps can be installed on Apple devices that are supervised without user input. Learn more about VPP:
VPP setup in Relution →
Roll out VPP apps →
Block or positive list for iOS and tvOS
The block or positive list feature in Relution allows administrators to block certain apps on iPhones, iPads, and Apple TVs and allow installation of important apps. This feature prevents the installation of unwanted apps and hides installed apps that are already on devices from users if necessary. Click on the link below to learn more about blocking or allowlisting apps.
App compliance for iOS →
App compliance for tvOS →
Single App Mode for iOS
Single App Mode can be enabled on iPhones and iPads, restricting devices to a single app and blocking all others. It should be noted that the devices must be monitored (supervised) to enable single app mode.
Web link
The webclip looks like an app icon that links to a website when clicked. Just a label and an URL have to be specified.
Add weblinks via policy →
Add web links and place via homescreen layout for iOS →
Protect MDM profile from deletion
Prevent removal of MDM profile from device settings by enrolling devices through Apple Device Enrollment Program (DEP).
DEP Profile →
Auto enrollment →
Network configuration and security
Ensure maximum security the your network by setting up appropriate configurations. With Relution, WiFi settings can be configured for all Apple operating systems. In addition, VPN (Virtual Private Network) and per-app VPN settings can be configured for iOS and macOS devices. Cellular (Access Point Network) settings can be configured for iOS devices.
Restrictions
The policy configuration of restrictions limits Apple devices in functionality. It is important to note the type of enrollment, as many restrictions only take effect on supervised devices (supervised).
System updates
One can update Apple devices to the latest operating system version if the devices are supervised.
Administrators can also defer updates for supervised devices for up to 90 days. During this period, users will not be prompted to update devices to the latest OS version. This allows organizations to check for errors/problems or to check the compatibility of deployed applications with the latest OS versions.
Content filtering
The web content filtering feature can be used to prevent access to specific web pages in your organization.
Homescreen Layout for iOS
The apps can be arranged on the homescreen of the iPhone or iPad as well as in the Dock, and be placed in folders that can be created manually or automatically.