e-dokumen.id

Deployment StepsMail, contacts, and calendarsIf you use Microsoft Exchange, verify that the ActiveSync service is up to dateand configured to support all users on the network. If you’re using the cloudbased Office 365, ensure that you have sufficient licenses to support theanticipated number of iOS and iPadOS devices that will be connected. iOS andiPadOS also support Office 365 modern authentication leveraging OAuth 2.0and multi-factor authentication. If you don’t use Exchange, iOS and iPadOS workwith standards-based servers, including IMAP, POP, SMTP, CalDAV, CardDAV,and LDAP.Content CachingAn integrated feature of macOS High Sierra or later, Content Caching storesa local copy of frequently requested content from Apple servers, helping tominimize the amount of bandwidth needed to download content on yournetwork. Content Caching speeds up the download and delivery of softwarethrough the App Store, the Mac App Store, and Apple Books.It can also cache software updates for faster downloading to iOS and iPadOSdevices. Content Caching includes the tethered caching service, which allowsa Mac to share its internet connection with many iOS and iPadOS devicesconnected via USB.Learn more about Content ce-macosLearn more about tethered caching:support.apple.com/HT207523Select an MDM solutionThe Apple management framework for iOS and iPadOS gives organizationsthe ability to securely enroll devices in the corporate environment, wirelesslyconfigure and update settings, monitor policy compliance, deploy apps, andremotely wipe or lock managed devices. These management features areenabled by third-party MDM solutions.A variety of third-party MDM solutions are available to support different serverplatforms. Each solution offers different management consoles, features,and pricing. Before choosing a solution, review the resources listed below toevaluate which management features are most relevant to your organization.In addition to third-party MDM solutions, a solution from Apple is availablecalled Profile Manager, a feature of macOS Server.Learn more about managing device and corporate data:apple.com/business/docs/resources/Managing Devices and Corporate Data on iOS.pdfiOS and iPadOS DeploymentDecember 20197"

Deployment StepsEnroll in Apple Business ManagerApple Business Manager is a web-based portal for IT administrators to deployiPhone, iPad, iPod touch, Apple TV, and Mac all from one place. Workingseamlessly with your mobile device management (MDM) solution, AppleBusiness Manager makes it easy to automate device deployment, purchaseapps and distribute content, and create Managed Apple IDs for employees.The Device Enrollment Program (DEP) and the Volume Purchase Program(VPP) are now completely integrated into Apple Business Manager, soorganizations can bring together everything needed to deploy Apple devices.These programs will no longer be available starting December 1, 2019.DevicesApple Business Manager enables automated device enrollment, givingorganizations a fast, streamlined way to deploy corporate-owned Apple devicesand enroll in MDM without having to physically touch or prepare each device. Simplify the setup process for users by streamlining steps in Setup Assistant,ensuring that employees receive the right configurations immediately uponactivation. IT teams can now further customize this experience by providingconsent text, corporate branding or modern authentication to employees. Enable a higher level of control for corporate-owned devices by usingsupervision, which provides additional device management controls that arenot available for other deployment models, including non-removable MDM. More easily manage default MDM servers by setting a default server that’sbased on device type. And you can now manually enroll iPhone, iPad, andApple TV using Apple Configurator 2, regardless of how you acquired them.ContentApple Business Manager enables organizations to easily buy content in volume.Whether your workforce uses iPhone, iPad, or Mac, you can provide greatcontent that’s ready for work with flexible and secure distribution options. Purchase apps, and custom apps in bulk, including apps you developinternally. Easily transfer app licenses between locations and share licensesbetween purchasers within the same location. And see a unified listing ofpurchase history, including the current number of licenses in use with MDM. Distribute apps directly to managed devices or authorized users, and easilykeep track of what content has been assigned to which user or device. Withmanaged distribution, control the entire distribution process, while retainingfull ownership of apps. Apps that aren’t needed by a device or user can berevoked and reassigned within the organization. Pay using multiple payment options, including credit cards and purchaseorders. Organizations can buy Volume Credit (where available) from Apple orfrom an Apple Authorized Reseller in specified amounts of local currency,which is delivered electronically to the account holder as store credit.iOS and iPadOS DeploymentDecember 20198"

Deployment Steps Distribute an app to devices or users in any country where the app is available,enabling multinational distribution. Developers can make their apps availablein multiple countries through the standard App Store publishing process.Note: Book purchases in Apple Business Manager are not available in certaincountries or regions. To learn which features and purchasing methods areavailable where, visit support.apple.com/HT207305.PeopleApple Business Manager provides organizations with the ability to create andmanage accounts for employees that integrate with existing infrastructure andprovide access to Apple apps and services as well as Apple Business Manager. Create Managed Apple IDs for employees to collaborate with Apple apps andservices, as well as access work data in managed apps that use iCloud Drive.These accounts are owned and controlled by each organization. Leverage federated authentication by connecting Apple Business Managerwith Microsoft Azure Active Directory. Managed Apple IDs will be createdautomatically as each employee signs in for the first time with their existingcredentials on a compatible Apple device. Use Managed Apple IDs on an employee-owned device alongside a personalApple ID with the new User Enrollment features in iOS 13, iPadOS, and macOSCatalina. Alternatively, Managed Apple IDs can be used on any device as theprimary (and only) Apple ID. Managed Apple IDs can also access iCloud on theweb after signing in to an Apple device for the first time. Designate other roles for IT teams in your organization to effectively managedevices, apps and accounts within Apple Business Manager. Use theAdministrator role to accept terms and conditions if needed and easily transferresponsibility if someone leaves the organization.Note: iCloud Drive is not currently supported with User Enrollment. iCloud Drivecan be used with a Managed Apple ID when it is the device’s only Apple ID.Learn more about the Apple Business Manager: www.apple.com/business/itEnroll in the Apple Developer Enterprise ProgramThe Apple Developer Enterprise Program offers a complete set of tools fordeveloping, testing, and distributing apps to users. You can distribute appseither by hosting them on a web server or with an MDM solution. Mac apps andinstallers can be signed and notarized with your Developer ID for Gatekeeper,which helps protect macOS from malware.Learn more about the Developer Enterprise Program:developer.apple.com/programs/enterpriseiOS and iPadOS DeploymentDecember 20199"

Deployment Steps2. Set upIn this step, configure your devices and distribute your content by leveragingApple Business Manager, an MDM solution, or optionally, Apple Configurator 2.There are several ways to approach your setup, depending on who owns thedevices and your preferred type of deployment.Configure your devicesMultiple options are available for configuring user access to corporate services.IT can set up devices by distributing configuration profiles. Additionalconfiguration options are available for supervised devices.Configuring devices with MDMOnce your devices are securely enrolled into an MDM server, management isenabled using configuration profiles—an XML file containing configurationinformation to an iOS and iPadOS device. These profiles automate theconfiguration of settings, accounts, restrictions, and credentials. They can bedelivered from your MDM solution over-the-air, which is ideal for low-touchconfiguration of multiple devices. Profiles can also be sent as an emailattachment, downloaded from a web page, or installed on devices throughApple Configurator 2. Organization-owned devices. Use Apple Business Manager to enableautomatic MDM enrollment of your users’ devices upon activation. All iOSand iPadOS devices added to Apple Business Manager are always supervisedwith mandatory MDM enrollment. User-owned devices. Employees can decide whether or not to enroll theirdevices in MDM. And to disassociate from MDM at any time, they simplyremove the configuration profile from their device, which also removescorporate data and settings. But you should consider incentives for usersto remain managed. For example, you might require users to enroll in MDMto get Wi-Fi network access—using your MDM solution to automaticallyprovide the wireless credentials.Once a device is enrolled, an administrator can initiate an MDM policy, option,or command; the management actions available for a device will vary dependingon the supervision and enrollment method. The iOS or iPadOS device thenreceives notification of the administrator’s action via the Apple Push Notificationservice (APNs), so it can communicate directly with its MDM server over asecure connection. With a network connection, devices can receive APNscommands anywhere in the world. However, no confidential or proprietaryinformation is transmitted via APNs.Configuring devices with Apple Configurator 2 (optional)For local initial deployments of multiple devices, organizations can use AppleConfigurator 2. This free macOS app allows you to connect iOS and iPadOSdevices to a Mac computer over USB and update them to the latest versions ofiOS and iPadOS, configure device settings and restrictions, and install apps andother content. After initial setup, you can continue to manage everything overthe air using MDM.iOS and iPadOS DeploymentDecember 201910"

Deployment StepsThe Apple Configurator 2 user interface focuses on your devices and thediscrete tasks you want to perform on them. The app integrates with AppleBusiness Manager, enabling devices to automatically enroll in MDM usingyour organization’s settings. Custom workflows can be created within AppleConfigurator 2 using Blueprints to combine discrete tasks.Learn more about Apple Configurator 2:support.apple.com/apple-configuratorSupervised devicesSupervision provides additional management capabilities for iOS and iPadOSdevices owned by your organization, allowing restrictions such as disablingAirDrop or placing the device in Single App Mode. It also provides the ability toenable a web filter via a global proxy for things such as ensuring that users’ webtraffic stays within the organization’s guidelines, preventing users from resettingtheir devices to factory defaults, and many more. By default, all iOS and iPadOSdevices are nonsupervised. You can use Apple Business Manager to enablesupervision, or you can manually enable supervision using Apple Configurator 2.Even if you don’t plan to use any supervised-only features now, considersupervising your devices when you set them up, so you can take advantageof supervised-only features in the future. Otherwise, you’ll need to wipe devicesthat have been deployed. Supervision isn’t about locking down a device; rather,it enhances company-owned devices by extending management capabilities.In the long run, supervision provides even more options for your enterprise.Learn more about restrictions for supervised devices:support.apple.com/guide/mdmiOS and iPadOS DeploymentDecember 201911"

Deployment StepsDistribute appsApple offers extensive programs to help your organization take advantageof the great apps and content available for iOS and iPadOS. With thesecapabilities, you can distribute apps purchased through Apple BusinessManager or apps you’ve developed in-house to devices and users, so your usershave everything they need to be productive. At the time of purchase, you’ll needto determine your distribution method: managed distribution or redemptioncodes.Managed distributionWith managed distribution, use your MDM solution or Apple Configurator 2 tomanage apps purchased from the Apple Business Manager store in any countrywhere the app is available. To enable managed distribution, you must first linkyour MDM solution to your Apple Business Manager account using a securetoken. Once you’re connected to your MDM server, you can assignApple Business Manager apps, even if the App Store on the device is disabled. Assign apps to devices. Using your MDM solution or Apple Configurator 2,assign apps directly to devices. This method saves several steps in the initialrollout, making your deployment significantly easier and faster, while givingyou full control over managed devices and content. After an app is assignedto a device, the app is pushed to that device via MDM and no user invitationis required. Anyone using that device has access to the app. Assign apps to users. An alternative method is to use your MDM solution toinvite users to download apps through an email or a push notificationmessage. To accept the invitation, users sign in on their devices with apersonal Apple ID. The Apple ID is registered with the Apple Business Managerservice, but remains completely private and not visible to the administrator.Once users agree to the invitation, they’re connected to your MDM server sothey can start receiving assigned apps. Apps are automatically available fordownload on all of a user’s devices, with no additional effort or cost to you.When apps you’ve assigned are no longer needed by a device or a user,they can be revoked and reassigned to different devices and users, so yourorganization retains full ownership and control of purchased apps.Redemption codesYou can also distribute content using redemption codes. This is helpful whenyour organization can’t use MDM on the end user’s device; for example, ina franchise business scenario. This method permanently transfers an app to theuser who redeems the code. Redemption codes are delivered in a spreadsheetformat. A unique code is provided for each app in the quantity purchased. Eachtime a code is redeemed, the spreadsheet is updated in the Apple BusinessManager store, allowing you to view the number of redeemed codes at any time.Distribute the codes using MDM, Apple Configurator 2, email, or an internalwebsite.iOS and iPadOS DeploymentDecember 2019"12

Deployment StepsInstalling apps and content with Apple Configurator 2 (optional)In addition to basic setup and configuration, Apple Configurator 2 can be usedto install apps and content for devices you want to set up on behalf of the user.For personally enabled deployments, you can preinstall apps, saving time andnetwork bandwidth. And for nonpersonalized deployments, you can fully setup your devices all the way to the Home screen. When you configure deviceswith Apple Configurator 2, you can install App Store apps, in-house apps, anddocuments. App Store apps require Apple Business Manager. Documents areavailable for apps that support file sharing. To review or retrieve documents fromiOS and iPadOS devices, connect them to a Mac running Apple Configurator 2.3. DeployiPhone and iPad make it simple for employees to start using their devices rightout of the box, without requiring help from IT.Distribute your devicesOnce devices have been prepared and set up in the first two steps, they’reready for distribution. For personally enabled deployments, give devices to userswho can use the streamlined Setup Assistant for further personalization and tofinalize setup. For nonpersonalized deployments, distribute devices to your shiftemployees or place devices in kiosks designed to charge and secure the devices.Setup AssistantOut of the box, users can activate their devices, configure basic settings,and start working right away with Setup Assistant. After initial setup, users canalso customize their personal preferences, such as language, location, Siri,iCloud, and Find My iPhone. Devices that are enrolled in Apple BusinessManager are automatically enrolled in MDM right within the Setup Assistant.Allow users to personalizeFor personally enabled and BYOD deployments, allowing users to personalizetheir devices with their own Apple IDs increases productivity because userschoose which apps and content will allow them to best accomplish their tasksand goals.Apple ID and Managed Apple IDWhen employees use an Apple ID to sign in to Apple services such as FaceTime,iMessage, the App Store, and iCloud, they have access to a wide range ofcontent for streamlining business tasks, increasing productivity, and supportingcollaboration.iOS and iPadOS DeploymentDecember 201913"

Deployment StepsLike any Apple ID, Managed Apple IDs are used to sign in to a personal device.They’re also used to access Apple services—including iCloud and collaborationwith iWork and Notes—and Apple Business Manager. Unlike Apple IDs,Managed Apple IDs are owned and managed by your organization for thingslike password resets and role-based administration. Managed Apple IDs havecertain restricted settings.Devices that are enrolled via User Enrollment require a Managed Apple ID. UserEnrollment supports an optional personal Apple ID; other enrollment optionssupport either a personal Apple ID or a Managed Apple ID. Only User Enrollmentsupports multiple Apple IDs.To get the most out of these services, users should use their own Apple IDs orManaged Apple IDs that are created for them. Users who don’t have an Apple IDcan create one even before they receive a device. Setup Assistant also enablesusers to create a personal Apple ID if they don’t have one. Users don’t need acredit card to create an Apple ID.Learn about Managed Apple iCloudWith iCloud users can automatically sync documents and personal content—such as contacts, calendars, documents, and photos—and keep them up to dateamong multiple devices. Find My lets users locate a lost or stolen Mac, iPhone,iPad, or iPod touch. Specific parts of iCloud—such as iCloud Keychain andiCloud Drive—can be disabled through restrictions entered manually on thedevice or set via MDM. This gives organizations more control over what data isstored on which account.Learn more about managing e-iosiOS and iPadOS DeploymentDecember 201914"

Deployment Steps4. ManageOnce your users are up and running, a wide range of administrative capabilitiesare available for managing and maintaining your

based Office 365, ensure that you have sufficient licenses to support the anticipated number of iOS and iPadOS devices that will be connected. iOS and iPadOS also support Office 365 modern authentication leveraging OAuth 2.0 and multi-factor authentication. If you don't use Exchange, iOS and iPadOS work