MDM Flashcards
What must you do to an Apple device before it can be managed?
Before a device can be managed, it must be enrolled into an MDM solution with an enrollment profile.
An enrollment profile contains identity certificates and information to associate a device with an MDM solution.
The profile can be either installed automatically via ADE, or by a user signing in to a Managed Apple Account on their organization-owned or personal device.
Reference:
https://it-training.apple.com/tutorials/support/sup530/
True or false: You cannot use Profiles without an MDM solution.
False.
You can create and use profiles to share and apply settings without an MDM solution, but they won’t be automatically installed and applied to devices.
The presence of a profile doesn’t necessarily mean an MDM solution manages the device.
How do you determine if a device is being managed via MDM?
Check if there’s an installed MDM profile on the device.
On an organization owned iOS device:
Settings > General > VPN & Device Management.
On a user-owned device:
Same as before, but there will be a “MANAGED ACCOUNT” section that appears, under which you can tap the Managed account, then select “Profiles & Device Management”
On a Mac
System Settings > General > Device Management
TIP:
You can also find profiles in the system report on your Mac. Press and hold the Option key, then choose Apple menu > System Information to open the system report. In the sidebar, scroll to Software and click Profiles or Managed Profiles
References
https://it-training.apple.com/tutorials/support/sup530/
What are the two different sub-types of Device Enrollment methods?
- Account-driven Device Enrollment (Users sign in with their Managed Apple Account in Settings or System Settings.)
- Profile-based Device Enrollment (Users get an enrollment profile they must install on their device.)
References:
https://support.apple.com/guide/deployment/device-enrollment-and-mdm-depd1c27dfe6/web
https://support.apple.com/guide/deployment/enrollment-methods-for-apple-devices-dep08f54fcf6/web
What aspect of a Profile provides specific settings and authorization information for Apple devices.
The Payload
There can be multiple payloads per configuration profile. Depending on the needs of the organization, there can be multiple configuration profiles with one or more payloads
What are the three methods of device enrollment into an MDM solution?
- Automated Device Enrollment (ADE/DEP)
- Device based enrollment
- User based enrollment
Note that “Device” enrollment has two sub-types of enrollment, Account driven and Profile driven
References:
https://support.apple.com/guide/deployment/enrollment-methods-for-apple-devices-dep08f54fcf6/web
How do you view the details of a specific configuration profile Payload on macOS?
Go to System Settings > General > Device Management, then double-click on the Profile you want to inspect
True or False: Users can remove configuration profiles for unsupervised iPhone and iPad devices even if the option is set to “never.
True.
Standard users on Mac can also remove configuration profiles if they know an administrator’s user name and password.
There are instances in which a user may remove a configuration profile from their device. For example, a user may leave the organization and want to unenroll their personal device from MDM. Or the organization migrates to another MDM solution, and the user’s device needs to enroll in the new MDM solution.
References
https://it-training.apple.com/tutorials/support/sup530/
True or false: A device must be Supervised in order to customize its Setup Assistant options
True.
devices must meet the following requirements to configure Setup Assistant options:
- Supervised
- Enrolled in an MDM solution
- Assigned in Apple Business Manager or Apple School Manager
References:
https://it-training.apple.com/tutorials/support/sup530/
