There are a lot of moving parts when it comes to Apple support and services. Take some time to familiarize yourself with these terms to better understand core Apple concepts, sites, and services.
Addigy
Addigy is an MDM (Mobile Device Management) platform and Ntiva's MDM of choice for Apple devices. Enrolling your devices with Addigy empowers our support team to learn about your Apple devices, facilitate remote screen-sharing appointments with the support desk, and configure powerful automation to manage your settings and deploy apps. To enroll in MDM, you first need an Apple Business Manager (ABM) account and an Apple Push Notification service (APNs) certificate.
Addigy Identity
An optional technology when building out a "zero-touch" experience for device unboxing. Addigy Identity allows you to use your organization's email accounts to log into your Macs, using your IdP passwords as local passwords. This can be very helpful for organizations who want to lower the number of different passwords your users need to track, but can be inappropriate if your email passwords tend to be extremely long, complex, and difficult to type. To learn more about Addigy Identity, click here.
Apple Accounts
Apple Accounts (previously Apple IDs) are free accounts anyone can set up with Apple to gain access to iCloud, the App Store, iTunes Store, and more. Apple Accounts can either be owned by a person (Personal Apple Accounts, PAA) or an organization (Managed Apple Accounts, MAA). For a deeper dive into Apple Accounts, click here.
Apple Business Manager (ABM)
ABM is a website and service offered by Apple that allows organizations to register with Apple as entities. ABM is almost functionally identical to Apple School Manager (ASM), though there are some unique features in ASM specifically for supporting education environments. Upon registration, you can leverage many Apple services:
-
Apps & Books
An ABM account is necessary if you want to deploy Apps from the App Store to your managed iPhones, iPads, and Macs
-
Automated Device Enrollment
ABM is one of the core components needed to support Automated Device Enrollment. This workflow involves Apple acknowledging your organization as the owner of a device and allows that device to automatically enroll in support during unboxing.
-
Managed Apple Accounts
Does your team use Keynote collaboration or need to sign into Apple Accounts on their devices? Once you have an ABM account, you can begin creating Apple Accounts explicitly owned and controlled by your organization. These accounts have some differences from Personal Apple Accounts, you can learn about them here.
-
Domain Verification
Upon setting up your ABM account, you can begin verifying your business domains. This will allow you to create Managed Apple Accounts using your organization's domain.
-
Domain Capture & Federation
Once your domains are verified, you can set up federated authentication, allowing your users to sign into their Managed Apple Accounts using their organization email (Identity Provider) credentials. This process automatically triggers a process called Domain Capture, where Apple sends emails to anyone who has a Personal Apple Account using an organization email address. The user will be required to change their login email address to something not owned by your organization. Once this process is complete, you can be assured that any Apple Account using your organization's domain is legitimately managed by you.
Apple Configurator
Apple Configurator is an app for adding existing devices to your Apple Business Manager account. We recommend using Apple Configurator for iPhone for better results and an easier user experience. Apple Configurator for Mac is much more complex and shines when you have a large number of devices to add to ABM. The Mac app can also be helpful in certain troubleshooting scenarios, including reviving or restoring an unresponsive Apple silicon Mac. Adding a device to ABM in this fashion involves erasing it.
Apple eCommerce storefront (eCommerce)
When it's time for you to purchase new Apple devices, the preferred way to do it is through your own custom Apple eCommerce storefront. Ntiva can help you get this free storefront created and connected to your Apple Business Manager account. Once configured, any purchases you make from here will be considered institutionally-owned, rather than personally owned by whomever ran their credit card through the system. These devices can also benefit from Automated Device Enrollment, ensuring your new devices enroll in support during unboxing.
Apple Push Notification service (APNs) Certificate
APNs certificates are the keystones of supporting Apple technology. An APNs certificate is created by a Managed Apple Account and applied to your Addigy infrastructure. This certificate, unique to your organization, allows Addigy, Apple's servers, and your devices to communicate. These certificates must be renewed annually and are offered to organizations leveraging Apple technology at no cost.
Automated Device Enrollment (ADE)
The central pillar of "zero-touch" configuration. Automated Device Enrollment is the workflow through which an Apple device is purchased from an organization's custom Apple eCommerce Storefront (or Authorized Apple Reseller), linked to that organization's Apple Business Manager account, and then assigned to auto-enroll in your Addigy policy for support. This both marks devices as institutionally-owned ("Supervised", for iPhones and iPads) and foregoes the need to manually enroll the device with Addigy after unboxing.
Desired Device State
When thinking about your Apple devices, your desired device state is the the way you'd like all of them to look. What apps are automatically installed? How are automatic patching and updates handled? What settings need to be in place for compliance, security, or regulatory reasons? Our goal at Ntiva is to leverage Addigy, our MDM platform of choice, to automate as much of this as possible to ensure your Macs, iPads, and iPhones are as close to this state as possible 24/7.
MacManage
Addigy's self-service app for Mac and is named MacManage. You can use this application to install approved applications or run curated scripts on your device, even without administrator credentials. MacManage is installed by default on all Addigy-enrolled Macs. A list of MacManage scripts can be found here.
Mobile Device Management (MDM)
The MDM (and the relatively new Declarative Device Management, DDM) frameworks are the underlying tools that make managing Apple devices possible. When you enroll an Apple device with Addigy for support, it all begins with an MDM Enrollment Profile that establishes the connection between the device and Addigy via Apple. Many non-Apple-specific support solutions lack MDM functionality, which curtails their ability to offer a robust support experience for your Apple devices.
MDM Profiles
Also called "Configuration Profiles", MDM Profiles contain rules that define settings on an Apple Device. These profiles can control many different settings, from wifi passwords and password policies to enabling OneDrive folder sync.
Vision-Bot
Vision-Bot is our custom device portal that allows you to view helpful information about your managed Apple devices. It is designed to give you up-to-date information about your Macs, iPhones, and iPads, and can be used to generate app and device reports. Check out the Vision-Bot user guide here and contact your Account Manager for more details.
Zero-touch Enrollment
The concept of "Zero-touch Enrollment" is to be able to deliver new Macs to users without IT or other administrators needing to interact with a device at all. There are a few key pieces to how Zero-touch Enrollment is achieved in the Apple ecosystem:
- Automated Device Enrollment - your new device must be purchased via your custom eCommerce storefront (or linked Authorized Apple Reseller) so it will be automatically registered with your Apple Business Manager account, and then automatically enrolled in Addigy during unboxing.
- Addigy Identity (Optional) - rather than having your user create a local user account, they can be taken to an organization email login page. Upon logging in with their company email address, a new user account will be created for them with their username and password.
- Desired Device State - Upon enrolling with Addigy (our MDM of choice), any automation configured for your fleet will be applied. This can include the automatic installation of apps and applying managed settings. The more of your desired device state that can be applied by Addigy, the faster your users can get to work.
Cover Photo by Jessy Smith on Unsplash
Comments
0 comments
Article is closed for comments.