Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Update apple-device-enrollment-program.md (#41393)

Browse source 
Co-authored-by: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Co-authored-by: Ashish Kuthiala <53918208+akuthiala@users.noreply.github.com>
This commit is contained in:
Brock Walters 2026-03-10 17:19:35 -04:00 committed by GitHub
parent 07a40b2662
commit ec40ac3b46
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
articles/apple-device-enrollment-program.md
View file

@ -64,12 +64,12 @@ ADE automatically supervises devices during enrollment, unlocking security restr
This supervised mode provides security features that work together to prevent unauthorized access and data loss:
* Automatic device supervision for advanced management controls
* Mandatory MDM enrollment that users cannot bypass or remove
* Mandatory MDM enrollment that users cannot remove
* Activation Lock bypass codes for organizational device recovery
* Factory reset protection that maintains management through re-enrollment
* Device identity certificates for secure MDM authentication
Activation Lock and certificate management need additional planning during deployment. Activation Lock ties devices to user Apple IDs to prevent theft but creates complications when employees leave without disabling Find My. Through ABM, ADE provides organizational bypass codes that let MDM administrators clear device activation without needing the original user's Apple ID credentials.
Activation Lock and certificate management need additional planning during deployment. Activation Lock ties devices to user Apple IDs to prevent theft but creates complications when employees leave without disabling Find My. Through ABM, ADE provides bypass codes that let MDM administrators clear device activation without needing the original user's Apple ID credentials.
Certificate management requires ongoing attention because the Apple Push Notification certificate expires annually. Organizations must use the same Apple ID for renewal that was used during initial certificate creation. When certificates expire, devices and management servers lose the ability to authenticate with each other until someone completes the renewal process.
@ -79,7 +79,7 @@ ADE is an enrollment mechanism configured through ABM, not a complete management
When evaluating MDM vendors for ADE compatibility, you need to verify several technical requirements. Check that the platform supports Apple Push Notification certificate management with annual renewal processes, offers Setup Assistant customization options that let you control the enrollment experience, and can handle multiple MDM servers if your organization needs different management systems for different regions or business units.
Another important consideration for the long term is vendor flexibility. Changing MDM vendors after deploying ADE requires wiping enrolled devices completely and re-enrolling them with the new platform. This disruption is significant enough that you should plan any MDM migrations to coincide with natural device refresh cycles rather than forcing users through unnecessary resets.
When migrating from one management service to another, if your devices are on older versions of Apple operating systems they may need to be completely erased to re-enroll. If possible, admins should ensure all devices are on the latest Apple OS version. [Managed Device Migration](https://support.apple.com/guide/deployment/migrate-managed-devices-dep4acb2aa44/web) announced at [WWDC 2025](https://fleetdm.com/announcements/mdm-just-got-better) allows computers and mobile devices to be migrated without erasing simply by moving device records from one virtual MDM server to another in Apple Business manager. Limited tests of migration behavior on test devices before comitting to your entire fleet will determine if OS updates are needed.
Cross-platform capabilities also matter if you manage more than just Apple devices. Organizations with mixed device environments benefit from MDM platforms that handle Mac, Windows, and [Linux](https://fleetdm.com/guides/how-to-install-osquery-and-enroll-linux-devices-into-fleet) from a single console rather than juggling separate management tools. [Fleet](http://fleetdm.com) supports ADE enrollment for Mac, iPhone, and iPad devices while also managing Windows and Linux endpoints. Its open-source model provides complete code transparency so you can verify exactly how devices are managed, and self-hosting options let you maintain full control over where device data lives.