Search code examples
iosmdmios-enterprisedevice-management

MDM and MAM capabilities on iOS


How does MDM and MAM capabilities work on iOS. Do we need a third party client running on iOS devices to receive MDM/MAM commands from the https server. How does the enrollment happen and I am sure that iOS depends on push notifications to receive commands, so I am assuming that third party MDM client should be available on the device in spite iOS having inbuilt MDM agent running all the times. What's the difference between MDM/MAM for iOS.


Solution

  • MDM is device-level configuration for device control and security. MAM is the same thing but at the app level. The commonality is that each configuration element is delivered through a configuration payload defined by Apple. Check out https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html.

    The best way to understand this ecosystem is just know what has to be done and the role each party plays:

    1. Apple provides an MDM/MAM interface in the form of configuration file format and code interfaces (Obj-C/Swift) to vendors (AirWatch, MobileIron,..). Features that you hear announced at WWDC each year are added to this list.
    2. The vendor implements tooling to provide enterprises that enable the corresponding features (e.g. a MDM console for basic config params, an SDK to code against,..)
    3. Apple provides the underlying runtime implementation of the feature (e.g. present only MDM-compliant options for setting lock timeout, providing the code hooks for enterprise single sign,...)

    Yes you're going to have the devices go through the enrollment process. For AirWatch there is an agent app that they run through to enroll.