IPhone app install- automation

apnsautomationiphonemobile-device-management

I am trying to automate the installing procedure of iPhone apps (i.e) installing apps for around 5000 phones. For this I am planning to deploy an MDM server in Windows Server 2008 containing Active Directory. Once the successful registration of handsets is established the complete control of iPhone can be taken by the admin. I have following doubts:

1) My main objective is to push the apps that are available in the app store, hence Apple Push Notification Certificate will be sufficient to set up my MDM server and install apps?

2) Once the user registers his iOS device will I be able to install/uninstall applications into the device?

3) Can I implement payload mechanisms like AppLock Payload by just having Apple Push Notification Certificate?

Best Answer

What you want to do sounds possible with the steps you describe, except for 3). You haven't said which MDM server you plan on using but I'll assume it's one that implements the concept of Managed Apps.

Once your device(s) are enrolled with the MDM server, it can automatically push down whatever apps you wish to the device (either in-house/corporate or App Store). Those apps are considered Managed and you will have some control over them, including the ability to remove them remotely.

In specific answer to your questions:

  1. Yes, once you have set up an MDM server and configured the APNS certificate (from https://identity.apple.com/pushcert/) you can enrol and manage devices through it.
  2. Yes, once the device is enrolled you can push apps to it. The mechanism for this differs a little depending on which MDM server you use. Most will allow for auto-push during enrolment or a push notification prompt asking the user to install from the MDM server's App Store.
  3. In order to use AppLock, the device must be Supervised. To enable Supervised mode on an iOS device, it must either be configured physically via a Mac + Apple Configurator or be a device purchased through DEP (Device Enrolment Program). Devices can be Supervised through an MDM server (so over-the-air) but they must be purchased as a DEP device through an authorised reseller in a supported country. Devices that are purchased outside the DEP program cannot currently be converted to DEP / Supervised at a later date.
Related Question