Apple Deployment and Management User Guide

Apple-Deployment-and-Management-featured

Apple-logo

Apple Deployment and Management

Apple-Deployment-and-Management-featured

About the Exam

The Apple Deployment and Management exam tests your understanding of the tools, services, and best practices you need to deploy, secure, and manage Apple devices at scale in large organizations.

When you pass the exam, you earn the Apple Certified IT Professional digital badge. For more information, visit Apple Training. This exam is based on iOS 17, iPadOS 17, and macOS Sonoma.

Preparing for the Exam

The exam covers the learning objectives listed in this guide, not only the topics in the Apple Deployment and Management course. To pass the exam, you must study multiple Apple resources and gain direct experience deploying and managing Apple devices.

Depending on your background, technical expertise, and experience deploying and managing Apple devices, you may need 30 to 60 hours to prepare for the exam.

To prepare for the exam, follow this approach:

  • Become familiar with supporting iPhone, iPad, and Mac users in an organization.
  • Gain practical experience in deploying and managing Apple devices in an organization.
  • Read the learning objectives in this guide and identify the resources you need to study.
  • Complete the Apple Deployment and Management course. Study its content and linked resources, perform the exercises, and use the Check Your Understanding questions in each article or tutorial to reinforce your knowledge.
  • Practice with the sample questions in this guide.

Learning Objectives

Deployment

Explain how device ownership models affect an organization’s deployment strategy.

  • Enrolling User-Owned Devices
  • Managing Organization Apps and Data
  • How Apple separates user data from organization data
  • How users enroll their devices

Evaluate identity management and authentication services, such as single sign-on (SSO) and Entra ID (formerly Azure AD), to manage secure access to your organization’s resources on Apple devices.

  • Evaluating Authentication and User Services
  • Platform Single Sign-on for macOS

Evaluate an organization’s network infrastructure concerning profiles and payloads for Apple devices.

  • Managing Network Traffic
  • Network Usage Rules MDM payload settings for Apple devices

Compare the requirements of account-driven Device Enrollment to profile-based Device Enrollment.

  • Account-driven Device Enrollment

Identify key considerations that relate to deploying Apple devices in organization-owned deployment scenarios.

  • Managing Enrollment and Setup Assistant
  • Understanding Device Enrollment
  • Device Enrollment and MDM
  • Automated Device Enrollment and MDM

Given a scenario, develop a deployment strategy for different ownership models and device purchase sources.

  • Managing Device Assignments
  • Manage device suppliers in Apple Business Manager
  • Manage device suppliers in Apple School Manager

Compare and contrast the features and functions related to managed devices between Apple Configurator and MDM.

  • Exploring Apple Configurator Features
  • Preparing Devices for a Return to Service
  • Revive and restore Apple devices
  • Update or restore iPhone, iPad, or Apple TV devices

Apple Business Manager and Apple School Manager

Link Apple Business Manager or Apple School Manager to your organization’s third-party MDM solution.

  • Adding an MDM Server
  • Link to a third-party MDM server in Apple Business Manager
  • Link to a third-party MDM server in Apple School Manager

Explain the Directory Sync requirements for Apple Business Manager or Apple School Manager.

  • Evaluating Authentication and User Services
  • Using Apple Business Manager or Apple School Manager
  • Use federated authentication with Google Workspace in Apple Business Manager

Networking

Configure your organization’s network infrastructure — Wi-Fi coverage and capacity, proxies, firewalls, VPN, and Bonjour — for use by Apple devices.

  • Preparing Your Network
  • Get proper Wi-Fi capacity
  • Use Apple products on enterprise networks
  • TCP and UDP ports used by Apple software products
  • Infrastructure requirements

Summarize requirements and technical considerations for integrating Apple devices into an existing network.

  • Preparing Your Network
  • Use Apple products on enterprise networks

Explain how content caching in macOS caches and optimizes downloaded Apple content on your network.

  • Understanding Content Caching
  • Plan for and set up content caching

Recognize how content caching across subnets works.

  • Understanding Content Caching
  • How content caching works

Recognize key considerations that relate to joining managed Apple devices to Wi-Fi networks.

  • Preparing Your Network
  • Joining Wi-Fi Networks
  • How iOS, iPad, and macOS decide which wireless network to auto-join

Configure wireless authentication methods your organization will use to connect Apple devices to your network.

  • Joining Wi-Fi Networks
  • WEP, WPA, WPA2, WPA2/WPA3 MDM settings for Apple devices
  • Secure access to wireless networks
  • How Apple devices join Wi-Fi networks

Security

Identify passcode configuration options for Apple devices.

  • Using Passcode Payloads
  • Passcode MDM payload settings for Apple devices

Recognize key restrictions that apply to supervised Apple devices.

  • Using Restrictions Payloads
  • About Apple device supervision
  • MDM restrictions for supervised Apple devices

Recognize key restrictions that apply to unsupervised Apple devices.

  • Using Restrictions Payloads
  • Review MDM restrictions for Apple devices

Describe what’s encrypted in macOS, iOS, and iPadOS, including where keys can be stored for FileVault.

  • Protecting Data with FileVault
  • Institutional versus personal recovery keys

Recognize the key purpose and function of Lost Mode as it relates to managed Apple devices.

  • Using MDM to Manage Lost Mode
  • Managing Lost Devices
  • Locate lost or stolen supervised devices
  • Lock and locate Apple devices

Define the key purpose and function of Activation Lock as it relates to managed Apple devices.

  • Managing Activation Lock
  • recovery Password
  • Activation Lock on Apple devices
  • Organization-linked Activation Lock for iPhone and iPad

Describe different types of biometric capabilities on Apple devices.

  • Touch ID security
  • About Touch ID’s advanced security technology
  • Uses for Face ID and Touch ID
  • Use Touch ID on Mac
  • Set up Face ID on iPhone

Support

Define what a keychain is, and explain what a user can do with Keychain Access in macOS.

  • Keychain data protection
  • Change Password settings on the Mac

Describe macOS Recovery and what a user can do with it.

  • Mac startup key combinations
  • Apps available in macOS Recovery on a Mac with Apple silicon
  • Start up from macOS Recovery

Explain what Console is and how it’s used to triage or troubleshoot user issues.

  • Console User Guide for Mac
  • Share log messages, activities, or reports in the Console on the Mac
  • Discern and classify the key components of a digital certificate.
  • Managing Certificates
  • Intro to certificate management for Apple devices

Set up tethered caching.

  • Intro to content caching
  • Set up content caching on Mac
  • Device network information MDM queries for Apple devices
  • How Content Caching > Share Internet connection works with MDM

Explain what a Terminal is and how it’s used to triage or troubleshoot user issues.

  • Console User Guide for Mac
  • Terminal User Guide for Mac
  • Test Wi-Fi networks with Apple Network Responsiveness

Mobile Device Management

Describe what MDM is and how it works.

  • Understanding Device Enrollment
  • Enrollment profiles
  • Plan your MDM migration.
  • Intro to planning your MDM migration
  • Configure your new MDM solution
  • Reenroll devices in MDM

Manually enroll user-owned devices into an MDM solution.

  • Understanding Device Enrollment
  • Enrolling User-Owned Devices
  • User Enrollment and MDM
  • User Enrollment and Managed Apple IDs
  • About Lockdown Mode

Compare and contrast the actions that an MDM administrator can take on a managed user-owned and organization-owned Apple device.

  • Understanding How MDM Works
  • Designing a Security Strategy
  • Managing Enrollment and Setup Assistant
  • Enrolling User-Owned Devices
  • Using VPN on Apple Devices
  • Using MDM to Manage Lost Mode
  • Auto Advance and Automated Device Enrollment (macOS)
  • MDM commands for Apple devices
  • Lock and locate Apple devices
  • Managing Devices and Corporate Data
  • MDM commands for Apple devices
  • Per App VPN
  • VPN settings overview for Apple devices
  • User Enrollment and per-app networking
  • MDM commands for User Enrollment

Sample Questions

To practice for the exam, try to answer each of these sample questions. Then use the answer key to check your answers. These sample questions aren’t on the actual exam but represent the types of questions included.

Question 1

Who retains the license of a managed app in Apple Business Manager or Apple School Manager when the app is revoked?

  • The device user
  • The organization
  • The Managed Apple ID user
  • The personal Apple ID owner

Question 2

Which security MDM query can you use to check whether the startup volume is protected on a Mac?

  • Find My enabled
  • Passcode present
  • Secure boot status
  • Hardware encryption type

Question 3

Content caching is configured with a 300GB cache size on a managed Mac mini to support Shared iPad users. Users tell you that large files stored in iCloud take longer to download than before. How can you speed up downloads of iCloud user data?

  • Increase the cache size.
  • Use the MDM command PurgeCache to empty the cache.
  • Do nothing. Content caching doesn’t store iCloud user data.
  • Delete the /Library/Application Support/Apple/AssetCache folder.

Question 4

Which security MDM query should you use to check whether Mac computers have access to websites while preventing unauthorized access to user files?

  • Firewall settings
  • Find My enabled
  • Passcode present
  • Hardware encryption type

Question 5

The BetterBag Information Security team wants to prevent users from manually installing configuration profiles in System Settings on their device-enrolled Mac computers. What is required on the managed Mac computers to implement this strategy?

  • They must be supervised.
  • They must be using macOS 13 or later.
  • They must be assigned to the Apple Business Manager.
  • They must be enrolled with Automated Device Enrollment.

Question 6

BetterBag IT wants to verify that Mac users can’t start up from any volume other than the designated startup volume. Which security MDM query can you use?

  • Find My enabled
  • Passcode present
  • Firmware password status
  • Hardware encryption type

Question 7

A BetterBag custom app quits unexpectedly. The app developer asks you for the log report. How do you locate and send the correct log?

  • Open Activity Monitor, click View and select Run System Diagnostics.
  • In Terminal, type tail -f /Applications/BetterBag.app/Contents/MacOS/BetterBag.
  • Open Console, click Log Reports from the sidebar, search for BetterBag, select the log, and click the Share button.
  • Open Console, click Diagnostic Reports from the sidebar, search for BetterBag, select the log, and press the Share button.

Question 8

Which two certificate components can you use to securely identify a client or server and encrypt the communication between them?

  • Public key and private key
  • Trust key and trust certificate
  • Intermediate certificate and trust key
  • Trust certificate and intermediate certificate

Question 9

Leticia needs to verify that a group of new employees have set up their managed iPad devices to prevent unauthorized users from accessing their orientation files. Which security MDM query can she use?

  • Passcode present
  • Secure boot status
  • Firmware password status
  • Can Activation Lock be managed

Question 10

BetterBag requires that FileVault encryption protects all managed Mac computers. What must BetterBag’s MDM solution escrow to grant a secure token to mobile accounts?

  • A content token
  • A bootstrap token
  • A personal recovery key
  • An institutional recovery key

Exam Details

  • The exam name is the Apple Deployment and Management Exam (DEP-2024-ENU).
  • The exam contains approximately 90 scored technical questions, and you have 120 minutes to complete them.
  • The minimum passing score is 75 percent. Scores aren’t rounded.
  • The exam uses multiple-choice single-select and multiple-choice multiple-select questions.
  • You may not access any resources or references during the exam.

Taking the Exam

You take the Apple Deployment and Management exam online through the Pearson OnVUE system. Schedule your exam session in advance, and plan to complete the exam in one sitting. You need a private space and a current, government-issued identification card to take the exam.

To learn more about the Pearson OnVUE online proctoring experience, watch this brief video. To schedule and take the exam, complete these steps:

  1. Sign in to ACRS (Apple Certification Records System) using your Apple ID and password.
  2. Click Credentials. Then click Apple Deployment and Management Exam to start the exam registration process.
  3. Update the Contact Details for the Testing and Certification section. Answer the additional information questions. If you’re requesting any special accommodations to take the exam, complete the relevant fields. Then click the Submit button.
  4. On the notifications page, look for this text: “You may continue to the exam process for the Deployment and Management Exam.” Click Continue at Pearson VUE.
  5. Follow the instructions to schedule and pay for your exam.

On the day of your scheduled exam, complete these steps:

  1. 30 minutes before your scheduled exam time, sign in to ACRS using your Apple ID and password.
  2. Click the Apple Deployment and Management Exam on the home page.
  3. Click Begin Exam, then follow the instructions.

After you complete the exam, Pearson emails you your score. If you don’t pass the exam on the first try, you can purchase another exam and retake it after 14 days. You’re allowed four attempts to pass the exam.

About the Certification

The Apple Certified IT Professional digital badge differentiates you as a skilled professional, gives you a competitive edge in an evolving job market, and associates you with the power of the Apple brand. When you pass the exam, Credly emails you the instructions to claim your digital badge.

Digital badges are valid for two years from the date earned, but specific expiration dates vary. You keep your badge current by taking the recertification exam when it’s released and before the badge expiration date.

Visit Apple Training and sign in to ACRS periodically to ensure that you’re aware as soon as a recertification exam is available.

For More Manuals by Apple, Visit LatestManuals

Faqs About Apple Deployment and Management

What is the Apple deployment program?

When deploying iPads, iPhones, and Mac laptops that are owned by an institution and that are bought directly from Apple or affiliated Apple Authorised Resellers or carriers, DEP offers a quick and efficient solution.

Which Apple service allows an organization to deploy apps to devices?

Configuring, deploying, and managing Apple devices remotely is possible with Apple Business Essentials, a comprehensive device management solution. With Apple Business Essentials, you can manage your entire fleet of devices, regardless of whether they are owned by your company or your employees.

How does Apple device management work?

By transmitting profiles and commands to devices—whether they belong to the user or your organization—MDM enables you to securely and wirelessly configure devices. One of MDM’s functions is to remotely wipe or lock devices, remotely update software and device settings, and monitor adherence to corporate regulations.

What is Apple Zero Touch deployment?

zero-touch implementation Purchase apps and distribute content, automate device deployment, set up Managed Apple IDs for staff members, and more with ease using Apple Business Manager in conjunction with a mobile device management system.

How much does it cost to deploy an app on Apple Store?

You must register as a developer to publish an iOS application on the Apple App Store. The Apple Developer Enterprise Programme costs $299 annually, whereas the Apple Developer Programme costs $99 annually. Every year, the account cost needs to be refreshed. What is the price of apps in the Apple Store?

What is required to deploy apps without the need for an Apple ID?

SimpleMDM can purchase app licenses using Apple Business Manager in VPP, and the program will automatically allocate licenses to devices before to the app installation process. The devices won’t display an Apple ID prompt or an Apple ID

How do I know if my Apple device is managed?

Finding Out Whether an Item Is Managed On an iPhone or iPad that belongs to your company, navigate to Settings > General > VPN & Device Management to locate an MDM profile. On an iPhone or iPad that belongs to the user, navigate to Settings > General > VPN & Device Management to view the managed account associated with the MDM profile.

How do I remove Device Management from Apple devices?

Navigate to Device Management under Settings > General. Your device is enrolled in an MDM program if you see a “Profiles” or “Device Management” option. Try heading to Settings > General > Device Management > [MDM profile] > Remove Management if you can access the MDM profile.

What can Device Management see?

Only the apps installed in the work profile are visible to your organization on corporate-owned Android smartphones with work profiles. They can view all installed apps on any other device owned by the company. Work and school apps are included in the managed app inventory that is visible to your organization on personal devices.

What are Apple deployment programs?

Large-scale iPad, iPhone, Mac, and Apple TV deployments go smoothly with DEP. After devices are activated, you may set up apps, account settings, and remote access to IT services right away. To finish the configuration, you don’t have to physically access each device or employ staging services.

Leave a Reply