Apple Business Manager (ABM)

"Device Management: Manage your organization’s devices remotely.
https://developer.apple.com/documentation/devicemanagement"
Apple School: https://school.apple.com/

"Mobile Device Management Settings
https://support.apple.com/guide/mdm/welcome/web"

"The Standard in Apple Enterprise Management: https://www.jamf.com/
For Biz: https://www.jamf.com/solutions/industries/business/
For School: https://www.jamf.com/solutions/industries/education/

Deploy, connect, manage and protect your Apple fleet and corporate resources with all that Jamf has to offer

OpenAPI trial: https://www.jamf.com/developers/ "

Apple Business Manager (ABM) https://business.apple.com/
"Apple Business Manager is a web-based portal for IT administrators to deploy
iPhone, iPad, iPod touch, Apple TV, and Mac all from one place. Working
seamlessly with your mobile device management (MDM) solution, Apple
Business Manager makes it easy to automate device deployment, purchase
apps and distribute content, and create Managed Apple IDs for employees.
The Device Enrollment Program (DEP) and the Volume Purchase Program
(VPP) are now completely integrated into Apple Business Manager, so
organizations can bring together everything needed to deploy Apple devices.
These programs will no longer be available starting December 1, 2019."

https://developer.apple.com/documentation/devicemanagement

"What’s the difference between MDM, EMM and UEM?  
https://securityintelligence.com/why-uem-is-the-new-mdm-the-latest-stage-in-enterprise-evolution/?_ga=2.152097465.1295773836.1612850572-2039256528.1612850572
Why UEM Is the New MDM: The Latest Stage in Enterprise Evolution
Since its inception, mobile device management (MDM) has been a simple way to ensure that devices used for corporate purposes stay within policy guidelines. It was cut and dried: If you could locate, lock and wipe devices, you were all set.
Over the years, however, business needs have become more complex, and apps and content now require secure access. To accommodate this shift, MDM evolved into enterprise mobility management (EMM).
Effective management requires even more advanced capabilities to keep up with the ever-changing mobile landscape. On top of managing laptops, desktops, smartphones, tablets, wearables and Internet of Things (IoT) devices, enterprise IT and security leaders must oversee applications, documents, content, data and user access and identity.
This is where unified endpoint management (UEM) comes into play.

How Does UEM Differ From MDM?
The functionality that MDM supplies is quite basic and falls short of what UEM can do. MDM can manage users’ devices through policies and compliance rules — and not much else. UEM takes this a few steps further, consolidating its own unique features with traditional MDM and EMM capabilities.

UEM features and capabilities include the following:
Mobile device management (MDM)
Mobile application management (MAM)
Mobile content management (MCM)
Mobile threat management (MTM)
Containerization
Identity and access management (IAM)
This diverse range of capabilities enables IT and security leaders to better balance the critical functions of user productivity and corporate security.

UEM Enables Easy Enrollment
Unshackled from the requirements of on-domain registration, users and their devices can be enrolled into a UEM solution right over the air, which rarely requires IT intervention. To streamline the setup process, UEM supports enrollment programs like Apple’s Device Enrollment Program (DEP), Microsoft’s Out-of-Box Experience (OOBE) and Google’s Android Zero-Touch Enrollment.

As an added bonus, UEM integrates with existing infrastructure, such as Microsoft Active Directory/Lightweight Directory Access Protocol (AD/LDAP). This helps IT saves time and cost by simply importing AD/LDAP records and groups directly into the solution, rather than rebuilding them. UEM’s app-based and application programming interface (API) enrollment options make it fast and simple for both IT and users to get up and running in no time.

Boost Productivity Without Compromising Security
UEM includes IAM capabilities with distribution options for smartphones and tablets. By enabling single sign-on (SSO) to web and cloud apps via the desktop, IT teams can ensure quick, intuitive and secure access. It also gives users access to encrypted content repositories and support for the following third-party file sharing apps:

Box
Windows File Share
Google Drive
One Drive
SharePoint
Salesforce
Concur
With these features, security teams can confidently verify users and grant them access to corporate data via their mobile devices. This level of integration sets UEM apart from MDM solutions because it enables productivity without sacrificing security.

"

"Samsung SDS awarded Mobile Device Management Protection Profile (MDM-PP) 4.0 version （https://www.niap-ccevs.org/MMO/PP/pp_mdm_v4.0.pdf）
https://www.ai-demand.com/news/mobility-news/samsung-sds-awarded-mobile-device-management-protection-profile-mdm-pp-4-0-version/"

"iOS MDM详解（1）— 初识和深入
https://www.jianshu.com/p/6112050ea31a

iOS MDM详解（4）— 安装mobileconfig配置文件: https://www.jianshu.com/p/05cce15b192e

设备认证
主动以PUT 请求的方式访问 CheckInURL提交设备相关的信息，发送的内容如下：

20170807更新：不断有简友发信好奇这个操作是如何进行的比如没有安装APP呀或其他看的见的操作之类的？请求方式为什么是PUT请求呢？
我的理解及解答

问题1：是的，不需要人为 的操作，这一请求是在安装好配置文件的瞬间，有iOS系统自动发起的。因为iOS本身支持MDM服务，同时也实现了MDM协议。其实这个和HTTP协议类似，都是一个通信的机制，只要客户端和服务端都实现了协议，双方才能正常的通信交流。不过这里的客户端都是iOS系统本身完成的，我们要做的 就是在服务端实现就行了。通过以下的几个简单操作可以看出，其操作发送的XML格式的 指令 都是固定的，具体的其他操作的指令名称或字段可参看苹果官方MDM协议描述文档。"

"https://github.com/keaijohnee/OpenMDMServer : 基于Java（SpringMVC＋Hibernate ＋MySQL）的iOS移动设备管理（MDM）

"
"MDM开发必读：iOS移动设备管理协议（2018翻译版）  https://my.oschina.net/crazyiter/blog/1788121    https://download.csdn.net/download/woshixuejavade/10319979?utm_source=bbsseo
https://blog.csdn.net/weixin_33826609/article/details/92046375?utm_medium=distribute.pc_relevant_bbs_down.none-task-blog-baidujs-1.nonecase&depth_1-utm_source=distribute.pc_relevant_bbs_down.none-task-blog-baidujs-1.nonecase
https://download.csdn.net/download/jy470085143/9129339?utm_medium=distribute.pc_relevant.none-task-download-BlogCommendFromBaidu-6.control&depth_1-utm_source=distribute.pc_relevant.none-task-download-BlogCommendFromBaidu-6.control"

"https://stackoverflow.com/questions/24042374/how-does-mdm-in-ios-really-work

iOS MDM is clientless protocol. So, you develop a server, but you don't develop a client application for it. Actually, there is a client app, but it's developed by Apple and built into operation system.
So, your server will send a command, built-in MDM client will receive and execute it.
Generally speaking, if you want to develop MDM server, you need to register into Enterprise Developer Program and get MDM documentation.
There is some reverse engineered documentation here: http://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf
And iOS MDM protocol support Install/Remove application command."

http://www.kermitkordell.com/2014/06/06/analysis-apple-mdm-framework-building-ipad-management-tool-schools/

https://blog.csdn.net/zhaoxy_thu/article/details/10473193

iOS MDM设备底层工作原理  https://www.jianshu.com/p/7082accf9f5b

"苹果的MDM简介  https://www.cnblogs.com/liyy2015/p/6030032.html
MDM的运行过程，首先注册你的设备在MDM服务器上，MDM服务器通过APNS发送命令给设备，设备如果处于空闲的状态会给苹果的发消息说处于空闲状态，空闲则执行相应的命令，执行完毕就会告诉MDM服务器执行结果。

锁屏命令
获取设备的app的信息
清除设备的密码
安装一个描述文件
删除一个描述文件
获取描述文件的列表
获取设备的信息
删除一个app的命令
安装一个app的命令
获得安全相关的信息
恢复出厂设置
获得预置证书列表
获得证书的列表      
获得限制
获得所管理的app的信息
安装一个文件或书籍
获得所安装的文件的列表   
移除安装的文件
获得可更新的系统的信息 
远程定位
设置设备的名称
远程设置设备的墙纸"

"iOS MDM证书申请流程: https://www.jianshu.com/p/fef831dfe12c
MDM功能的开发必须是苹果企业级开发者账号（Apple Enterprise Account）。个人开发者账号是不可以的。"