Breadcrumbs

What is Apple Business Manager and Zero-Touch Provisioning for Apple Devices?

This article gives you an educational overview of Apple Business Manager (ABM), zero-touch provisioning for Apple devices and how Electric helps you set it up.

If you’d like to go directly to our instructions for implementing Apple zero-touch provisioning, please refer to our knowledge base article here.

Zero-Touch Provisioning for Apple

Zero-touch provisioning is the ability to ship a brand-new Apple device directly to an employee and have it automatically enroll, configure, and secure itself the first time it’s turned on — without IT ever touching it.

What this enables:

  • No manual setup or imaging

  • No security gaps at first login

  • No dependency on IT being onsite

  • A consistent onboarding experience for every employee

The device arrives pre-claimed by the company and forced into management during setup.

  • Resellers → sell the device

  • Apple Business Manager (ABM) → proves ownership and routes the device to MDM

  • Mobile Device Management (MDM) → forces enrollment, installs apps and applies default security policies

Resellers

Where zero-touch actually starts

Zero-touch provisioning begins at the point of purchase, not when the device is turned on.

When devices are purchased from:

  • Apple directly, or

  • An Apple-authorized reseller (like the Electric Hardware Marketplace)

…the reseller:

  1. Records the device serial numbers

  2. Assigns those devices to your company in Apple’s systems

This is what allows Apple to later recognize the device as company-owned during activation.

Devices purchased outside approved reseller channels:

  • Do not automatically support zero-touch

  • Often require manual enrollment

  • Introduce security and operational friction

Apple Business Manager

Ownership, assignment, and reseller connections

Apple Business Manager (ABM) is Apple’s central portal for device ownership and how the relationship between reseller and your MDM is established. 

ABM’s role in zero-touch provisioning:

  • Confirms devices belong to your organization

  • Links devices to your MDM

  • Intercepts the Apple setup process

  • Forces devices into management during first setup

The ABM portal is where you explicitly connect your resellers and your MDM.

In ABM, admins:

  • Plug into the company’s mobile device management system through a certificate handoff process

  • Add Apple-authorized resellers using the reseller’s Reseller ID

Once connected:

  • Devices purchased through that reseller are automatically added to ABM

  • No manual serial uploads are required

  • Devices are assigned to your MDM

  • Zero-touch provisioning works at scale

Important distinction:

  • ABM does not manage devices (that’s MDM)

  • It establishes ownership, trust, and forces mandatory enrollment

You can find prerequisites and instructions for how to create an Apple Business Manager account here.

Mobile Device Management (MDM) 

Enforcing configuration and security

MDM is the system that actually manages your devices, including the ones ABM hands off to it.

During zero-touch provisioning, MDM:

  • Forces enrollment into MDM during initial setup

  • Applies security policies before user access

  • Installs required apps and configurations

  • Prevents users from skipping management

Ongoing, MDM handles:

  • Compliance and OS updates

  • App lifecycle management

  • Device lock and wipe

  • Continuous policy enforcement

In simple terms:

  • ABM decides that an MDM must manage the device

  • MDM decides how the device is managed

How it all connects (end-to-end flow)

  1. Device is purchased from an authorized reseller that you have added to your ABM portal

  2. Reseller assigns the device to your Apple Business Manager tenant

  3. ABM links the device to your MDM that you added to your ABM portal 

  4. Employee powers on the device and connects to the internet

    1. Note: The device connecting to the internet is required step for ZTP to trigger

  5. Apple connects to the ABM service during activation and recognizes this device should be managed by your MDM

  6. Device is forced to enroll in MDM

  7. Security policies, apps, and settings apply automatically

How Electric Helps

  1. Apple Business Manager:

    1. Electric provides guided steps in our knowledge base article for you to sign up and create your ABM account and configure the Electric portal with the proper device management settings

    2. When you are ready to set up zero-touch provisioning, simply email support@electric.ai with your request indicating you would like to work with us to configure ZTP for Apple devices. Our support team will guide you through the process with detailed instructions, including:

      1. What to upload, download and share from ABM to complete the connection to MDM

      2. How to assign devices automatically to the Electric MDM

      3. Adding appropriate Reseller IDs

      4. Selecting default applications to deploy during zero-touch provisioning 

  2. Jumpcloud MDM

    1. We create your Jumpcloud MDM and implement our default security policies

    2. We activate the zero-touch provisioning policy to configure default security policies and automatically deploy any of your requested applications

Now that you’re familiar with everything you need to know about Apple zero-touch provisioning, follow our instructions here to get started!