**MDM** stands for **Mobile Device Management**. It's what enterprises use to manage iPhones owned by the organization — employee phones, school tablets, government devices.
For frum families, MDM is the technology that makes a real "kosher iPhone" possible. Without MDM, every restriction on an iPhone is something the user can turn off. With MDM, restrictions live on a server you don't control — and the user can't toggle them.
The simplest way to understand it
Think of MDM as a **remote control** for the iPhone's policy settings.
Every iPhone has dozens of settings that control what the device can do — what apps are allowed, whether Safari is available, whether the App Store shows up, whether VPNs can be installed.
On a regular iPhone, the user holds this remote control. They can turn on and off any restriction.
On an MDM-managed iPhone, **we hold the remote control**. The user doesn't have access to these settings at all. They just see the result of whatever we've set — and they can't change it.
What MDM can do
**Apps**: install, uninstall, or block installation. The MDM decides what apps exist on the device. The user cannot install new apps.
**Settings**: force any setting to a specific value. Wi-Fi only, no Bluetooth file sharing, no iCloud sync of this-or-that.
**Content**: filter web traffic, block specific sites (though we mostly just remove the browsers entirely).
**Remote actions**: lock the device, wipe it, display a message, locate it, force a restart.
**Reporting**: see which iPhone is on which iOS version, check compliance, detect jailbreak attempts or unauthorized profile installs.
What MDM can't do
**Read your messages or email content.** MDM is a policy system. It doesn't access communication content. (We couldn't even if we wanted to — Apple's MDM spec doesn't expose message content to administrators.)
**Track your calls.** Same reason. MDM doesn't have access to call logs, audio, or phone content.
**See your photos or videos.** Not exposed to MDM.
**Know your iMessage contents in real time.** Not exposed to MDM.
**Turn itself off if the internet is out.** MDM policies enforce on the device directly. No network connection is required for the restriction itself — only for policy updates and status reporting.
Privacy
Here's what we, as your MDM operator, can see:
- Which iPhone you have, your iOS version, your enrollment date. - Whether the device is checking in regularly (i.e., it's online and working). - The list of apps currently installed (because we pushed them). - Whether anyone has tried to install an unauthorized profile or bypass supervision.
Here's what we **cannot** see:
- Your messages, emails, photos, or call history. - Your location (unless the phone is reported lost and we deploy remote-lock + Find My). - What you're doing inside any app. - Browsing history (there's no browser anyway).
Your frum life stays your frum life. MDM is the security wall, not a surveillance tool.