MDM and Apple Business Manager (or Apple Business Essentials) allow for zero-touch deployment. IT does not even have to see a device; it can be shipped new in the box to an employee and it will automatically configure and enroll in MDM when querying Apple’s activation servers during startup.
By contrast, managing devices manually can be extremely time consuming because you have to set up each device by hand when installing configuration profiles — and you must touch it every time you need to make changes. Security updates (or any software updates) cannot be forced to install, leaving it up to each user to install them or not.
When a device is managed via MDM, there’s a constant back and forth communication between the device and your company’s MDM service. This allows a whole host of features, particularly security features such as being able to query the device status, lock/unlock the device, install software updates, and add applications and other content over the air.
