Data Apple sends to Intune
When any of the following Apple services are enabled on a device, Microsoft Intune establishes a connection with Apple to share user and device information:
- Apple Device Enrollment Program (DEP)
- Apple MDM Push certificate (APNs)
- Apple School Manager (ASM)
- Apple Volume Purchase Program (VPP)
Before Microsoft Intune can establish a connection, you must create an Apple account for each of the Apple services.
Note
Consistent with Microsoft and Apple policy, we do not sell any data collected by our service to any third parties for any reason.
The following table lists the data that an Apple device sends to Intune. Intune also sends data to Apple.
| Service | Message | Data sent to Intune | Used for |
|---|---|---|---|
| APNs | Authenticate | MessageType | The message type: authenticate. |
| APNs | Authenticate | Topic | The topic the device will listen to. |
| APNs | Authenticate | MesUDID | The devices UDID. |
| APNs | Authenticate | OSVersion | The device's OS version. |
| APNs | Authenticate | BuildVersion | The device's build version. |
| APNs | Authenticate | ProductName | The device's product name. |
| APNs | Authenticate | SerialNumber | The device's serial number. |
| APNs | Authenticate | IMEI | The device's International Mobile Station Equipment Identity. |
| APNs | Authenticate | MEID | The device's Mobile Equipment Identifier |
| APNs | TokenUpdate | Topic | The topic the device will listen to. |
| APNs | TokenUpdate | UDID | The device's UDID. |
| APNs | TokenUpdate | Token | The push token for the device. The server should use this updated token when sending push notifications to the device. |
| APNs | TokenUpdate | PushMagic | The magic string that must be included in the push notification message. |
| APNs | TokenUpdate | UnlockToken | A data blob that can be used to unlock the device. |
| APNs | TokenUpdate | AwaitingConfiguration | If set to true, the device is awaiting a DeviceConfigured MDM command before proceeding through Setup Assistant. |
| APNs | Checkout | MessageType | The type of message: checkout. |
| APNs | Checkout | Topic | The topic the device will listen to. |
| APNs | Checkout | UDID | The device's UDID |
| APNs | MDM Protocol | Status | Status. |
| APNS | MDM Protocol | UDID | The device's UDID. |
| APNs | MDM Protocol | CommandUUID | UUID of the command that this response is for. |
| APNs | MDM Protocol | ErrorChain | Array of dictionaries representing the chain of errors that occurred. |
| ASM/DEP | Enrollment Program token | Serial number | The device's serial number. |
| ASM/DEP | Enrollment Program token | model | The device's model name. |
| ASM/DEP | Enrollment Program token | Description | A description of the device. |
| ASM/DEP | Enrollment Program token | Color | The color of the device. |
| ASM/DEP | Enrollment Program token | Asset tag | The device's asset tag. |
| ASM/DEP | Enrollment Program token | Profile status | The status of the profile installation. |
| ASM/DEP | Enrollment Program token | Profile UUID | The UUID of the assigned profile. |
| ASM/DEP | Enrollment Program token | Profile assign time | A time stamp in ISO 8601 format indicating when a profile was assigned to the device. |
| ASM/DEP | Enrollment Program token | Profile push time | A time stamp in ISO 8601 format indicating when a profile was pushed to the device. |
| ASM/DEP | Enrollment Program token | Device assigned date | A time stamp in ISO 8601 format indicating when the device was enrolled in the Device Enrollment Program. |
| ASM/DEP | Enrollment Program token | Device assigned by | The email of the person who assigned the device. |
| ASM/DEP | Enrollment Program token | OS | The device's operating system. |
| ASM/DEP | Enrollment Program token | Device family | The device's Apple product family. |
| VPP | Apple Business Manager location token | Apple User ID | A user ID generated by Apple. |
| VPP | Apple Business Manager location token | application description | The description of a VPP application. |
| VPP | Apple Business Manager location token | application icon | The URL of an Apple hosted icon for a VPP app. |
| VPP | Apple Business Manager location token | Application ID | Apple Application ID, also known as adamsId. |
| VPP | Apple Business Manager location token | application name | The name of a VPP application. |
| VPP | Apple Business Manager location token | assignedCount | The number of assigned licenses for an app. |
| VPP | Apple Business Manager location token | availableCount | The number of unassigned licenses for an app. |
| VPP | Apple Business Manager location token | bundleId | The bundleId of an app. |
| VPP | Apple Business Manager location token | copyright | The copyright info of an app. |
| VPP | Apple Business Manager location token | CountryCode | The country code of a VPP program. |
| VPP | Apple Business Manager location token | deviceAssignable | Apple returns true if the admin can assign a device license for an app. If not, false is returned. |
| VPP | Apple Business Manager location token | facilitatorMemberId | The member ID of a VPP account facilitator. |
| VPP | Apple Business Manager location token | genres | The genres of an app. |
| VPP | Apple Business Manager location token | Intune UserId guid | The GUID generated by Intune. |
| VPP | Apple Business Manager location token | isIrrevocable | Apple returns true if the license can't be revoked. If it can be revoked, false is returned. |
| VPP | Apple Business Manager location token | License ID | The ID generated by apple to identify a specific license. |
| VPP | Apple Business Manager location token | Location | Location stored in apple VPP config data. |
| VPP | Apple Business Manager location token | Managed AppleId UPN | The AppleID email for user, admin, and facilitator member. |
| VPP | Apple Business Manager location token | OrganizationId | The Apple assigned organization ID. |
| VPP | Apple Business Manager location token | pricingParam | The Apple pricing type for an app. |
| VPP | Apple Business Manager location token | productType | The product type of a VPP application. |
| VPP | Apple Business Manager location token | retiredCount | The number of retired licenses for an app. |
| VPP | Apple Business Manager location token | totalCount | The total number of licenses purchased for an app. |
| VPP | Apple Business Manager location token | url | The iTunes store URL of an app. |
| VPP | Apple Business Manager location token | User Status | The user status in apple VPP programs. |
To stop using Apple services with Microsoft Intune and delete the data, you must both disable the Microsoft Intune Apple token and also delete your Apple account. Refer to Apple account how to perform account management.