Data Intune sends to Apple
When any of the following Apple services are enabled on a device, Microsoft Intune establishes a connection with Apple and shares user and device information with Apple:
- Apple Device Enrollment Program (DEP)
- Apple MDM Push certificate (APNS)
- Apple School Manager (ASM)
- Apple Volume Purchase Program (VPP)
Before Microsoft Intune can establish a connection, you must create an Apple account for each of the Apple services.
The following table lists the data that Microsoft Intune sends from a device to the enabled Apple services.
| Service | Data sent to Apple | Used for |
|---|---|---|
| APNS | Token, PushMagic | If the server accepts the device, the device provides its push notification device token to the server. The server should use this token to send push messages to the device. This check-in message also contains a PushMagic string. The server must remember this string and include it in any push messages it sends to the device. |
| ASM/DEP | Server token | Push notification device token used to authenticate to Apple service. |
| ASM/DEP | server_name | An identifiable name for the MDM server. |
| ASM/DEP | server_uuid | A system-generated server identifier. |
| ASM/DEP | admin_id | Apple ID of the person who generated the current tokens that are in use. |
| ASM/DEP | org_name | The organization's name. |
| ASM/DEP | org_email | The organization's email address. |
| ASM/DEP | org_phone | The organization's phone. |
| ASM/DEP | org_address | The organization's address. |
| ASM/DEP | org_id | DEP customer ID. This key is available only in protocol version 3 and later. |
| ASM/DEP | serial_number | The device's serial number (string). |
| ASM/DEP | model | The model name (string). |
| ASM/DEP | description | A description of the device (string). |
| ASM/DEP | asset_tag | The device's asset tag (string). |
| ASM/DEP | profile_status | The status of profile installation. Possible values: empty, assigned, pushed, or removed. |
| ASM/DEP | profile_uuid | The unique ID of the assigned profile. |
| ASM/DEP | device_assigned_by | The email of the person who assigned the device. |
| ASM/DEP | os | The device's operating system: iOS/iPadOS, OSX, or tvOS. This key is valid in X-Server-Protocol-Version 2 and later. |
| ASM/DEP | device_family | The device's Apple product family: iPad, iPhone, iPod, Mac, or AppleTV. This key is valid in X-Server-Protocol-Version 2 and later. |
| ASM/DEP | profile_name | String. A human-readable name for the profile. |
| ASM/DEP | support_phone_number | Optional. String. A support phone number for the organization. |
| ASM/DEP | support_email_address | Optional. String. A support email address for the organization. This key is valid in X-Server-Protocol-Version 2 and later. |
| ASM/DEP | department | Optional. String. The user-defined department or location name. |
| ASM/DEP | devices | Array of strings containing device serial numbers. (Might be empty.) |
| VPP | Intune UserId guid | GUID generated by Intune. |
| VPP | Location Token | Secure token used to link Intune with an Apple Business Manager or Apple School Manager tenant. |
| VPP | Managed AppleId UPN | AppleID that was specified by Admin when configuring the Apple Business Manager or Apple School Manager location token (VPP token) connection with Apple. |
| VPP | Serial Number | Serial number of the managed device. |
To stop using Apple services with Microsoft Intune and delete the data, you must both disable the Microsoft Intune Apple token and also delete your Apple account. Refer to Apple account how to perform account management.