Prepare to use eSIMs with Apple devices
Mobile activation requires either a SIM or an eSIM provided by the network provider. eSIMs are preferred for a number of reasons, but your local provider may not support them at the scale your organisation needs. Network provider selection should also take into account coverage for where users live, work or attend school, as well as any location where devices are initially configured.
eSIM support
On an iPhone with iOS 16 or later, you can have eSIMs installed automatically during device setup. Your mobile network provider must support eSIM Provider Activation. If it does, there’s no need to use MDM to install eSIMs during initial device setup.
eSIMs can also be automatically installed on an iPhone (with iOS 16 or later) or iPad (with iPadOS 16.1 or later) that uses Automated Device Enrolment. The process uses Apple School Manager, Apple Business Manager or Apple Business Essentials. For this case, too, your network provider must support eSIM Provider Activation.
iPhone and iPad model | eSIM support | Automatic eSIM installation | nano-SIM support | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
All iPhone 16 models (non-US) All iPhone 15 models (non-US) All iPhone 14 models (non-US) | Dual eSIM |
|
| ||||||||
All iPhone 16 models (US only) All iPhone 15 models (US only) All iPhone 14 models (US only) | Dual eSIM |
|
| ||||||||
All iPhone 13 models iPhone SE (3rd generation) | Dual eSIM |
|
| ||||||||
All iPhone 12 models | Single eSIM |
|
| ||||||||
iPhone SE (2nd generation) All iPhone 11 models All iPhone X models | Single eSIM |
|
| ||||||||
iPad Pro 13-inch and 11-inch (M4) models iPad Air 13-inch and 11-inch (M2) models | Single eSIM |
|
| ||||||||
iPad Pro (3rd generation) or later 11-inch, 12.9-inch models iPad mini (5th generation) or later iPad Air (3rd generation) or later iPad (7th generation) or later | Single eSIM |
|
| ||||||||
eSIM security benefits
eSIMs are exceptionally secure and tamper resistant. They can’t be cloned or modified, and they’re designed to operate only on a specific device. By design, the GSMA eSIM specification SGP.21 restricts eSIM profiles from being exported from one eUICC to another.
With a physical SIM, someone can quickly steal a user’s SIM (which contains the user’s phone number). This allows SMS communication to that number, such as receiving one-time passcodes or personal identification numbers. With an eSIM, this isn’t possible.
To prevent additional lines of service from being added to a user’s iPhone, you can use MDM and the AllowESIMModification restriction to prevent the addition or removal of eSIMs.
All iPhone 14 or later models sold in the United States, and all iPad Pro (M4) and iPad Air (M2) models are eSIM only. This provides an extra layer of protection because you can’t physically remove or replace an eSIM. If the iPhone or iPad is lost or stolen, it will be much harder to activate it on another line.
Network provider selection
All iPhone devices, and some iPad devices, have mobile coverage. To make best use of that coverage when planning deployment, make sure you have the right network provider for your needs.
Because eSIMs are software based, they afford much more deployment flexibility and are also easier to secure; administrators can trigger eSIM installation remotely and restrict a user’s ability to remove it from their device. If there’s a need to change the network provider for devices after they’ve been deployed to users, a mobile device management (MDM) command lets you do that without any user interaction. There are other advantages to using an eSIM. For example, if permitted, the user can also change to use the previous eSIM in Settings > Mobile Data.
When selecting a network provider, ask the following:
After an agreement is signed, what is the time period to create and make available the eSIMs so they can be assigned to supported iPhone and iPad devices?
Does your network provider support eSIM Network Activation for automating eSIM installation?
Does your network provider allow users to transfer eSIMs between iPhone and iPad devices?
What is the URL for your network provider’s eSIM server (known as an SM-DP+ server)?
Ensure that access to the provider’s eSIM server is available through firewalls.
Use the network provider’s eSIM server hostname when installing eSIMs using MDM.
Regarding mobile network coverage and capacity, can the provider provide a survey of mobile phone masts close to where the devices are provisioned and where remote learning may be taking place?
Note: Because network providers may be sensitive to the number of devices simultaneously queuing for eSIM provisioning, many of them request that automated provisioning events be communicated to them.