Apple still need to approve the organisations use of that program and provide certificates, which like in the facebook case can be revoked.
There are also two different tiers of MDM in the apple enterprise program. If its a bring your own device the device cannot be locked down to not let the users remove applications. It will also sevely limit the kind of information the MDM solution cant get out of the devices. These things can only be enabled on corporation purchased devices.
There are also two different tiers of MDM in the apple enterprise program. If its a bring your own device the device cannot be locked down to not let the users remove applications. It will also sevely limit the kind of information the MDM solution cant get out of the devices. These things can only be enabled on corporation purchased devices.
There is a good overview here: https://www.apple.com/hk/en/iphone/business/docs/iOS_Enterpr...
But maybe I am wrong, do you have examples of intrusive monitoring solutions that can be deployed (without exploits) on iOS?