Apple Business Manager
Apple Business Manager is a free business portal provided by Apple, specifically designed for businesses to help manage their company owned Apple devices, including iPhone, iPad, Mac, and Apple TV. Apple Business Manager also helps with deployment of apps, and user management of Managed Apple IDs. If you are a business that uses Apple devices, you should be using Apple Business Manager.
Apple Business Manager is not a full management tool, but it is an invaluable tool to help with device management. When a company purchases an Apple device through Apple’s business channels, or an Apple Premier Partner that is set up for Apple Business, your devices can automatically be enrolled in the device management solution in use at your business, allowing for automatic zero touch deployment. You can also procure and deploy applications that are part of Apple’s App Store through Apple Business Manager, and then deploy them to company-owned devices through your device management platform.
Automated Device Enrollment
One of the key benefits of Apple Business Manager is that you can automatically deploy applications, security policies, network configurations, App Store apps and custom apps, and more for company owned devices as soon as they connect to the internet. For iOS devices running the latest software, you can take it a step further and support Apple’s Return to Service functionality, where you can erase an iOS device and have it entirely set itself back up as a new device with your company’s settings without any end-user interaction, which is a great solution for retail environments where iPads need to be reissued frequently, or a seamless way to reissue an iOS device to a new employee. While a device management solution is needed to facilitate these workflows, Apple Business Manager is directing traffic on the back end, telling the devices which device management solution to enroll in when it comes back online.
Apps and Books
If your company uses any apps or books from the Apple App Store or Apple Book Store, you can procure and manage these apps or books through Apple Business Manager. There are a few advantages to doing it this way.
First, if there is an app from the App Store that your company uses that costs money, such as Final Cut Pro for instance, you likely want to make sure that your company owns that app so that it can be redeployed to someone else if necessary. To accomplish this, Apple Business Manager allows you to purchase these and deploy them with a “per-device” license. This means that if you want to change the device that is able to use this app, you simply reassign it in your device management tool, and it will move the existing license from one device to the other.
Next, even for free apps on the App Store, it can be a pain to try to manually manage these across an organization. Without Apple Business manager, you essentially have to try to tell employees to use their own personal Apple ID’s to “purchase” these free apps. Your business will have no control over these, no way to force everyone to update when necessary, and really no way to know who is using what. With Apple Business Manager, even free apps are significantly easier to procure and deploy through your device management platform. You simply add the number of licenses that you need and you can distribute them to any managed device that you have, and choose whether updates are handled automatically or not. There is no need for anyone to sign into Apple ID’s, confirm the download, or anything like that, it’s all automatic.
Managed Apple IDs
Personal Apple IDs are just that, Personal. Apple carefully designed personal Apple ID’s for personal use, including the privacy and security features that Apple is known for. Because of this, they really should not be used for Business contexts. A business can easily lose control of an Apple ID if it’s personal, and they are not designed to be recoverable by a business, which can lead to some really tough situations if they are lost, or if an employee purposely or accidentally locks access to that account.
Managed Apple IDs are Apple’s answer to Business Apple IDs, and are also managed through Apple Business Manager. While more restrictive than a Personal Apple ID in some cases, if you want your business to use Apple ID’s for things like iCloud, Managed Apple IDs are the way to go, and they are managed through Apple Business Manager.
Note - There is a list of specific features that are supported by Managed Apple IDs here - Service access with Managed Apple IDs
Security
Finally, there are several security advantages to using Apple Business Manager to enroll all your company-owned Apple Devices. From a company inventory standpoint, Apple Business Manager keeps a record of all devices enrolled this way. Adhering to purchasing devices through an approved Apple Business channel provides a great record of company-purchased devices. You can view the list directly in the web portal for Apple Business Manager, and most device management providers can pull that list automatically as well, providing more detailed inventory information such as model, device specifics, and even characteristics like color.
Next, devices that are enrolled to device management through Apple Business Manager are considered “Supervised” by Apple, which grants additional privileges for managed devices that are not available through manual enrollment of devices after the fact. There are a wide range of restrictions and commands that are only available if devices are Supervised. Sometimes businesses assume you can do all of these things regardless, and are surprised when a situation comes up and they aren’t able to do something in specific cases.
A list of these specifics are available here - MDM restrictions for supervised Apple devices
An important note to think about is that Apple provides a lot of security and privacy tools designed for individuals, such as Activation Lock. This allows a customer to lock a device to their specific Apple ID, preventing it from being useful to someone if they steal the device but it was activation locked to a specific Apple ID. This is great from a personal customer standpoint, but can be a big issue if people are doing this with personal Apple ID’s and company devices. If your device is supervised, you can either prevent activation lock, or if you’re concerned about the security of the devices being stolen and reused, you can deploy device-based activation lock, which is controlled by your device management platform, and therefore recoverable by you and your business. This is only available for Supervised devices through Apple Business Manager. If you purchase a device as a business but someone locks it with a personal Apple ID, there is a long process you must go through with AppleCare to provide proof of purchase, and several other items to get the device unlocked. It is much easier to implement Apple Business Manager with your business to prevent this from ever being a problem.
How 2Fifteen Tech Can Help
There is a lot to keep track of, and requirements and capabilities change over time, but we are here to help. We are Apple experts and can help navigate the Apple Business offerings, and connect it to device management to fully automate the deployment of Apple devices within your organization.
If you are looking to outsource your IT, we offer full managed IT services for companies where we handle device management, user on-boarding and off-boarding, technical roadmapping and consulting, network services, and much more, so you can focus on what your business does best, and we can handle the technology for you.
If you already have existing IT, but are looking for support in the Apple space, we have a co-managed offering as well, where we manage your Apple devices in coordination with your IT department, and augment your existing team.
Additionally, we have several strategic partnerships, including Kandji, an Apple device management platform, and Express Tech, an Apple Premier Partner that can help with Apple device purchases.
We would love to chat more about our services and how we can help your business! Contact us to set up a call to go through how we can help you and your business!
