How to Manage Your Company’s Apple IDs

If you’re familiar with Apple devices, you’re likely familiar with Apple IDs. If you work in the business and IT worlds, have you considered how you can use Apple IDs for business purposes? The use of a Managed Apple ID can be extremely useful and beneficial for businesses and organizations that utilize mobile devices for business operations. So how does a Managed Apple ID differ from a standard ID, and how can companies use them to manage their employee’s devices?

Find out how to manage your company’s Apple IDs and how you can use the features and benefits of Managed IDs.

What Is Apple Business Manager?

Apple Business Manager (ABM) combines the Volume Purchase Program (VPP) and the Device Enrollment Program (DEP) to create an online portal for IT administrators to deploy and manage their company’s Apple devices. Integrating with mobile device management (MDM) systems, ABM allows businesses to easily manage and view company devices, purchase and distribute apps and content and manage user accounts.

Here’s a closer look at the three main areas of management within Apple Business Manager:

• Devices: Businesses can automate the device enrollment process and simplify device setup. You’ll also gain more control over corporate devices, all without needing to prepare each device individually.
• Content: Buy content in bulk, including internal apps, and easily share app licenses between users. Managed distribution of content allows you to control who has access to what.
• Users: Create Managed Apple IDs so employees can collaborate through Apple devices and apps. Integrate ABM with Microsoft Azure Active Directory to automatically create new Managed Apple IDs. Additionally, ABM allows businesses to designate roles for users and teams.

Apple Business Manager offers a centralized management system for businesses to simplify the use of company devices. With more control over user accounts and device content, businesses can more effectively manage digital functions and operations. When using Managed Apple IDs with ABM, businesses and organizations can streamline their MDM needs.

Roles Within Apple Business Manager

ABM has five roles you can assign to employees based on their job and need to access ABM. Here’s a look at each role and some of the specific privileges they have:

• Administrator: Administrators can do everything the other roles can, plus some. For example, only Administrators can accept terms and conditions and set tax statuses.
• People Manager: People Managers primarily handle tasks that deal with other users. For example, they can edit privileges, create Managed Apple IDs, reset passwords and assign roles to employees.
• Device Manager: Device Managers add, assign, release and remove devices, as well as manage MDM servers and their connection to ABM.
• Content Manager: Other than Administrators, Content Managers are the only users who can view books and apps, buy content and hold and reassign app licenses.
• Staff: All other employees will fall under the Staff role. They can use managed devices, apps and books. Staff members can also access iCloud.com with their Managed Apple ID to collaborate with others. Staff roles have limited privileges because their daily tasks don’t involve work in ABM. They’re using the technology managed by the other roles to do their primary job functions.

More than one employee can be assigned to any role, so you’ll likely have teams of People Managers or Content Managers. Roles allow companies to delegate responsibilities and tasks to work more efficiently and prevent overloading a single member of your IT department.

What Are Managed Apple IDs?

Traditionally, Apple IDs are created so an individual can use and access iCloud services. The creator of the personal Apple ID is the only person who can access the account, which poses difficulties for businesses using Apple devices. Rather than use personal Apple IDs for work, companies can create and manage their organization’s Apple IDs.

Managed Apple IDs are accounts owned by the company that created them and assigned to employees within the company for business use. Business Apple ID management is designed so companies can manage credentials, restrict user access and update account information. Other uses of Managed Apple IDs include:

• Assigning and managing roles of ABM users
• Assigning app licenses to accounts
• Enrolling and managing devices on an MDM
• Distributing content and resources

Employees will use their Managed Apple IDs to sign in to corporate-owned Apple devices to complete work and collaborate through iCloud, iWork and other shared apps. Unlike personal Apple ID accounts, Managed Apple IDs don’t have access to services like Apple Pay, media services, Find My services and other iOS features. Instead, Managed IDs are primarily used to manage accounts for employees that need access to and work in Apple Business Manager.

How to Create a Managed Apple ID

As an IT manager or administrator, you’ll need to create Managed Apple IDs for the employees at your company. Before we look at how to create these accounts for your employees, we have a few tips to keep in mind when creating the ID user names and email addresses. First, you’ll need to create a user name for each account. To make things easy for your employees to remember, consider using the same username as the employee’s corporate email.

Apple recommends including “appleid” after the @ symbol to differentiate an employee’s Apple ID from their corporate email. For example, you might use a format similar to this: username@appleid.domain.com. The domain in your Apple IDs should be the same as the domain used to register your business with Apple Business Manager. With these tips in mind, here are two ways you can create Managed Apple IDs.

Create Managed Apple IDs in ABM

The manual way of creating Managed Apple IDs is through Apple Business Manager. Only people assigned the role of People Manager or Administrator can create new IDs. Under “Accounts” in the ABM sidebar, you’ll search for the users you want to create managed IDs for. Choose to Edit the Account and click Add to choose what the username will be. After that, you’ll select a domain, and the ID will be created.

Create Managed Apple IDs With Azure AD

The second method of creating Managed Apple IDs is through Azure AD. When you link your company’s ABM account with Azure AD, you can automatically create IDs for users who are already in Azure AD. Essentially, this allows employees to use their Azure AD credentials as their Apple IDs.

Once the two applications are integrated, users will be directed to the Azure sign-in page when logging into an Apple service. After inputting their Azure credentials, they’ll be redirected back to Apple.

Features of Managed Apple IDs

Many features of managed Apple IDs are useful for businesses and organizations. Apple IDs are not required to manage Apple devices, so you’ll need to determine whether it will be helpful for your company. Consider some of the features of Managed Apple IDs that organizations can use.

Control User Access

As we briefly mentioned earlier, administrators can use Apple Business Manager to assign specific roles and privileges to certain personnel and teams. The role or task is assigned to an individual via their Managed Apple ID, so their privileges are linked to their account regardless of the device they use. Assigning roles allows Administrators to control user access to functions within ABM as well as certain tasks and resources.

Additionally, employees won’t need to worry about downloading all the software, resources and tools they need for their specific tasks because that becomes the IT department’s responsibility. Your IT department will handle device deployment and create Apple IDs, giving them more control over the devices your employees use.

Shared Access to Tools and Resources

Managed Apple IDs allow users on your network to share access to company-wide apps, software and resources. Shared access enables employees to collaborate on projects and tasks easily. Multiple users can access documents simultaneously, making remote collaboration even more efficient.

For example, users can share access to company accounts like iCloud Drive and Notes. These accounts create a centralized location to store documents, information and resources so employees can work together efficiently.

Easy License Management

When purchasing apps in bulk for company use, the VPP app licenses can be assigned to the desired Managed Apple IDs. In other words, VPP app licenses are connected to the IDs rather than the devices so they’re easily transferrable. This feature simplifies app license management for the IT department and administrators.

Easy User Enrollment

Managed Apple IDs enable companies to support “Bring Your Own Device” policies. User Enrollment is a feature of Managed Apple IDs that allows employees to enroll their personal devices with their company ID. Their Managed Apple ID credentials allow MDM systems to install, assign app licenses, access shared accounts and manage how employees can use their personal devices for work.

Benefits of Managed Apple IDs

You may already be envisioning how using Managed Apple IDs can benefit your company. The features of these accounts are advantageous on their own, though there are some additional benefits to consider. Here are a few more advantages of Managed Apple IDs:

• Single sign-on: When integrated with Azure AD, the two user accounts become synced. This synchronization allows employees to use the same password and username for both systems.
• Easy account management: Managing accounts is simple, especially with the ability to delegate tasks through ABM. Additionally, linking with Azure AD unifies the accounts, which means deactivating an account in one system automatically deactivates it in the other. This will save you time when adding or removing employees from your network.
• Added security measures: Managed Apple IDs can add security measures your employees wouldn’t have on their devices otherwise. Managed IDs will lock out users for fraudulent activity or a certain number of incorrect password attempts. When personal Apple IDs are used for business work, these security measures aren’t in place, leaving your company’s information potentially exposed and at risk. Managed IDs help limit who accesses your company’s data.
• Search for users: Employees can look each other up through ABM using their Apple IDs. The search feature will save your employees time and make collaborating that much easier.

There are numerous reasons to use Managed Apple IDs in various business applications. As you use Managed IDs, you’ll find certain features benefit your specific company more than others. To fully benefit from Managed IDs, immerse your business in the MDM and ABM systems. Try using all the available functions and features to determine what works best for your company and employees.

Frequently Asked Questions

If you’re new to using Apple devices and systems for business purposes, you likely have some questions. To help you and your IT department navigate these device management solutions, consider the answers to other frequently asked questions.

What Is an MDM?

MDM stands for mobile device management. An MDM solution allows you to manage your company’s devices like phones, computers, laptops and tablets more effectively. Mobile device management most often includes restricting applications, collectively pushing updates, sharing applications across company devices, protecting devices from viruses and breaches and other necessary IT functions.

Do You Need an MDM for Apple Business Manager?

While you don’t technically need an MDM to set up Apple Business Manager, ABM was designed to work with an MDM. Without an MDM, you can’t use some of the most important features of ABM. Using ABM separately from MDM solutions makes business operations more difficult and time-consuming. When used together, these two systems automate numerous processes that would otherwise need to be done manually.

If you’re planning to use ABM, you should use it with an MDM solution to get the full benefit from the features and combined capabilities.

How Do You Reset the Password of a Locked Managed ID?

One of the benefits of Managed Apple IDs is that the accounts will lock after too many login attempts. To continue using the account after it’s been locked, the user will contact the IT personnel with privileges to reset passwords — most often, this is the Administrator or People Manager. These individuals can reset the Apple ID passwords.

However, when Managed Apple IDs are locked because of suspected fraudulent activity, an Administrator must contact Apple to get the account unlocked. This is done for the sake of your company’s cybersecurity. After Apple unlocks the account, the Administrator can reset the user’s password.

Manage Your Apple IDs With Pickorchard

Properly managing your company’s Apple devices is crucial to staying efficient and organized. Whether you’re already using iOS systems in your business operations or thinking about adding Apple devices, consider how using an Apple-specific MDM can be beneficial. At Pickorchard, we specialize in Apple devices, so our experts can help you connect members of your team and streamline your device management processes. From configuration to security, we’re here to support your company fully. Our MDM solutions also support Apple’s management tools like ABM so you can manage your devices effectively.

To learn how our customizable MDM solutions can help your business and to request a quote, contact our team today.