Apple Business Manager is a free service from Apple that works together with MDM (Mobile Device Management) solutions to automate device deployment (iPhone, iPad, Mac, and Apple TV), app purchasing, content distribution, and creation. of Managed Apple IDs for employees, among many other things.
That said, there are a series of questions that surely come to mind: “Why do I need an Apple Business Manager?” Does Apple Business Manager do the same as MDM solutions? “Can’t I do the same thing (implement and manage) everything with my current MDM provider, like Jamf?” Let’s look at the answers to these and other questions about Apple Business Manager.
What you can do with Apple Business Manager (ABM)
As we said, Apple Business Manager is a free tool from Apple that works perfectly with most MDM solutions, Jamf among them. The main features of Apple Business Manager are:
- Devices: You will be able to streamline and personalize the configuration process for employees thanks to being able to enroll devices, which will be automatically configured with mobile device management (MDM).
- Content: You can easily purchase apps and books for employees, as well as distribute custom apps within your organization.
- People: You’ll be able to create managed Apple IDs for employees and assign privileges to additional users on your IT team.
Let’s see in more detail what we can do with Apple Business Manager :
- Zero-touch deployment: You can perform automated enrollment of your company’s devices, so you can quickly deploy your company’s Apple devices and enroll them in your MDM solution without having to physically touch or prepare each device.
- Personalized Setup Wizard – Employees will receive the appropriate settings when they first turn on their device, simplifying the setup process for them. For this, you will need an MDM solution like Jamf Pro.
- Purchasing apps and books: You will be able to purchase apps, books, and custom apps in volume, including business apps that are developed in-house.
- App Repurposing: All apps belong to businesses because Apple Business Manager allows businesses to purchase apps in volume. This will allow you to easily reassign them to other employees when you need to.
- Monitoring: You will be able to strengthen control of company devices through monitoring, and having additional device management controls such as non-removable MDM. For this, you will need an MDM solution like Jamf Pro.
- Create Managed Apple IDs: With managed Apple IDs, you can allow employees to collaborate with Apple apps and services, as well as access work data in managed apps that use iCloud Drive.
- Use of a Managed Apple ID and a personal Apple ID: Thanks to user registration for BYOD implementations (use of personal devices), employees will be able to separate their data from their work data by having a Managed Apple ID and a personal Apple ID on the same device.
- Federated authentication: If you need it, you can connect Apple Business Manager with Microsoft Azure Active Directory to create Managed Apple IDs automatically whenever an employee signs in for the first time with their current credentials on an Apple device.
- Delegation of management tasks with functions: You don’t have to do everything yourself! Choose people in your organization to manage devices, apps, and accounts in Apple Business Manager, easily creating profiles with different levels of permissions in Apple Business Manager.
Zero-touch deployment in Apple Business Manager
Zero-touch deployment, also known as automated device enrollment, is only possible by combining Apple Business Manager and an MDM solution like Jamf when deploying enterprise devices. With this zero-touch deployment, the IT team no longer has to unpack, unseal, and configure each device before shipping it to employees. Companies can provide devices to their employees directly, saving a lot of time and resources for the IT department, as well as allowing employees to get their Apple devices 100% new. So all Macs, iPads, iPhones, and Apple TVs are ready to go right out of the box.
How to configure employee devices in Apple Business Manager
We believe that a picture is worth a thousand words:
As you see in the image above, employees only have to turn on their devices and connect to a wireless network; Apple Business Manager and MDM take care of the rest. IT no longer has to manually unpack and configure each device beforehand.
Apple devices have an operating system that communicates with the Apple Business Manager when they are turned on for the first time. As soon as it is turned on and connected to a wireless network, the Apple Business Manager knows if the device belongs to a company and automates the configuration that the IT department has established thanks to MDM. In just 5 minutes, employees can have their work apps, company email, and calendar configured, among other things.
What happens if your company allows employees to use their personal devices to work, in what is known as a BYOD implementation? Apple Business Manager and MDM can also manage it. Employees will be able to enroll their own devices by manually installing the company-provided MDM profile on their devices. This way, employees can add a managed Apple ID to their device for work, while still maintaining their personal Apple ID. In this way, employees’ personal data and work data are stored separately, securely, and privately, as it could not be otherwise when it comes to Apple.
Choose the device restriction level with Apple Business Manager
In the same way that there are different profiles of people in your company, not all employees have the same needs. For example, IT can restrict a device to a single app to use as a kiosk, ideal for an iPad displaying a catalog for example. You can also configure devices in a specific department as shared devices. If there are any system apps that employees should not use, IT can remove them. Finally, employees can also be made to use devices for work and personal tasks with limited restrictions.
How to distribute apps to employees with Apple Business Manager
Apple Business Manager and MDM allow companies to provide their employees with the content they need to work. With Apple Business Manager, businesses can purchase apps and books in volume, and with an MDM solution, you can distribute content to specific devices.
The apps are company property, so if an employee leaves the company, simply reassign the apps to another employee.
Software updates with Apple Business Manager
IT will be able to control how software updates appear on monitored Apple devices with Apple Business Manager and MDM. IT can start or pause software updates for specific apps or the operating system for up to 90 days. So, if your company decides to ensure that employees do not update their devices for a certain period of time, you can pause the updates until later. This level of control is not possible with exclusively MDM implementations.
How to know if a device belongs to the company with Apple Business Manager
Apple Business Manager lets companies know if a device is owned by the company. Devices purchased from an authorized Apple reseller (our future project), such as iDNS Portal Inc., are registered in Apple Business Manager at the time of purchase, thus identifying the device as company property.
When the employee sets up the device, it communicates with Apple Business Manager to verify ownership, which is already built into the operating system. So every new Apple device automatically knows whether to configure it as a personal or business device.
No one except the IT department can change the owner of the device. With Apple Business Manager, businesses no longer need tags, physical locks, or cables to control their devices .
Apple Business Manager can exert more control than if your company has MDM only; When IT needs to prepare devices for another use or upgrade, with Apple Business Manager they can override Activation Lock to make this process easier.
I have lost my company device
Apple Business Manager and MDM allow IT to remotely lock, locate, and wipe data from Apple devices. When a device is lost, business data does not have to remain on it. From Apple Business Manager you can block it and delete all confidential data remotely to protect company information.
Additionally, for supervised iOS and iPadOS devices, IT can enable Lost Mode to view the device’s last known location. And they can also be instantly deleted from a device without having to delete personal data.
Next steps
Let iDNS Portal Inc help with the implementation of Apple Business Manager in your company. Our team of ACN experts will be happy to show you all the benefits that ABM can bring to your company.
