Apple Devices in Your Workplace
Are you using Apple devices in your organisation? Statistically, 15%, or 1.5 in ten of your employees is using an Apple device. The question is, are your employees using their personal APPLE ID on the device you have supplied them?
First and foremost, if the device is owned by the organisation, ensure that the organisation has complete control of the device. Employee devices present their own problems and how these are handled will depend on your specific Bring Your Own Device (BYOD) policy. The focus of this article is on what an organisation needs to do with the Apple assets they own.
All control revolves around an APPLE ID with Apple devices. We see many organisations provide employees with Apple devices and then let them use their own personal APPLE ID on the device. This is a problem if the devie is owned by the organisation. While the APPLE ID can be wiped, this can take some effort depending on the device. The other problems associated with allowing users to use their own APPLE ID is a lack of control and uniformity.
Apple Business Manager
Apple Business Manager (ABM) is free Apple portal that enables organisations to simplify and automate the bulk management and deployment of organisation-owned Apple devices. User accounts are created in here and the user account is owned and controlled by the organisation. IT is important to note that In Apple Business Manager, Managed Apple IDs are owned and managed by the organisation — including password resets and role-based administration.
Once the Apple device is activated and associated with the APPLE ID created in ABM, there is quite a bit that can be done either to a specific Apple device or all devices accross the entire organisation. This article explains what we consider to be the most important.
Mobile Device Managment
Mobile Device Managment (MDM) allows an IT administrator or department manage all mobile devices. MDM is a managment platform, specifically for mobile devices. The most import thing about using a Managed APPLE ID’s through ABM is the devices can never go unmanaged from MDM at any point, even if the device is factory reset.
Arguably the best thing about having your devices using managed APPLE ID’s and enrolled in MDM is the ability to mass deploy or remove applications or change specific settings. Having to do this manually to unmanaged devices would be very time consuming and in larger organisations, perhaps impossible. With MDM its quick easy and consistent.
Apple and Microsoft
If you are an organisation that uses Apple Devices and Microsoft 365 there is more good news. Your managed Apple ID’s can be integrated with your Microsoft 365 account. This is called Federated authentication and what it does is it links your Apple Business Manager with your Azure active directory.
Once federated authentication is enabled and configured, users only have the one username and password to use and remember for Microsoft 365 and your APPLE ID. Your organisation manages this user and their Apple devices with the one account.
As previosuly mentioned, ABM is free. You’ll need to provide information about your business, including your D-U-N-S number and an email address that hasn’t been used as an Apple ID for any Apple service or website. This you should be able to do yourself.
You may or may not have a MDM solution in place. These can be purchased if you are large enough to warrant purchasing one. Alternitivley a Managed Service Provider like us can provide you with what you need for a very small cost. Typically the cost is aroud $3 – $5 per device per month. This is considerably cheaper than buying a platform to do it yourself unless you have thousands of devices.
A Managed Service Provider can also assit with federated authentication. This is not something we would recommend for anyone without the necessary skills. You can try it out as there is pelnty of information on the Internet about it. Worst case it wont work and you can always contact us.