For any organization that relies on Apple devices, understanding how to use a Managed Apple ID for business is essential. As of macOS Catalina 10.15 and iOS 13, Apple has broadened the usability of Managed Apple IDs and made enrollment practices more supportive of “bring your own device” (BYOD) policies.
As we’ll cover throughout this guide, Managed Apple IDs aren’t just for Apple Business Manager admins anymore. Now, they can be assigned to any employee who uses an Apple device for business purposes.
In this guide, we’ll explain how using a Managed Apple ID for business is achieved and what advantages it gives administrators and employees. These are the four topics we’ll focus on:
- What are Managed Apple IDs?
- How are they used?
- How are they created?
- How are they edited?
Let’s start with an overview of what Managed Apple IDs are before discussing how they function within Apple Business Manager.
What is a Managed Apple ID?
In brief, Managed Apple IDs can now be assigned to any employee who uses an Apple device for business purposes. Administrators use Managed Apple IDs in Apple Business Manager to do things like:
- Manage and enroll devices in an MDM via Apple Business Manager.
- Assign App licenses to employees.
- Manage roles and privileges of Apple Business Manager users.
Managed Apple IDs are also at the heart of Apple’s new User Enrollment feature, which makes BYOD (bring your own device) practices possible while keeping your employees’ personal and work data separate.
We’ll provide a more in-depth discussion about what Managed Apple IDs are and how they can be used for business over the next few sections, but first, let’s contrast Managed Apple IDs with personal Apple IDs.
Managed Apple IDs vs. Apple IDs
As we mentioned earlier, new Apple updates have changed the way Managed Apple IDs can be used. Before these updates, Managed Apple IDs were only assigned to people who used Apple Business Manager to do things like buy apps in bulk or manage devices. Meanwhile, employees had to use their personal Apple IDs on any devices that they used for work.
This caused a few problems. Using personal IDs in a business setting makes it difficult for IT administrators to manage company devices, licenses, and data. While Managed Apple IDs are often created in large quantities and managed by someone with administrative privileges to Apple Business Manager, personal Apple IDs are created by individuals and are intended for personal use.
The new Apple updates have addressed this. Now, Managed Apple IDs can be assigned to any employee who uses an Apple device for business purposes – not just those who use Apple Business Manager.
A Brief Overview of Apple Business Manager
You can think of Apple Business Manager as a portal that lets IT administrators do things like create a Managed Apple ID, manage devices, assign licensed Apps and Books, and delegate admin privileges. In short, it makes managing a fleet of Apple devices simpler by keeping everything in one place.
That said, it’s important to note that Apple Business Manager is not an MDM solution, like Kandji. It works with your MDM of choice, but it doesn’t replace it.
Once Apple devices are associated with Apple Business Manager, you can interact with them using your third-party MDM. For an in-depth look at MDMs and other management solutions, you can read our guide to MDM, EMM, and UEM.
How to Use a Managed Apple ID for Business
Managed Apple IDs can be created from Apple Business Manager and assigned to any employee who uses an Apple device for work. Now that Apple lets all employees use these IDs, IT administrators don’t have to assign App and Book licenses to personal Apple IDs anymore – they can simply send them to an employee’s Managed Apple ID.
Having employees use a Managed Apple ID for business gives IT administrators more control over employee accounts. This makes it easier to access and edit account information, such as usernames, ID numbers, and passwords, as well as add or deactivate accounts.
Apple’s User Enrollment feature also heavily depends on Managed Apple IDs. As we mentioned earlier, User Enrollment was released to support BYOD practices while protecting employee privacy. This is accomplished by separating data, which gives IT administrators limited control over personal data stored on User Enrolled devices. Meanwhile, company data is stored separately and can be automatically wiped without affecting the personal data on the same device.
Now that we have a working definition of what Managed Apple IDs are and how they are used in a business setting, we can learn how to create them.
How to Create a Managed Apple ID for Business
Before creating a Managed Apple ID, it’s important to understand the ID structure that Apple recommends using.
What Should a Managed Apple ID for Business Look Like?
Apple recommends using a specific structure while creating a Managed Apple ID for business. Following these steps will help organizations avoid confusion and communication conflicts.
The structure consists of the following parts:
- Username: This refers to everything before the “@” sign. It will typically be some variation of the employee’s name.
- For example, johnsmith@
- For example, johnsmith@appleid
- For example, firstname.lastname@example.org
How to Create a Managed Apple ID
Keeping this structure in mind, you can create a Managed Apple ID by following these steps:
- Open Apple Business Manager and click “Settings,” located at the bottom of the sidebar.
- Once you’re on the settings page, click Managed Apple IDs. It should appear right below Organization Settings.
- Domain: This refers to everything to the right of the “@appleid” component. By default, Apple Business manager makes this your organization’s business domain. If your organization uses a different domain for email, then an IT administrator can change it to the proper email domain.
- “appleid”: This adds “appleid” before the domain name. Doing this can prevent potential communication conflicts if the same username and domain appear in other addresses.
As of macOS 10.15 and iOS 13, administrators have more freedom over how they create and assign Managed Apple IDs. Though these IDs can be created manually through Apple Business Manager, administrators can also link Apple Business Manager accounts to Azure Active Directory (Azure AD). This allows Managed Apple IDs to be automatically created for the identities that already appear in Azure AD.
Managed Apple IDs can also be created from existing email addresses. For this to work, each employee must have an email address that they have not used in the Device Enrollment Program, the Volume Purchase Program, or any personal iTunes or iCloud accounts.
It’s important to note that this method requires employees to remember two passwords: one for their original email address and the other for their Managed Apple ID.
How to Edit a Managed Apple ID
Changes in an organization might require updating an existing Managed Apple ID structure. For instance, if an organization changes its domain, this information will have to be revised for the Managed Apple ID to continue functioning. Editing the ID may also be required if a user needs to update his or her username.
In either case, an IT administrator with “create, edit, and delete” privileges on Apple Business Manager can edit the structure of all new and existing Managed Apple IDs with the following method:
- Open Apple Business Manager and click on “Accounts” in the sidebar.
- Use the “Search Accounts” field to identify and select the accounts to be edited.
- Change the username structure of the selected Managed Apple IDs.
- Change the domain name structure.
It’s important to note that users will not receive any notification if their Managed Apple IDs are changed, so you will have to let them know. They can use their existing passwords to log into their accounts associated with the updated Apple ID.
Using Apple Business Manager and a Managed Apple ID for business is a great way to implement a BYOD policy via User Enrollment and to keep tabs on employee account information and App and Book licensing. That said, it’s important to remember that Apple Business Manager is just a starting point – it’s designed to complement an MDM solution, like Kandji.
From deployment to retirement, Kandji keeps your Apple devices safe and secure with a suite of features such as pre-built security settings, zero-touch deployment, one-click compliance, and much more. Start managing your devices like your business depends on it.