Apple Business Manager is a free service provided by Apple that allows organizations to manage three things: devices, apps, and accounts.
Simply put, if your organization owns Apple devices, you should be using Apple Business Manager (or its education-sector equivalent, Apple School Manager). There’s literally no downside to it. Apple Business manager offers many benefits—some well-known, others less so—and it doesn’t cost a thing.
What Is Apple Business Manager?
First to define what we’re talking about: Apple Business Manager is an all-in-one portal designed to help organizations deploy Apple devices, manage organization-owned Apple IDs, and acquire apps and other content in volume. It coordinates closely with mobile device management solutions to automatically enroll and manage devices. Apple Business Manager is not an MDM solution itself.
To use Apple Business Manager, your organization must first have an account. Applying is simple, and although it can take a couple of days for your application to be approved, it typically happens much faster. It just requires some basic information, including your DUNS number and contact information for someone at your company—not an IT admin, more likely someone higher up—who can vouch for you. Apple will then verify everything and, if it all checks out, confirm your account. (More information on all this can be found in Apple’s Getting Started guide.)
Key Benefits of Apple Business Manager
As we said, Apple Business Manager offers a host of benefits to anyone who's managing a fleet of Apple devices. Here are the ones we think will matter the most to most organizations.
Manage Your Devices: Automated Device Enrollment
Automated Device Enrollment is probably Apple Business Manager’s most prominent feature. Formerly known as the Device Enrollment Program, Automated Device Enrollment in Apple Business Manager allows organizations to streamline deployments: When users get a new device (or one that’s been erased), they are guided to enroll that device in the organization’s MDM solution during Setup Assistant and then it receives its configurations and settings. That means there’s no need for IT to manually configure devices before users receive them; users start them up, and they seem to configure themselves.
Manage Content: Volume Purchase Apps and Books
Apple Business Manager is the only way to buy content from Apple in bulk. Anything you get from the App Store—free or paid—requires an Apple ID, and you can only ever buy one copy of an app or book. But app licenses you obtain through Apple Business Manager do not require the end user to have an Apple ID, and you can buy as many licenses as you need. This feature alone may be reason enough to create an Apple Business Manager account.
Users with the proper role in Apple Business Manager (see below) can acquire apps from the App Store (or Custom Apps from developers) and distribute them to devices with the help of an MDM solution. The organization always maintains full control over the revocation and reassignment of those licenses. You can also manage that content by location.
With Apple Business Manager, you can manage Apple IDs for your users. These are known—plainly enough—as Managed Apple IDs. They allow your organization to integrate Apple services that require Apple IDs with your existing infrastructure and productivity stack, while also maintaining control over the accounts.
Managed Apple IDs can coexist with personal Apple IDs or iCloud accounts on devices. For organizations that use Azure AD or Google Workspace for identity management, you can federate those directories with Apple Business Manager to automatically create Managed Apple IDs for users using their existing credentials.
One common application for Managed Apple IDs: Shared iPad. This feature configures a compatible iPad so that multiple Managed Apple IDs can access it securely. It requires that both the managed ID and the managed device are in the same Apple Business Manager account and must be supported by your MDM solution. Once it’s set up, each account has its own dedicated storage space and access to most iPadOS features. It’s particularly popular with educational organizations, but can also be helpful in the enterprise—in shift-work scenarios, for example.
Managed Apple IDs
End users are not the only ones who can benefit from Managed Apple IDs; IT admins can too. Some IT workflows—including accessing Apple Business Manager itself—require them.
Your admins can access Apple Business Manager using roles assigned to them; this makes it easier for IT managers to control what different admins can do inside the portal. For example, if you give a Managed Apple ID the role of Content Manager, that person can then manage licenses for apps and books in your account, but nothing else. The following roles are available at the time of this writing: Administrator, People Manager, Device Enrollment Manager, Content Manager, and Staff.
That Staff role is perfect for a Managed Apple ID that does not need access to Apple Business Manager, such as the one your organization needs to create an Apple Push Notification services (APNs) certificate. It’s vital to use a Managed Apple ID for whoever is managing APNs: If you use a personal Apple ID for APNs certificates, your organization is then dependent on that one person and their Apple ID password to renew it. (If you did create an APNs certificate with a personal Apple ID, you can contact Apple about changing it to a Managed Apple ID.)
IT teams can also use Managed Apple IDs when submitting feedback to Apple through Feedback Assistant. This way teams at Apple know the feedback is coming from an organization and is not consumer related. Once enrolled, the feedback you submit with your Managed Apple ID is routed to a dedicated queue and prioritized.
Finally, you can access the AppleSeed for IT with a Managed Apple ID. This program is designed for administrators to test, evaluate, and provide feedback on prerelease Apple software. It also provides access to other tools and resources exclusive to the preview program, including a dedicated forum to connect with other program participants.
Without Apple Business Manager, none of that identity management is possible.
Validate Company-Owned Devices
If your device is in Apple Business Manager, it proves to Apple and the world that your organization owns it. That in turn enables device supervision, which unlocks a set of commands, payloads, and restrictions for your MDM solution.
The best way—the “golden path”—for getting devices into your Apple Business Manager account is to purchase them directly from Apple, an Apple Authorized Reseller, or a supported carrier. Purchasing devices through an approved channel means they’re added to your Apple Business Manager account automatically.
If you purchase devices outside of those channels, if they were purchased before your organization was enrolled in Apple Business Manager, or if they were donated, you can still use Apple Configurator to get them into Apple Business Manager. However, there is a 30-day provisional period in which users can remove management and release the device from Apple Business Manager. After that, however, the devices behave as if they’ve always been in Apple Business Manager.
If you did obtain devices from one of those sanctioned channels, but they weren’t automatically added to your Apple Business Manager account, you can ask whoever you bought them from to do so. If for some reason that isn’t possible, you can use Apple Configurator.
For iOS devices, you need to erase them and either use Apple Configurator for Mac or Apple Configurator for iPhone (if they're running iOS 16 or iPadOS 16.1). If you're wiping the device, that’s a perfect time to migrate to a new MDM solution.
For supported Mac computers, you can use Apple Configurator for iPhone. (The computers must have T2 chips or Apple silicon; legacy Intel Mac computers can not be added without the help of the original reseller.)
If your Mac serial number is already in Apple Business Manager and assigned to MDM but not enrolled using Automated Device Enrollment, you can leverage the profiles command to renew the Mac’s enrollment to receive all the benefits of Automated Device Enrollment without wiping it.
While Apple Business Manager doesn't offer the level of reporting found in an MDM solution such as Kandji, it does have a powerful search engine and print-friendly interface. That means you can, for example, use the Devices page to see every single device in your account, including its model, serial number, part number, and storage.
Apple Business Manager supports compliance programs, by allowing you to view and supervise certifications. Apple keeps certifications in compliance with the ISO/IEC 27001 and 27018 standards. It’s also a prerequisite for several MDM features.
Connecting Apple Business Manager to your MDM solution is also a prerequisite for device-based Activation Lock, which makes it harder for bad actors to use or sell a stolen Apple device. That connection also allows you to lock MDM on supervised devices, so those same bad actors can’t remove your control. Finally, it’s required to enable Lost Mode on managed devices, which allows you to track and, if necessary, disable them when they go missing.
The final—and perhaps best—reason for using Apple Business Manager: It doesn’t cost a thing. You get all of the features listed above—and more—for free.
That said, carriers and resellers who use Apple's API to automatically add purchased devices may have incurred some development costs to incorporate that API into their systems. They may, therefore, add a fee for adding devices to Apple Business Manager. This is no longer as common as it once was and it may not be something you want to deal with. If a reseller asks for such a fee today, you can always look for another vendor or use Apple Configurator to add the device to Apple Business Manager yourself.
The Final Word
The one reason we can imagine for not using Apple Business Manager: If your organization is quite international, it might not be available in every country where you do business; it’s currently available in 69 countries.
Otherwise, we recommend Apple Business Manager unreservedly. It is an essential program that every organization managing Apple devices should be using today. It doesn't cost anything, it's easy to use, and it unlocks invaluable functionality for any IT department.
Kandji fully integrates with Apple Business Manager, giving you access to all the benefits above and more. The Kandji team is constantly working on solutions to streamline your workflow and secure all of your Apple devices. With powerful and time-saving features such as zero-touch deployment, one-click compliance templates, and plenty more, Kandji has everything you need to bring your Apple fleet into the modern workplace.