Open in app

Sign in

Write

Sign in

Apple Business Manager — ABM

Manish Pathak
7 min readAug 10, 2023

--

Problem: Suppose an organization has n number of Apple devices like iPhone, iPad , MAC, etc and in the future, it’ll increase. How to track each of them? do we have any kind of service or tool to do it?

Apple introduce the Apple Business Manager in 2018 to solve this problem.

What is ABM?

Apple Business Manager is a free service provided by Apple that allows organizations to manage three things: devices, apps, and accounts.

In Simple words, Apple Business Manager is an all-in-one portal designed to help organizations deploy Apple devices, manage organization-owned Apple IDs, and acquire apps and other content in volume. It coordinates closely with mobile device management solutions to automatically enroll and manage devices.

When ABM?

In case of a large number of devices, you can simply choose the ABM.

you should avoid using ABM for MDM enrollment if you have a small number of Apple devices to manage, or prefer to enroll them manually or individually by using an app like Apple Configurator. Additionally, if you want more flexibility or control over device management, or have devices that are not purchased from Apple or authorized resellers, ABM might not be suitable.

Are ABM and MDM the same?

No, The Apple Business Manager is not a replacement for an MDM. It has to work with your MDM servers to deploy configuration and policy on your business-owned devices.

What are the charges for using ABM?

ABM is a free tool that functions as a database of your Apple purchases. It not only keeps track of devices but also your App Store Apps and Apple IDs. Because of this, you can deploy apps to any Apple device without the need for an Apple ID or by having a Managed Apple ID on these devices (a standard Apple ID works as well).

What is the main advantage of using ABM?

ABM allows IT to easily perform the following tasks through their MDM tool:

  • Configure and update device settings.
  • Deploy applications in bulk without needing to touch each device directly.
  • Monitor compliance with policies such as app usage and encryption.
  • Query devices for settings and content.
  • Remotely wipe or lock devices if lost or stolen.

1. Manage Your Devices: Automated Device Enrollment

ADE (Automated Device Enrollment) is the Apple Business Manager’s most prominent feature.

When users get a new device (or one that’s been erased), they are guided to enroll that device in the organization’s MDM solution during Setup Assistant and then it receives its configurations and settings. That means there’s no need for IT to manually configure devices before users receive them; users start them up, and they seem to configure themselves.

2. Manage Content: Volume Purchase Apps and Books

Anything you get from the App Store — free or paid — requires an Apple ID, and you can only ever buy one copy of an app or book. But app licenses you obtain through Apple Business Manager do not require the end user to have an Apple ID, and you can buy as many licenses as you need. This feature alone may be reason enough to create an Apple Business Manager account.

Apple Business Manager is the only way to buy content from Apple in bulk.

Users with the proper role in Apple Business Manager (see below) can acquire apps from the App Store (or Custom Apps from developers) and distribute them to devices with the help of an MDM solution. The organization always maintains full control over the revocation and reassignment of those licenses. You can also manage that content by location.

3. Managing Users

With Apple Business Manager, you can manage Apple IDs for your users. These are known — plainly enough — as Managed Apple IDs. They allow your organization to integrate Apple services that require Apple IDs with your existing infrastructure and productivity stack, while also maintaining control over the accounts.

Managed Apple IDs can coexist with personal Apple IDs or iCloud accounts on devices. For organizations that use Azure AD or Google Workspace for identity management, you can federate those directories with Apple Business Manager to automatically create Managed Apple IDs for users using their existing credentials.

4. Managed Apple IDs

End users are not the only ones who can benefit from Managed Apple IDs; IT admins can too. Some IT workflows — including accessing Apple Business Manager itself — require them.

The following roles are available at the time of this writing —

  • Administrator, People Manager, Device Enrollment Manager, Content Manager, and Staff.

For example — Suppose your organization needs to create an Apple Push Notification Services (APNs) certificate. If you use a personal Apple ID for APNs certificates, your organization is then dependent on that one person and their Apple ID password to renew it. (If you did create an APNs certificate with a personal Apple ID, you can contact Apple about changing it to a Managed Apple ID.) That Staff role is perfect for a Managed Apple ID that does not need access to Apple Business Manager, such as the above one.

It’s vital to use a Managed Apple ID for whoever is managing APNs

Your admins can access Apple Business Manager using roles assigned to them. this makes it easier for IT managers to control what different admins can do inside the portal. For example, if you give a Managed Apple ID the role of Content Manager, that person can then manage licenses for apps and books in your account, but nothing else.

Without Apple Business Manager, none of that identity management is possible.

6. Validate Company-Owned Devices

If your device is in ABM, it proves to Apple and the world that your organization owns it. That in turn enables device supervision, which unlocks a set of commands, payloads, and restrictions for your MDM solution.

The best way — the “golden path” — for getting devices into your Apple Business Manager account is to purchase them directly from Apple, an Apple Authorized Reseller, or a supported carrier. Purchasing devices through an approved channel means they’re added to your Apple Business Manager account automatically.

If you purchase devices outside of those channels, if they were purchased before your organization was enrolled in Apple Business Manager, or if they were donated, you can still use Apple Configurator to get them into Apple Business Manager. However, there is a 30-day provisional period in which users can remove management and release the device from Apple Business Manager. After that, however, the devices behave as if they’ve always been in Apple Business Manager.

If you did obtain devices from one of those sanctioned channels, but they weren’t automatically added to your Apple Business Manager account, you can ask whoever you bought them from to do so. If for some reason that isn’t possible, you can use Apple Configurator.

How do I register my organization with ABM?

You can sign your organization up for Apple Business Manager by clicking on Enroll now on the Apple Business Manager portal. You will need to provide details about your business, including an email associated with the organization and a verification contact. These details will be verified by Apple, after which your organization will be granted access to the Apple Business Manager portal.

Can devices not purchased from Apple or an authorized reseller be added to ABM?

Yes, these devices can be added to Apple Business Manager by using Apple Configurator. Devices enrolled this way will initially appear on Apple Configurator, but when these devices are assigned to users, they will appear on the Apple Business Manager portal under Managed Devices.

Can personal devices be enrolled through ABM?

Personal devices cannot be enrolled via Apple Business Manager, however personally-owned devices brought under the BYOD policy can be enrolled using other methods like mailing enrollment invites, scanning a QR code, and user self-enrollment, which gives admins a limited amount of control over these employee-owned devices.

Best way to utilize the ABM?

What are the steps to implement the ABM in the company ?

What VPP ?

What is MDM enrollment?

MDM enrollment is the process of registering a device with an MDM server, which allows you to remotely manage its settings, policies, and security.

MDM enrollment can be done manually, by entering a URL or scanning a QR code on the device, or automatically, by using a device enrollment program (DEP) that links the device to your MDM server at the point of activation. ABM is one of the DEP options that Apple offers, along with Apple School Manager (ASM) for education institutions.

Why use ABM for MDM enrollment?

If you have a large number of devices to manage or wish to simplify the user experience and reduce IT support.

For example,

1- You can enroll devices in bulk using serial numbers or order numbers from Apple or authorized resellers.

2- You can avoid the initial setup steps on the devices and go straight to the MDM configuration.

3- You can make enrollment mandatory and non-removable to prevent users from unenrolling their devices from MDM.

4- You can assign devices to users based on their roles, groups, or locations and automatically apply the appropriate settings and restrictions.

5- You can purchase and distribute apps and books from the App Store and Apple Books in volume, revoke them as needed, and reassign them without requiring users to have Apple IDs.

Any challenges in using ABM for MDM enrollment?

You can only enroll devices purchased directly from Apple or authorized resellers that are compatible with DEP. Older or second-hand devices may not be eligible for ABM enrollment.

IOS
Mdm Solution
Apple
Vpp

--

--

Manish Pathak

Written by Manish Pathak

17 Followers

A dreamer, lover and Android/iOS developer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams