enterprise mobility management (EMM) Microsoft Intune

Apple Business Manager

What is Apple Business Manager?

Apple Business Manager (ABM) is an online portal for information technology (IT) administrators who deploy macOS, iOS, iPadOS and tvOS devices in an enterprise or educational setting. The portal is used in connection with a third-party mobile device management (MDM) platform for managing and distributing Apple devices and applications.

Devices must be running the following version of an operating system to work with ABM:

  • IPhone devices: iOS 7 or later.
  • IPad devices: iPadOS 13.1 or later.
  • Mac devices: OS X 10.9 or later.
  • Apple TV devices: tvOS 10.2 or later.

ABM includes functionality previously provided via the separate programs of the Apple Device Enrollment Program (DEP) and the Volume Purchase Program (VPP).

Features of Apple Business Manager

ABM works with MDM platforms to manage and configure Apple devices. Popular features include the following:

  • Managed Apple ID. Employees of an organization must have managed Apple IDs assigned to sign in and manage the various functions of ABM. Administrators can set roles like Administrator, People Manager, Device Manager and Content Manager to Managed Apple IDs to perform the defined tasks. The different roles include different privileged access levels and are location-based, so an account can have one role in a specific location but another from a different location. Accounts can be set to lock after 10 incorrect password attempts or due to suspected fraudulent activity to ensure security.
  • Federated authentication. Managed Apple IDs can automatically be created by integrating ABM with Google Workspace or Microsoft Azure Active Directory (Azure AD). When using federated authentication, users who sign in using their company credentials will have those credentials automatically become their Managed Apple ID. This also means the account lifecycle can be managed via that integration. When the account is removed from the directory in Google Workspace or Azure AD, the account will be removed from ABM.
  • Device enrollment. ABM can deploy Apple devices purchased from Apple or a participating Apple Authorized Reseller. Alternatively, existing Apple devices can be manually added by using Apple Configurator. Once Apple devices are available in ABM, those devices can be automatically enrolled in an organization's connected MDM or EMM platform. Administrators can choose which steps the end users must perform when using Setup Assistant on their devices.
  • Content purchasing. Administrators can use ABM to purchase apps and books in volume for their organization. These digital purchases can then be assigned to specific users, installed and updated over the air. These purchases and distribution can happen even if the administrator has disabled the app store on user devices. Additionally, the administrator can revoke and reassign applications to a different user or device. This enables the organization to keep full ownership and control of purchased apps. When using ABM with an MDM or EMM platform, the deployment mechanisms of the MDM or EMM can distribute those books and apps.

Pros and cons of Apple Business Manager for companies and IT

One of the main benefits of using ABM is integrating it with an MDM or EMM platform, such as Microsoft Intune, IBM MaaS360, VMware Workspace ONE or MobileIron. That enables organizations to buy Apple devices and send them directly to their users without worrying about enrolling them into their MDM or EMM platform. The Setup Assistant will ensure that users can only configure what IT wants them to configure and that the device will automatically start the enrollment process toward the MDM tool. The process ensures that the user doesn't need to configure or associate the device with a personal Apple ID, putting IT in control of its lifecycle.

ABM allows IT to easily perform the following tasks through their MDM or EMM tool:

  • Configure and update device settings.
  • Deploy applications in bulk without needing to touch each device directly.
  • Monitor compliance with policies such as app usage and encryption.
  • Query devices for settings and content.
  • Remotely wipe or lock devices if lost or stolen.

The biggest downside to ABM is that it only supports Apple devices. Therefore, organizations dealing with different platforms, such as Windows and Android, will need to use additional products to receive similar functionalities for those other platforms.

How to enroll with Apple Business Manager

To get started with ABM, IT must first go through the enrollment process for the organization by creating an administrative user and providing information about the organization. The following steps walk through the enrollment process for IT:

  1. Go to https://business.apple.com/ and click Enroll now.
  2. On the Enroll Your Organization page, IT must provide information about the organization, the enrolling administrator and the verification contact and click Continue.
  3. Review the provided information and click Submit.

After completing the initial enrollment steps, the enrollment will be under review. During that stage, an AppleCare agent will research the organization and call the provided verification contact to confirm the provided information. Once the information is verified, IT will receive a confirmation email to create an administrator account and complete the enrollment.

This was last updated in March 2023

Continue Reading About Apple Business Manager

Dig Deeper on Mobile management

Unified Communications