Apple Business Manager
Apple Business Manager (ABM) is a web-based portal for IT administrators to deploy iPhone, iPad, iPod touch, Apple TV, and Mac computers all from one place. Combined with an EMM, an IT administrator can configure and manage an employee device, apps, security settings, and accounts.
It was created by combining the Volume Purchase Program (VPP) and Device Enrollment Program (DEP) portals into a single service. Once an organization switches to ABM, they usually don’t need to manage apps, services, and devices through the DEP and VPP portals.
Silently push MDM solutions like Codeproof with zero-touch enrollment.
Auto-enable supervision in the device.
Make an MDM solution like Codeproof mandatory and prevent the end-user from removing it.
Purchase and deploy of apps and content in bulk.
Codeproof has an EMM partnership with Apple to integrate ABM within its platform. ABM offers the following salient features:
Automate Mobile Device Management (MDM) enrollment and simplify initial device setup. Deploy newly purchased or wiped Mac, iPad, iPhone and Apple TV devices directly to users preconfigured with the desired settings, security controls, apps, and books. This can be done without having to physically touch or prep the devices.
Combined with an MDM, this process can be simplified by removing steps from the Setup Assistant. Assign licenses to employees through their Apple IDs, or to devices through their serial number.
Once the employee activates the device, it as automatically enrolled in the MDM with all apps, books, and settings ready to use.
Bulk app purchase and content deployment
Purchase and deploy apps and books in bulk to devices. Using MDM, the IT administrator can also assign specific books and apps to specific devices and users, update them, even if the App Store is disabled.
Your organization retains full control of the apps and books, so you can revoke and reassign apps to different devices and users. This revocation and assignment of apps can be done in any country where the apps are available in the App Store.
Allow users to use their Microsoft Azure Active Directory (AD) username and passwords as Managed Apple ID’ using Federated Authentication, which links ABM to an instance of Azure AD. They can use their AD credentials to access their assigned iPad, Mac, and iCloud.
Federated Authentication can be used for both user identification and device identification.
Managed Apple IDs
Use Managed Apple ID’s (MAID) to allow employees to access devices, Apple services, and ABM. MAIDs are owned and managed by your organization. An IT administrator can create unique MAIDs in bulk, reset passwords, and assign employees different roes within an organization.
They can either be created manually or through Federated Authentication with Microsoft Azure Active Directory (AD).
Divide and assign app and book licenses for different offices and edit their information using the Locations feature. Assign managers to configure settings for their respective offices, and specify which licenses are available to which location.
The first location is created automatically, but administrators can add more locations and edit their information.
Assign different permission levels to multiple roles within an organization, with user classes like Administrator, Staff, Device Manager, Content Manager, and People Manager.
Every ABM account has one or more roles that permit and limit what the account user can do. For instance, only users with Administrator or People Manager roles can configure Federated Authentication, create, edit, and delete locations and set the default MAID username format.
In conjunction with an MDM, manage and view activity on ABM regardless of where the activity originates. Some activities or status messages can only be viewed by managers and administrators with the correct privileges.
Activities within ABM are organized by activity (actions taken), status (to what degree the activity has been completed or stopped), and date created (when the activity was initiated).
How to setup ABM with Codeproof
ABM is only used to provision company-owned devices. You must first signup with the ABM portal and setup your account at the business.apple website . There is no cost associated with it. Once you have an ABM account, you can purchase devices from Apple and designate them as fully managed devices.
You can then use our EMM integration guide to connect ABM and Codeproof.