Apple ID on Company-Issued iOS Devices?
-
@kelly said in Apple ID on Company-Issued iOS Devices?:
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
@dustinb3403 said in Apple ID on Company-Issued iOS Devices?:
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
I need to re-work our MDM procedures a bit. How do you deal with Apple IDs on company-issued iOS devices?
You login with one you control on all devices. Never allow a user to use their own personal account.
Is there a special type of account for business/IT? I know they have something for businesses but can't remember what it is called and exactly the capabilities.
You need to get a DEP account set up: https://support.apple.com/business. Then you can get a VPP account as well. DEP is the keystone of all Apple MDM/deployment methodologies.
I may have done that at some point several years ago. I think I needed to do that in order to get the Apple cert for Meraki. I am going to check it out now. Thanks.
-
Looks like I haven't setup DEP before. That is weird. I tried the apple ID account that I use for the annual renewal of the Apple cert for Meraki and it wouldn't let me in with that. It won't let me associate the account with DEP. Stupid Apple.
-
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
Looks like I haven't setup DEP before. That is weird. I tried the apple ID account that I use for the annual renewal of the Apple cert for Meraki and it wouldn't let me in with that. It won't let me associate the account with DEP. Stupid Apple.
Yeah, Apple is the least cooperative major services/systems provider.
-
LMAO - No Firefox support-
-
After all that, it says that I can't login unless I add my business. When adding the business they need my DUNS number. FFS, Apple!
-
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
After all that, it says that I can't login unless I add my business. When adding the business they need my DUNS number. FFS, Apple!
On the plus side once you get all that done you can call the local Apple store and ask to talk to their business division to get a business account set up. This will get you access to better pricing for their products and they'll automatically be added to your DEP account.
-
Now it may take up to 5 days! I just want to deploy devices. :loudly_crying_face: :face_with_open_mouth_cold_sweat:
-
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
@dustinb3403 said in Apple ID on Company-Issued iOS Devices?:
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
I need to re-work our MDM procedures a bit. How do you deal with Apple IDs on company-issued iOS devices?
You login with one you control on all devices. Never allow a user to use their own personal account.
Is there a special type of account for business/IT? I know they have something for businesses but can't remember what it is called and exactly the capabilities.
Not one that matters in most cases. I've had accounts with over 300 devices attached to it.
-
@dustinb3403 said in Apple ID on Company-Issued iOS Devices?:
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
@dustinb3403 said in Apple ID on Company-Issued iOS Devices?:
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
I need to re-work our MDM procedures a bit. How do you deal with Apple IDs on company-issued iOS devices?
You login with one you control on all devices. Never allow a user to use their own personal account.
Is there a special type of account for business/IT? I know they have something for businesses but can't remember what it is called and exactly the capabilities.
Not one that matters in most cases. I've had accounts with over 300 devices attached to it.
DEP with an MDM that knows how Apple does things will make your life much easier than just using a generic Apple ID with nothing else. The generic Apple ID is much easier to get going though.
-
We dont have DEP officially in our country yet as the providers havent set the contrsct with apple.
Tried with a single id to register all devices but hit with a limit (devices were not activating after few devices got registered)
As of now, what we've done is to let users create apple accounts with their company mail id and register the device (IT walks them through the process to ensure that they register with their company mail account). When the users leave,we ask them to reset the password to a temp pass that we give, so that we can wipe the device and reuse. MS intune is the MDM solution used. In talks with apple to get DEP dorectly without telephone providers involvement.
-
It took me 6 months to setup DEP and VPP. It was a pain. So many hoops to jump through. With DEP, you do not have to worry about having one master AppleID. Users can use their own. The whole point of DEP is to supervise devices better so you can clear that damn activation lock.
-
@mattbagan said in Apple ID on Company-Issued iOS Devices?:
It took me 6 months to setup DEP and VPP. It was a pain. So many hoops to jump through. With DEP, you do not have to worry about having one master AppleID. Users can use their own. The whole point of DEP is to supervise devices better so you can clear that damn activation lock.
That is one of the main concerns here. I have had to contact former employees to login to icloud and remove the device from their account.
-
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
@mattbagan said in Apple ID on Company-Issued iOS Devices?:
It took me 6 months to setup DEP and VPP. It was a pain. So many hoops to jump through. With DEP, you do not have to worry about having one master AppleID. Users can use their own. The whole point of DEP is to supervise devices better so you can clear that damn activation lock.
That is one of the main concerns here. I have had to contact former employees to login to icloud and remove the device from their account.
DEP takes care of all of that. Its great. Its a pain to enroll older devices though. In order to enroll those, the seller would need to be an authorized reseller. So if you bought devices off of say Amazon you are more then likely out of luck.
-
@mattbagan - Thanks for the heads-up. That is weird.
Ours come almost exclusively from AT&T and Apple. We are a consumer electronics manufacturer, so we also have a collection of iPhones that are used for testing but never deployed for production use with our IT systems; we get those from a variety of sources.
-
@wrx7m If you have an account rep at AT&T, you can ask them to find out for you. I can buy from an Apple store and there business portal.
-
@wrx7m said in Apple ID on Company-Issued iOS Devices?:
@mattbagan - Thanks for the heads-up. That is weird.
Ours come almost exclusively from AT&T and Apple. We are a consumer electronics manufacturer, so we also have a collection of iPhones that are used for testing but never deployed for production use with our IT systems; we get those from a variety of sources.
Most of the larger VARs will be able to register to your DEP account.
-
Just got off the phone with Apple for the verification and got signed in. For some reason, I was not able to use the email address that I had signed up with as the login email, so I had to create a new alias for it. Dumb.
-
@mattbagan said in Apple ID on Company-Issued iOS Devices?:
It took me 6 months to setup DEP and VPP. It was a pain. So many hoops to jump through. With DEP, you do not have to worry about having one master AppleID. Users can use their own. The whole point of DEP is to supervise devices better so you can clear that damn activation lock.
With Jamf we did it in about 2 hours.
-
@bbigford said in Apple ID on Company-Issued iOS Devices?:
@mattbagan said in Apple ID on Company-Issued iOS Devices?:
It took me 6 months to setup DEP and VPP. It was a pain. So many hoops to jump through. With DEP, you do not have to worry about having one master AppleID. Users can use their own. The whole point of DEP is to supervise devices better so you can clear that damn activation lock.
With Jamf we did it in about 2 hours.
Jamf is expensive, but it makes life so much easier once you have it set up.
-
@kelly - Yeah. I think Jamf have a 25-device minimum. I was looking at it for the 6 Macs we had. I don't know if it makes sense to do the iPhones MDM on it, since we also have Android devices that I need to manage. Hmm