Posted on 11-05-2019 02:20 PM
I am just now starting to deploy mobile devices so forgive me for any lack of basic knowledge.
I am assigning users in my domain a Managed Apple ID so we can manage and regulate purchases and such. But my users have reported not being able to use the AppStore. I read online this is not allowed for Managed Apple ID's. Am I going about this wrong because at this point I don't think I even need to use them as I can do most of everything in Jamf. Wipe, release activation locks etc.
Should I just drop them and use personal ID's? My ORG wants managed for purchases.
Am I going about this incorrectly?
Any advice is welcomed and thanks in advance. Also, JNUC 19 around the corner!!
Posted on 11-05-2019 03:33 PM
The advantages of Managed Apple ID's include 200GB of storage, automation in creating the Apple ID's, federated authentication and disabling services such as FaceTime and iMessage. But you can't use a Managed Apple ID for an App Store purchase so you may have a hard time getting your staff to actually use them.
Posted on 11-05-2019 06:54 PM
I have solved my own issue by opening my eyes. /facepalm I setup the apps needed in the Managed Apps and set them in Selfservice. I am going to get a lot of trouble from Staff for it but it is a choice out of my hands. They have no options but to use to Managed ID's. I wish I could stop them from using personal but it will be hard. I can lock them out of accounts but then I can not add the managed ID lol.
Posted on 11-06-2019 04:27 AM
What we try and encourage our staff to do is to sign into their iCloud accounts with their Managed Apple IDs. This way they get the 200gb of storage instead of 5 with a personal. Then we have them sign into the App Store with their personal one if they have one. This way they can download apps if they want/need to. Our prestages have activation lock off so I don't worry about that too much.
Posted on 09-26-2024 12:28 PM
How did you get 200 GB Storage on managed apple ID, because we only have 5 GB on managed apple ID and cant upgrade either. Are you referring to Apple Business Manager or Business essentials?
Posted on 09-26-2024 12:36 PM
There is a slight difference between the Apple School Manager and Apple Business Manager. Apple School Manager is used mainly for K-12 or higher ed institutions and does offer that extended 200gb at no additional cost. It looks like to get more storage using the Apple Business Manager side of things you will need to look into the Business Essentials as you suggested.
Posted on 11-06-2019 04:45 AM
We fell into the same trap, believing we could use Managed AppleID's with VPP. So we gave up on Managed AppleID's.
Posted on 11-06-2019 05:32 AM
You can use MAID's with VPP...
Posted on 11-06-2019 06:29 AM
Yes, you can VPP buy apps by the content manager in Apps and Books then integrate in MDM (Jamf in this case) and deploy via self service.
Posted on 11-06-2019 07:34 AM
You can't assign VPP licenses to the users directly if they have MAIDs, so don't do any app license assigning on the User side of Jamf under 'VPP Assignments'. Instead be sure to use Device Licensing for the Managed App. In the App Configuration click on VPP and check the box for 'Assign VPP Content'.
Posted on 11-11-2019 04:35 AM
It's why we'll never go with managed Apple IDs, until Apple allows for app purchases with them.
Posted on 11-11-2019 05:40 AM
Is this because you want individuals to buy their own apps? To me, this is a good thing.
If they want to buy something on a personal level, they can sign into the App Store with a personal Apple ID, while still being signed into their iCloud with their MAID.
On top of this, if you want the organization to buy apps, you can keep control of said apps instead of losing them if the employee leaves for any reason.
Posted on 11-11-2019 07:04 AM
This is because we want to assign VPP apps to users, and not to devices. VPP apps can not be assigned to MAIDs, so for us they are useless.
Posted on 11-11-2019 07:11 AM
@mschroder you can assign VPP apps to users if you scope to all computers and use a limitation of LDAP/Local users. Then the app will show up after user is logged in to self service.
Posted on 11-11-2019 09:45 AM
@merps That sounds like an interesting solution. But with the rather high number of devices and users and the rather small number of users that need VPP apps in our environment it appears to be more ecological just to use non-managed Apple IDs. But thanks for the proposal.
Posted on 11-11-2019 10:37 AM
You CAN assign VPP apps to MAID users just like you did with personal IDs, the apps you assign to the user show up under the purchased section of the app store and can be downloaded, MAIDS just can't make any sort of purchases...the "get" and price buttons are grayed out but cloud download icon is not.
I tend to stick with device assignments but for myself and techs, I assign apps to our username so we can install an app in a pinch...or in my case for testing devices without needing to scope them in all the time.
I also normally scope MacOS apps to users instead of machines for the time being.
Posted on 09-26-2024 01:23 PM
Thank you @maffettb - you are right you can assign apps and ebooks to MAIDs.
I believe I was mixing up the switch to Device Licensing and how I was scoping everything to devices and not users. I literally changed my whole App Catalog over..