ASM Apple ID's

iVoidWarrantiez
New Contributor III

I am just now starting to deploy mobile devices so forgive me for any lack of basic knowledge.

I am assigning users in my domain a Managed Apple ID so we can manage and regulate purchases and such. But my users have reported not being able to use the AppStore. I read online this is not allowed for Managed Apple ID's. Am I going about this wrong because at this point I don't think I even need to use them as I can do most of everything in Jamf. Wipe, release activation locks etc.

Should I just drop them and use personal ID's? My ORG wants managed for purchases.

Am I going about this incorrectly?

Any advice is welcomed and thanks in advance. Also, JNUC 19 around the corner!!

13 REPLIES 13

cbrewer
Valued Contributor II

The advantages of Managed Apple ID's include 200GB of storage, automation in creating the Apple ID's, federated authentication and disabling services such as FaceTime and iMessage. But you can't use a Managed Apple ID for an App Store purchase so you may have a hard time getting your staff to actually use them.

iVoidWarrantiez
New Contributor III

I have solved my own issue by opening my eyes. /facepalm I setup the apps needed in the Managed Apps and set them in Selfservice. I am going to get a lot of trouble from Staff for it but it is a choice out of my hands. They have no options but to use to Managed ID's. I wish I could stop them from using personal but it will be hard. I can lock them out of accounts but then I can not add the managed ID lol.

sdecook
Contributor

What we try and encourage our staff to do is to sign into their iCloud accounts with their Managed Apple IDs. This way they get the 200gb of storage instead of 5 with a personal. Then we have them sign into the App Store with their personal one if they have one. This way they can download apps if they want/need to. Our prestages have activation lock off so I don't worry about that too much.

mschroder
Valued Contributor

We fell into the same trap, believing we could use Managed AppleID's with VPP. So we gave up on Managed AppleID's.

j_carroll
New Contributor III

You can use MAID's with VPP...

Krbonus
Contributor

Yes, you can VPP buy apps by the content manager in Apps and Books then integrate in MDM (Jamf in this case) and deploy via self service.

cdenesha
Valued Contributor II

You can't assign VPP licenses to the users directly if they have MAIDs, so don't do any app license assigning on the User side of Jamf under 'VPP Assignments'. Instead be sure to use Device Licensing for the Managed App. In the App Configuration click on VPP and check the box for 'Assign VPP Content'.

St0rMl0rD
Contributor III

It's why we'll never go with managed Apple IDs, until Apple allows for app purchases with them.

j_carroll
New Contributor III

Is this because you want individuals to buy their own apps? To me, this is a good thing.

If they want to buy something on a personal level, they can sign into the App Store with a personal Apple ID, while still being signed into their iCloud with their MAID.

On top of this, if you want the organization to buy apps, you can keep control of said apps instead of losing them if the employee leaves for any reason.

mschroder
Valued Contributor

This is because we want to assign VPP apps to users, and not to devices. VPP apps can not be assigned to MAIDs, so for us they are useless.

merps
Contributor III

@mschroder you can assign VPP apps to users if you scope to all computers and use a limitation of LDAP/Local users. Then the app will show up after user is logged in to self service.

mschroder
Valued Contributor

@merps That sounds like an interesting solution. But with the rather high number of devices and users and the rather small number of users that need VPP apps in our environment it appears to be more ecological just to use non-managed Apple IDs. But thanks for the proposal.

maffettb
New Contributor III

You CAN assign VPP apps to MAID users just like you did with personal IDs, the apps you assign to the user show up under the purchased section of the app store and can be downloaded, MAIDS just can't make any sort of purchases...the "get" and price buttons are grayed out but cloud download icon is not.
I tend to stick with device assignments but for myself and techs, I assign apps to our username so we can install an app in a pinch...or in my case for testing devices without needing to scope them in all the time.
I also normally scope MacOS apps to users instead of machines for the time being.