I am just now starting to deploy mobile devices so forgive me for any lack of basic knowledge.
I am assigning users in my domain a Managed Apple ID so we can manage and regulate purchases and such. But my users have reported not being able to use the AppStore. I read online this is not allowed for Managed Apple ID's. Am I going about this wrong because at this point I don't think I even need to use them as I can do most of everything in Jamf. Wipe, release activation locks etc.
Should I just drop them and use personal ID's? My ORG wants managed for purchases.
Am I going about this incorrectly?
Any advice is welcomed and thanks in advance. Also, JNUC 19 around the corner!!
The advantages of Managed Apple ID's include 200GB of storage, automation in creating the Apple ID's, federated authentication and disabling services such as FaceTime and iMessage. But you can't use a Managed Apple ID for an App Store purchase so you may have a hard time getting your staff to actually use them.
I have solved my own issue by opening my eyes. /facepalm I setup the apps needed in the Managed Apps and set them in Selfservice. I am going to get a lot of trouble from Staff for it but it is a choice out of my hands. They have no options but to use to Managed ID's. I wish I could stop them from using personal but it will be hard. I can lock them out of accounts but then I can not add the managed ID lol.
What we try and encourage our staff to do is to sign into their iCloud accounts with their Managed Apple IDs. This way they get the 200gb of storage instead of 5 with a personal. Then we have them sign into the App Store with their personal one if they have one. This way they can download apps if they want/need to. Our prestages have activation lock off so I don't worry about that too much.
You can't assign VPP licenses to the users directly if they have MAIDs, so don't do any app license assigning on the User side of Jamf under 'VPP Assignments'. Instead be sure to use Device Licensing for the Managed App. In the App Configuration click on VPP and check the box for 'Assign VPP Content'.
Is this because you want individuals to buy their own apps? To me, this is a good thing.
If they want to buy something on a personal level, they can sign into the App Store with a personal Apple ID, while still being signed into their iCloud with their MAID.
On top of this, if you want the organization to buy apps, you can keep control of said apps instead of losing them if the employee leaves for any reason.
You CAN assign VPP apps to MAID users just like you did with personal IDs, the apps you assign to the user show up under the purchased section of the app store and can be downloaded, MAIDS just can't make any sort of purchases...the "get" and price buttons are grayed out but cloud download icon is not.
I tend to stick with device assignments but for myself and techs, I assign apps to our username so we can install an app in a pinch...or in my case for testing devices without needing to scope them in all the time.
I also normally scope MacOS apps to users instead of machines for the time being.