So, noob question,
Is there any way to manage properly the users' icloud accounts ?
Since they need to get app from the store, we have to create them an account with their professional mail address.
This is a big problem of management since users are too dumb to remember their password, and we lose way to much time helping them recover it, and creating those accounts.
Is there any way to manage these accounts like, being able to create them more easily/automatically, reset passords and stuff.
Or simply is there anyway to deploy store apps without an account ?
2021/04/12 : Ok Little update here...
I finally setup VPP account and started deploying apps with it. Very Handy. No Account Needed. Much Wow.
Though, my CIO, still wants us to force the users to create a iCloud account, using their professional mail address.
Here's the tricky part:
- We want to allow them to use "iCloud services". Every user as a macbook pro and an iphone. And there's a lot of perks, note/photo syncing, scanning with your phone directly from the mac, easy hotspot connection, calls on the mac etc...
- Though, every one is pretty agreeing on the fact that we don't want private company stuff on apple's server. So we tell users not to use iCloud to sync files and documents. But considering this we should also prevent photos and notes, even if handy. So this is the first problem.
- Since we want to prevent any "data leak" or whatever, we force them to use their professional address to create the account and not use their own personal accounts. I mean, ok but it won't prevent data leak. Though it's seems relevant that professional devices are only linked to 'professional icloud accounts' in order to prevent personnal stuff to clutter the devices.
- The other purpose of using professional addresses, is that once the user leaves, we can lock is mailbox, thus preventing the user from....changing his icloud password ? Yes yes, that all we can do to "desactivate the icloud account". I guess we have to use his mail to reset the password and then, delete the account, if this is even possible ? And if we're not asked for a device password in the process. FFS, only thinking about this makes me cringe.
So far, my guess is that, iCloud is solely made for a personal use. I didn't find anyway to manage them whatsoever. So whatever the device is destined to do or be, if the admin allows an iCloud account to be mounted then the user is free to use it as personally as professionally. Am I Correct ?
Since this is my point of view, I was planning to say "We're not responsible for iCloud accounts, if you're too dumb to reset your password. Call apple support." Because OHMYGOD I hate dealing with this s*.
But no lol. Our CIO insisted on the fact that we have to create the account with the pro address blablabla, -everything I mentioned up there-
So yeah all this juste to ask, am I correct ? Or is it possible to manage the accounts in any way ?
Yes you can. The self service app will allow you to push and pull apps as long as you have a vpp account setup. VPP gives you the ability to manage licenses of apps. You can set this up which is called manage distribution. This will allow you to make those apps available in self service or you have the option to force install apps. This is however only available for devices on-site unless you have your mdm external facing which will allow you to do the same to devices off-site. Hopefully this helps with your question. Sorry it's centuries late, but I came across this while trying to setup manage apple id's for apple classroom.
If you are enrolled in Apple Business Manager (or Apple School Manager), you can create "Managed AppleIDs" that your users can use and you have some control over. But, they will not work for downloading Apps from the App store. I would highly encourage you to get setup with Apps & Books (formally VPP) in Apple Business Manager and use that to distribute Apps to your users.
Have you looked at using Managed AppleIDs? Managed AppleIDs
Unfortunately, they are very limited as compared to personal AppleIDs. But, i think your comment at the end is appropriate. Apple built AppleIDs for personal use. They have recently started making them applicable to businesses, but they are not very manageable. (Basically, set them up, reset passwords, and very restrictive.) Hopefully Apple will continue to add to this feature.