Possible to restrict Apple ID use?

dgadd
New Contributor II

I apologize as I am very new to the area of MDM.

We are deploying iPads and iPhones to our employees, but while setting up the config profiles, I can't find a way to restrict which apple ID's are used. When checking the settings menu, I would like to remove or deactivate the ability to sign into icloud because these are for business use. Is there a way to make this happen or is there a way to force it to only accept managed AppleID's?

Thank you in advance!

15 REPLIES 15

talkingmoose
Moderator
Moderator

@dgadd, have a look in Jamf Pro under Devices > Configuration Profiles > New button > Restrictions payload > iOS tab > Functionality tab > Allow modifying account settings (supervised only). This prevents adding/modifying most any account you can associate to an iOS device including iCloud, email, calendar, contacts, etc.

You'll also find more granular iCloud options here. What specifically do you hope to block by managing sign-ins to iCloud?

dgadd
New Contributor II

Thanks for the response! That option seemed like it made the most sense, but I wan't sure what it would encompass.

Realistically, I want to be sure that employee don't have the ability to personalize them, or use them as personal devices. I have to make sure they cannot access the app store and download apps, that is a big issue we have run into in the past.

zamo
New Contributor III

If a account is logged in on the device they will lost the ability to remove it when you set this restriction. It will also affect the password & accounts settings.

dgadd
New Contributor II

@zamo We use the passwords and accounts settings when setting up the exchange mailbox. Would this disable the mailbox from bringing in user data?

zamo
New Contributor III

No. When it's set up everthing works as expected but you were enable to do any changes to these accounts on the device itself. If you set up exchange accounts with a configuration profile you can do any changes whether the account restriction is set or not.
It's a bit hard for me to explain it in english so I hope you can understand what I am trying to say here^^

dgadd
New Contributor II

Oh, that helps. Thank you. I'm going to make some changes today to play around with it on our test devices.
Thanks again

mhegge
Contributor III

I am finding this does not work on Shared ipads. We are trying to find a solution that only allows users to use Guest account, which wipes at signout. I have completely restricted everything iCloud, and it seems to allow a Apple ID login. JAMF Pro 10.25.0 and iOS 14.01

zamo
New Contributor III

@mhegge The devices have to be supervised to use this restriction.
If you want to reset the devices, the jamf reset app maybe something for you. I didn't test it myself but, just read about it. You have to use it with the jamf setup app to work correctly.

mhegge
Contributor III

@zamo We use Jamf reset for Library checkout iPads. But that is an operation performed by library staff. We cannot rely on students to utilize JAMF Reset consistently. It would be a data security risk.

mhegge
Contributor III

I have found out that if users try to use an Apple ID, it states it can only accept managed Apple IDs, so we may be able to work around it. We currently are not using managed apple IDs (only a few test accounts).

lilhwe
New Contributor

Do you know how you had the profiles set up to enforce that? I'm looking to set up devices so they only allow managed Apple IDs

GabeShack
Valued Contributor III

I wish this was a restriction we could use on Macs instead of just iOS. We are trying to use Apple Classroom on macs however many students have logged out of their managed Apple ID and just are using a personal one instead.

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

virtasupport
New Contributor II

I am not seeing this anymore: Configuration Profiles > New button > Restrictions payload > iOS tab > Functionality tab > Allow modifying account settings (supervised only).

 

zamo
New Contributor III

They changed the layout, few versions ago. It looks like this on my side:

zamo_0-1635415206619.png

I am using jamf Pro 10.32.2

Myflor23
New Contributor

Is there a way to back up the iPhone / iPad to iCloud even if we restrict the end user from logging out of their work-managed account?