Why it is Finally Time to use Managed Apple IDs for Work

Jordan Miller
4 min readJul 5, 2023

--

Apple continues to invest in its enterprise offering with the expanded functionality of Managed Apple IDs.

Photo by Penfer on Unsplash

Apple IDs have been a part of the Apple ecosystem for many years now and offer the consumer market tons of convenient features like iCloud backup, password sharing and protection, and device backup and restore. These features make setting up a new Apple device quick and easy, and they make sure that data from Apple’s native app suite carries seamlessly from one device to another. Apple IDs can be configured with most of Apple’s device offerings like the MacBook and iPhone. Apple IDs were even recently upgraded to support the “login with” function where a user can create an account for a third-party website, or app, using their Apple ID rather than creating a completely separate identity to manage. This feature has been adopted by many websites and apps (you may even be using it with Medium already!).

These identities help us easily manage data and access across the Apple ecosystem for personal use, and in recent years Apple has begun to implement Apple IDs in the enterprise and education space. Apple released Managed Apple IDs (sometimes called MAIDs) for both Apple Business Manager and Apple School Manager so that institutions can provide an AppleID-like experience for their users. These early iterations were clearly directed toward the academic use case and were built to allow schools to associate logins and other user metrics with a specific student so they could tailor content to those IDs.

The early iterations of Managed Apple IDs were limited in how they could be deployed and used; identity lifecycle management was a manual process and siloed from other ID management tools. Administrators would have to invest large amounts of manual work in deploying and maintaining Apple IDs in their environment.

This caused very slow adoption in the early days of Managed Apple IDs. In the next phase of Managed Apple IDs, there were added capabilities for federation which improved the administrator’s experience when deploying Managed Apple IDs. This federation was limited to Microsoft Azure only, which in turn limited the number of admins that could easily implement federation for their IDs.

Limited integrations with the Apple ecosystem and no support for federating custom IDPs meant that the adoption of Managed Apple IDs outside the classroom was slow. This year is different though. This year, Apple announced several much-needed improvements to Managed Apple IDs at WWDC 2023.

So what’s changed and why is now the time to adopt Managed Apple IDs?

  • Managed Apple IDs can now be federated with any custom IDP. This means that enterprise customers using IDPs outside of Azure AD can now federate their identities from their own IDP into Apple Business Manager. Enabling the auto-creation of Managed Apple IDs for federated identities and simplifying the identity management struggles for admins.
  • Managed Apple IDs have new security features offered in Apple Business Manager where admins can define what type of device their institutions Managed Apple IDs can be configured on. These security features will allow for broader and safer implementation of Managed Apple IDs in the enterprise and will allow users to store more sensitive data in the iCloud storage associated with their MAIDs with added security for the business. They will be given three options:
    –Any device
    –Devices that are managed
    –Devices that are supervised
  • Additional security features that control what applications can sync data will be configurable in Apple Business Manager as well. Admins can disable sync with the Calendar app, for example. This control will not prevent the user from using the app, but it will block the backup and sync of data from that app to the user's Managed Apple ID.
  • Managed Apple IDs have been expanded to integrate with many other native applications and services offered by Apple. One that I am particularly intrigued by is the integration with Apple Wallet. This feature be hugely beneficial to any institution with a corporate credit card or even digital badges or tickets. These highly important cards and badges can now be stored safely (and privately) in the Managed Apple ID ecosystem.
  • Passkeys will also be added to the Managed Apple ID functionality and can be stored securely and separately from personal passkeys used on the same device. This extends to the entire keychain as well so you can store work-related passwords in your Managed Apple IDs iCloud account and transfer them between supported Apple devices.
  • Managed Apple IDs are coming to Mac this year! Account-driven enrollment with Managed Apple IDs will now be possible on both iOS and MacOS devices.
  • Airplay and Continuity are also being added to the growing list of capabilities for Managed Apple IDs. This should enable users to seamlessly sync content between devices for presentations and meetings. Continuity was also added to Apple TV devices this year which will enable institutions to combine Apple TV with an iOS device for a conference room experience during virtual meetings.

Integrating with Managed Apple IDs will unlock all of the new features Apple has released, but it will also allow MDM admins to implement User Enrollment. The privacy-focused BYO enrollment mode separates the personal Apple ID and the Managed Apple ID so that work-related data can be synced with the MAID and separated from personal data. User Enrollment also limits the ability of MDM admins to control the entire device (and in some cases wipe the entire device).

Several other quality-of-life features were added to Managed Apple IDs at WWDC this year, and I believe that with a new robust list of capabilities, it is finally time to integrate Managed Apple IDs in enterprise device management.

Learn more about the full list of Managed Apple ID capabilities as well as other exciting announcements from WWDC here.

--

--