What Is Apple Business Manager and How Does It Work?

The Apple logo with devices for the blog What is Apple Business Manager?

What is Apple Business Manager?

Apple Business Manager (ABM) is a comprehensive web-based portal designed by Apple to empower organizations in managing their Apple devices, apps, and employee access. With features like Apple automated device enrollment, ABM streamlines device deployment and management, making it easier for IT administrators to configure and secure devices remotely. It serves as a centralized platform where IT administrators can efficiently oversee and control various aspects of their Apple ecosystem.

The Evolution and Impact of Apple Business Manager: From VPP and DEP to a Centralized Automation Powerhouse

Apple Business Manager (ABM) emerged as a comprehensive solution, building upon earlier Apple programs aimed at simplifying device and app management for organizations. The foundation was laid by the Apple Volume Purchasing Program (VPP), which revolutionized how businesses and institutions purchased apps in bulk, streamlining licensing and distribution.

Additionally, the Apple Device Enrollment Program (DEP) automated the initial setup of devices, ensuring consistent configurations and security policies. ABM seamlessly integrated these programs, expanding their capabilities and creating a centralized platform for managing Apple devices, apps, and user accounts.

This integration played a pivotal role in the automation landscape, enabling zero-touch deployment, streamlined app management, controlled user access through Managed Apple IDs, and simplified content distribution. ABM empowers organizations to automate many manual tasks, saving time and resources while enhancing security and ensuring a consistent user experience across Apple devices.

Mobile device management made simple. Avoid costly mistakes and maximize your MDM success with our Dos and Don’ts guide. Read now.

The Relationship Between ABM and MDM

Apple Business Manager (ABM) and Mobile Device Management (MDM) software are complementary tools that work together to streamline the management of Apple devices within organizations. ABM acts as the foundation, enabling automated device enrollment into the MDM system upon activation. This is often achieved through Apple MDM server or a third-party MDM server. It also facilitates bulk purchasing of apps and content, which are then distributed to devices or users through the MDM solution.

Furthermore, ABM creates Managed Apple IDs, linked to the MDM system, for controlled access and enhanced security. The collaboration between ABM and MDM extends to device supervision, providing IT administrators with greater control over supervised devices to enforce policies and restrictions. While ABM focuses on initial setup and distribution, MDM provides ongoing management and security features, making them a powerful duo for managing Apple devices in an enterprise environment.

Who Uses Apple Business Manager

Apple Business Manager (ABM) and Apple School Manager play a crucial role in companies and educational institutions worldwide, including businesses, schools, and government organizations, by streamlining device management through automated enrollment and bulk purchasing of apps and content.

ABM also enables controlled access via Managed Apple IDs. Both ABM and Apple School Manager enhance productivity and collaboration by facilitating easy app deployment, content distribution, and device supervision for enhanced security. Additionally, they reduce costs and complexity through zero-touch deployment, efficient license management, and centralized administration.

Security is strengthened through Managed Apple IDs, device supervision policies, and remote wipe capabilities. In essence, ABM and Apple School Manager empower organizations of all types to harness Apple technology effectively, ultimately improving efficiency, security, and productivity.

What are the Apple Business Manager Key Features

Apple Business Manager offers a comprehensive suite of features to streamline the management of Apple devices within organizations. These features can be broadly categorized into the following areas:

1. Mobile Device Management (MDM) integration:

  • Automated device enrollment: ABM seamlessly integrates with MDM solutions to automate the enrollment of new devices into the MDM system. This ensures that devices are configured with the correct settings, apps, and security policies right out of the box.
  • Device assignment: ABM allows administrators to assign devices to specific users or groups within the organization, ensuring that devices are allocated to the right people.
  • Device supervision: ABM supports device supervision, which provides IT administrators with enhanced control over supervised devices, such as restricting certain features or apps.

2. Content management:

  • Apps and books: ABM enables bulk purchasing of apps and books from the Apple App Store and Apple Books. These can be assigned to specific devices or users, simplifying license management and ensuring that everyone has access to the necessary tools.
  • Custom apps: ABM allows organizations to distribute custom apps that they have developed in-house, ensuring that employees have access to specialized tools specific to their roles.
  • Content restrictions: ABM provides tools to manage and restrict access to certain types of content on devices, helping organizations comply with internal policies or regulatory requirements.

3. Device enrollment:

  • Automated Device Enrollment (ADE): ABM’s ADE feature enables zero-touch deployment of new devices. Devices can be pre-configured with settings, apps, and security policies before they even reach the end user.
  • Device Enrollment Program (DEP): ABM includes the legacy DEP program, which allows organizations to supervise and manage devices even if they are not enrolled in an MDM solution.
  • Apple Configurator: ABM integrates with Apple Configurator, a tool for manually configuring devices for specific use cases.

4. Managed Apple IDs:

  • Managed Apple ID Creation: ABM allows organizations to create and manage Apple IDs for their employees. These IDs can be used to access company resources and services, while IT retains control over access levels.
  • Federated Authentication: ABM supports federated authentication, allowing users to sign in to their Managed Apple IDs using their existing corporate credentials.
  • Role-Based Access Control (RBAC): ABM allows administrators to assign different roles and permissions to users based on their job functions.

5. Reporting and Analytics:

  • Device inventory: ABM provides detailed reports on device inventory, including device types, models, and serial numbers.
  • App usage: ABM tracks app usage data, providing insights into which apps are being used most frequently and which licenses are being utilized effectively.
  • License allocation: ABM helps organizations manage and optimize their app licenses, ensuring that they are being used efficiently and cost-effectively.

By offering a comprehensive suite of features, Apple Business Manager empowers organizations to effectively manage their Apple devices, apps, and user accounts. It streamlines device deployment, simplifies app distribution, enhances security, and provides valuable insights into device and app usage.

How to Add Devices to Apple Business Manager (ABM)?

You can manually add iPhones or iPads to ABM using Apple Configurator 2. Here’s the process:

  1. Prepare the device:
    • Open Apple Configurator 2 on your Mac.
    • Connect the device you want to add to ABM.
    • Select the device in Apple Configurator 2.
    • Click on Prepare.
  2. Choose Manual Configuration:
    • From the drop-down menu, select Manual Configuration.
    • Check the box next to Add to Apple Business Manager.
    • Uncheck the box next to Activate and Complete Enrollment.
    • Click Next.
  3. Set up MDM server:
    • In the MDM Server drop-down menu, choose New Server.
    • Enter “Apple Business Manager” in the Name field.
    • Leave the MDM Server URL as is.
    • Click Next.
    • You may receive an error message about the server URL. Click Next to continue.
  4. Assign to ABM:
    • In ABM, go to Devices, then Filter.
    • Select Source as “Manually Added” and “Apple Configurator”.
    • Select the device(s) you want to add and click Edit MDM Server.
    • Choose Assign to server and select your MDM server.
    • Click Continue.

For detailed instructions and additional information, you can refer to Apple’s official documentation:

Removing Devices From Apple Business Manager

Apple’s official documentation doesn’t provide a direct method to remove devices from ABM through the portal. However, there are two primary ways to achieve this:

  1. Device Ownership Transfer: If the device was purchased through Apple’s Volume Purchase Program (VPP) or a participating carrier, you can transfer ownership of the device to another ABM account. This will remove the device from your current ABM account.
  2. MDM Removal (for supervised devices):
    • If the device is supervised, you can use your MDM solution to remove the supervision profile.
    • This will remove the device from ABM.

Important Note: Apple advises contacting Apple Support if you encounter issues removing a device from ABM or if you have any specific questions about device removal.

Integrating Apple Business Manager with NinjaOne MDM

Enabling NinjaOne MDM for Apple Devices: Step-by-Step Guide

1. Locate MDM App:

  • Go to Administration > Apps > Installed.
  • Find “MDM” in the “NinjaOne apps” section at the top.

2. Enable MDM:

  • Click on “MDM”.
  • On the configuration page, click “Enable”.

4. Enroll in Apple Push Notification service (APN):

  • Under Apple > Apple Push Notification service, click “Enroll”.
  • A popup window will appear.

4. Download unsigned certificate:

  • In the popup window, click “Download” to get the unsigned certificate.

5. Log into Apple Push Certificates Portal:

  • Open a new browser tab or window.
  • Go to the Apple Push Certificates Portal and log in with your Apple ID.

6. Accept terms and upload certificate:

  • Accept Apple’s terms of use.
  • Upload the unsigned certificate you downloaded in step 4.

7. Download completed certificate:

  • Download the completed certificate provided by Apple.

8. Upload completed certificate to NinjaOne:

  • Go back to the NinjaOne popup window (from step 3).
  • Upload the completed certificate you downloaded in step 7.

9. Enter Apple ID and save:

  • Enter your Apple ID in the provided field.
  • Click “Save”.

10. Verify APN enrollment:

  • The “Enroll” button should now be replaced with an “Actions” menu.
  • This menu allows you to “Renew certificate” or “Reset connection” as needed.

You’re now ready to enroll Apple devices into NinjaOne MDM.

The Dynamic duo of Apple Device Management: ABM and MDM

Apple Business Manager (ABM) and Mobile Device Management (MDM) are a dynamic duo for managing Apple devices in organizations. ABM streamlines procurement and device assignment, while MDM provides granular control over settings, apps, and security. Together, they simplify IT workflows, enhance security, boost productivity, and optimize inventory management.

By adopting ABM and MDM, organizations unlock numerous benefits: simplified device enrollment, cost savings through bulk purchasing and efficient app distribution, enhanced security, improved employee experiences, and a future-ready infrastructure. The integration of ABM and MDM is a strategic investment that maximizes the value and returns on your Apple technology investments.

Apple Business Manager FAQ

What is Apple business manager used for?

Apple Business Manager is used for deploying and managing Apple devices, purchasing and distributing apps and content in bulk, and creating Managed Apple IDs for employees or students within an organization.

How do I connect Apple Business Manager to NinjaOne MDM?

To connect Apple Business Manager (ABM) to NinjaOne MDM, you’ll need to establish a secure connection between the two platforms. First, download the NinjaOne public key from the MDM settings within NinjaOne. Then, in Apple Business Manager, add a new MDM server using this public key. Next, download the ABM server token from the newly created MDM server in ABM.

This token needs to be uploaded to the MDM settings in NinjaOne. Once completed, verify the connection by checking if your ABM devices are listed under “Mobile Devices” in NinjaOne. Detailed instructions can be found in the NinjaOne documentation or by contacting their support team.

Can I use Apple Business Manager without MDM?

Yes, you can use Apple Business Manager without an MDM solution. However, its functionality will be limited to managing device information, purchasing apps and books in bulk, and creating Managed Apple IDs. You won’t have access to advanced features like automated enrollment, remote management, app distribution, and detailed reporting, which require MDM integration for full device management capabilities.

Do you need to pay for Apple Business Manager?

No, Apple Business Manager itself is free to use. There are no fees associated with setting up or maintaining an account. However, while the platform is free, you might incur costs for purchasing apps and books through Apple’s Volume Purchase Program (VPP), or for using a third-party Mobile Device Management (MDM) solution, which often requires a subscription.

How do I add MDM to Apple Business?

To add MDM to Apple Business Manager, you need to link your MDM server by uploading its public key to ABM and then downloading the ABM server token. This token is then uploaded to your MDM server, establishing a secure connection between the two platforms. This connection enables you to leverage MDM functionalities within ABM, such as automated device enrollment and remote management.

How do I verify my domain in ABM?

To verify your domain in ABM, add it in the ABM console, copy the generated TXT record, and add this record to your domain’s DNS settings. Finally, return to ABM and click “Verify” to confirm the process.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about NinjaOne Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to simplify the hardest parts of IT?
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).