What does Apple IDs have to do with iOS device management?

Jayden Traoré

Sep 26, 2019

7 min read

Apple or Android? The biggest decision for the modern world, isn’t it. For a new smartphone (iPhone or Android) the first thing a user will have to do is associate it with an email id. Google accounts and Apple IDs are compulsory if you want to do anything with your smartphone, like install apps, etc. So, is that all that an ID does for your device? Far from it, besides keeping all your data and preferences under a certain ID, the Apple IDs and Google accounts serve a lot of security and utility functions.

The popularity of device management via MDM is growing rapidly because of the ease of access and control it gives to the IT admins. The growth of iPhones and iPads as managed devices has been very rapid with almost every field from school to hospitals and everything in-between using the services.

So, what does my Apple ID have to do with everything besides sync my phone with iCloud?

Apple IDs do a lot more than just sync the device details with iCloud. From accessing the Appstore, iTunes and among the many other features it supports, it has a huge part dedicated to device management on Apple devices.

How can an organization, business or an IT admin use these features? With the assistance of Hexnode MDM, it is now easier than ever. The Apple IDs are crucial for setting up the device, for enrollment into the MDM portal.

Apple DEP– Apple’s device enrollment program or DEP can be configured with an MDM server to control a set of devices. The Hexnode Portal will have a certificate that needs to be uploaded to apple business manager. This ID becomes the device supervisor ID. The Apple business manager portal will yield a token which is uploaded to the Hexnode MDM portal for completing the DEP enrollment.

APNS– Apple push notification service is a service created by Apple to help third parties communicate with Apple devices. From the Hexnode portal, you must download the certificate for APNS and upload it to the Apple push certificates portal after logging in with your company Apple ID. The APNS portal will return a certificate that has to be uploaded to the Hexnode MDM portal and viola the APNS will be configured with your Hexnode MDM portal.

Apple Configurator– Managed Apple IDs are used to set-up the organization during Apple configurator set-up for enrolling devices into the MDM portal. A profile is created using the configurations and allocated to a blueprint which is applied on the device to supervise and manage it via MDM.

Apple’s VPP– Apple’s volume purchase program or VPP is useful for organizations and industries. They can use the corporate Apple ID to buy apps from the Appstore in bulk and use MDM to push these apps to their devices seamlessly.

And as if all this wasn’t enough the Apple IDs can be used to sync your devices with iCloud. Everything on your device like messages, contacts, calendar, and many others can be synced to the cloud.

Wait, is that all I can do with an Apple ID? Nope, not even close. These enrollment options give power to IT admins, using third party vendors like Hexnode MDM to help them manage and supervise iOS devices in several ways.

Managed Apple IDs? How is that different from normal Apple IDs?

Well its similar only in the fact that they are both Apple IDs but everything else about them are different. From the use cases to users both are as different as it can get.

“Managed Apple IDs are special school-created and school-owned accounts that provide access to Apple services”This is what managed Apple IDs used to be but currently it’s used in Apple Business Manager only to be used by employees who directly access and control ABM functions. Apple Business Manager roles and permissions can also be delegated with a managed Apple ID. It provides a world of opportunities to the IT admins and the managers of the organizations.

Managed Apple IDs can also be used for getting VPP apps. It is easier to connect everything related to VPP to a single ID than to a device. This enables faster and easier sharing across an organization.

It can be considered as a limited access Apple ID which can unlock a world of potential for businesses and organizations.

I have supervised and enrolled my iOS device into MDM, what can I manage?

Well now that your device is supervised and ready to go, the management options Hexnode MDM provides will surely surprise you:

  • Single app mode – A mode to set a single app running in the foreground.
  • Global HTTP Proxy – Configurations can be specified.
  • iBookstore, iMessage – Services can be blocked.
  • Game Center – The social gaming service can be blocked.
  • Airdrop, Airplay – These wireless services can be blocked.
  • Host Pairing – Disallow pairing of iOS devices to a host computer.
  • Activation Lock – Bypass the activation lock during reset.
  • Autonomous single app mode – Allows apps to put themselves into a single application mode.
  • Web content filtering – Blocks websites with adult contents or specified restrictions.
  • Set background and lock screen – Images for lock screen and background can be set.
  • Silent app push – Apps can be installed without user intervention.
  • Cellular data usage modification – Controls cellular data usage for certain apps.
  • Access to user generated content – Allows Siri to access user generated content from the web.
  • Find my friends modification – Prevents changes made in the Find My Friend service from taking effect.
  • Always-On VPN – Forces connection over a specified VPN.
  • Prevent Cloud Sync – Managed applications are prevented from using cloud sync.
  • Prevent Spotlight Internet results – Completely block the spotlight search option.
  • Prevent Handoff – Disable the transfer of work between devices via Handoff.
  • Prevent Erase – Prevent device from being wiped.
  • Prevent Restrictions UI – Prevents the users from enabling restriction on the device.
  • Prevent installation of Configuration Profiles by UI – Prevents the installation of Configuration Profiles.
  • Predictive Keyboard – Disables predictive keyboard suggestions.
  • Definition lookup – Blocks the lookup feature on the iOS device.
  • Enhanced Blacklisting – More restrictions on app blacklisting.
  • Prevent News – Block user’s access to the news app.
  • Allow managed app installation exclusively – Allows the installation of managed applications.
  • Prevent keyboard shortcuts – Blocks the keyboard shortcut suggestions.
  • Prevent passcode modification -Blocks the adding, removing, changing of device password by the user.
  • Prevent device name changes – Prevents users from changing the device name.
  • Prevent wallpaper changes – Disables the change wallpaper option.
  • Prevent automatic app downloads – Blocks the automatic downloading of apps.
  • Prevent changes to enterprise app trust – Blocks the user’s ability to change the trust settings of enterprise apps.
  • Prevent Apple Music – Blocks the Apple Music application from the device.
  • Prevent Mail Drop – Disables the sending of files via Mail Drop.
  • Treat AirDrop as managed destination – Used for sharing data from managed apps.
  • Prevent pairing with a watch – Unpairs paired watches and prevents any further pairing.
  • Radio services permission – Enable / disable radio services on default iOS music application.
  • Notification settings modification – Disables changes to the notification settings.
  • Diagnostic submission settings modification – Restricts users from sending diagnostic data.
  • Bluetooth settings modification – Disables the modification in Bluetooth settings.
  • App installation permission – Blocks the Appstore and hides the icon, disables the installation and updating of applications.
  • Dictation input – Disables voice input.
  • System App Removal – Prevent the removal of system applications.
  • Disallow creation of VPN configurations – Disables the usage of user created VPNs.
  • Secure printing with AirPrint – Allow only trusted certificates for Airprint.
  • Force Automatic Date and Time – Prevents users from changing the device date and time.
  • Autofill Passwords – Blocks autofill option and auto suggest strong password option on Safari.
  • Password Proximity Requests – Restricts device from requesting passwords from devices in proximity.
  • Password Sharing – Restrict the sharing of passwords shared to nearby devices when connecting to a network for the first time.
  • Contact Management – Managed and unmanaged apps lose the ability to manage each other’s contacts.
Apple IDs can be used for virtually an endless array of features and functions. It hence plays a key role in device management be it a corporate Apple ID or a personal Apple ID. The utility and security Apple IDs provide are unmatched .
Jayden Traoré

Product Evangelist @ Hexnode. Sometimes, I have the feeling I live in a story: a magnificent story written by a mediocre writer living off coffee and technology.

Share your thoughts