Apple @ Work is brought to you by Kandji, the MDM solution built exclusively for organizations that run on Apple. Kandji is a modern, cloud-based platform for centrally managing and securing your Mac, iPhone, iPad, and Apple TV devices, saving IT teams countless hours of manual work with features like one-click compliance templates and 150+ pre-built automations, apps, and workflows. Request access.

Last week, I kicked off a ‘Back to the Basics’ series regarding Apple device management in the enterprise and K–12 education. This week, we’re looking at Apple School Manager and Apple Business Manager by understanding what roles they play when it comes to managing your devices.

About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


Apple School Manager (ASM) and Apple Business Manager (AMB) are relatively new parts of the Apple management ecosystem. They are a rebuilt version of Apple’s Device Enrollment Program (DEP) and the Volume Purchase Program (VPP). They are a single portal to manage your apps, books, mobile device management solutions tied to your account, and devices under your supervision. Your MDM solution will also be connected to ASM/ABM to handle app licenses after a purchase.

Enterprise app purchases

ASM and ABM are the centralized places for an organization to purchase and manage all company-owned apps through the iOS App Store and Mac App Store. It doesn’t interact with third-party apps not sold through Apple’s platforms. Many organizations heavily rely on the iOS App Store because it’s the only place to get iOS apps. Most organizations will package up their apps on the Mac side and deploy them directly to their devices through their MDM.

One thing to keep in mind, ASM and ABM don’t support in-app purchases, so any apps you deploy need to be free, paid upfront, or be licensed elsewhere, so your employees need to log in.

Device Management Server

Apple School and Business Manager is the critical part of building a zero-touch deployment model as well because it’s tied to Apple’s activation servers. When devices owned by the organization are unboxed and begin the setup process, they check in with Apple’s activation servers. If they are part of an organization’s fleet, they are then prompted to enroll in the company MDM server.

When devices are purchased through your company’s account with Apple, those serial numbers are automatically assigned to your ASM or ABM account. If you don’t want them to be tied to your MDM, you will need to release them. Once a device is removed from your account, it functions as a typical device. Once Macs are released, they can’t be re-added. iOS devices can be added back using Apple Configurator 2.5 or higher.

You can also allow the MDM server to remove devices. This method doesn’t require you to sign in to ASM or AMB. This feature is enabled by default when you add an MDM server to your account. You can remove this feature by deselecting the option for any new or existing MDM servers.

Managed Apple IDs

ASM and ABM are also where you manage your organization’s Apple IDs. Managed Apple IDs function much like regular Apple IDs, but the organization controls them. However, certain features accessible with standard Apple IDs are not available with managed Apple IDs. Examples include Apple Pay, iCloud Mail, Home App, and Sidecar. Unfortunately, devices cannot have multiple Apple IDs, so end-users can’t use their personal Apple ID for some features and a company one for others.

There are multiple ways to create Managed Apple IDs. You can make them manually, connect ASM/ABM to Azure Active Directory, sync with a Student Information System, or upload via SFTP.

Wrap-up on Apple School Manager and Apple Business Manager

ASM and ABM are vital parts of the Apple enterprise strategy. Although they are relatively new platforms, Apple has done a great job of integrating the purchasing process with the device management strategy, and it’s the first step in building out a proper Apple management strategy.

Apple @ Work is brought to you by Kandji, the MDM solution built exclusively for organizations that run on Apple. Kandji is a modern, cloud-based platform for centrally managing and securing your Mac, iPhone, iPad, and Apple TV devices, saving IT teams countless hours of manual work with features like one-click compliance templates and 150+ pre-built automations, apps, and workflows. Request access.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news: