The Top 10 reasons to integrate Microsoft Intune with Apple Business Manager (ABM) for Company-owned Apple Devices.
Apple and Microsoft are better together. It is very true when it comes to managing the Apple iOS or macOS devices using Microsoft Intune.
What is Microsoft Intune?
Microsoft Intune can help to secure iOS, Android, Windows, and macOS devices. The Solution can deploy devices with company-defined security standards; it can help to secure corporate data on devices and improve user experience by automating apps, configuration, updates installation, Wi-Fi, VPN, Security Policies and enforcing configuration policies which can take hours to configure manually. It can help to maintain end to end device lifecycle. Intune is the only solution which can protect data Office365 data on devices using Application Protection Policies with or without device enrollment.
What is Apple Business Manager?
Apple Business Manager (ABM) is a new portal integrating Device Enrolment Program (DEP) and Volume Purchase Programs (VPP). ABM can be beneficial to manage company-owned device procurement, deployment, Apps & Books distribution and roles management. ABM makes it easy to enrol devices, deploy content, and delegate administrative privileges.
MS Intune and ABM can help organisations to faster enrolment, more device controls and provide seamless device enrolment experience. Here I have listed the top 10 reasons to integrate MS Intune with ABM.
1. Enforce Intune Enrollment
To enrol device in Intune (or any other MDM), the user must download Comp Portal App (MDM App) from App store, sign in using company credentials and enroll device. Intune and ABM integration can help to enforce company portal app installation & device enrolment automatically. User can be compelled to sign-in with Company Credentials to activate the device instead of Apple ID. Admin can add existing devices to ABM too using Apple Configurator!
2. Customise out of the box user Experience
The new device must go through initial device setup and activation before it can be used, users are prompted to enter a passcode, Touch ID, Zoom, location services, Apple ID, Zoom, Siri, Restore from iCloud or iTunes backup etc. Also, Users are promoted to Apple ID to install apps from AppStore. These steps can be controlled using Intune; many levels can be disabled to minimise user interaction which results in fast enrolment experience.
3. Bypass Apple ID requirements
Apple ID is mandatory to install Apps from AppStore. Apple ID can be bypassed entirely with the help to ABM and MS Intune integration. User can install Company-owned apps procured using ABM from Company Portal Apps instead of AppStore.
4. Locked Enrolment
Users can easily bypass configured security by deleting MDM profile. As a result, device is no longer under Intune management and policies are not enforced. Intune & ABM integration allows configuring devices with locked enrollment. This can be only set on devices managed using ABM or Apple Configurator.
5. Authenticate user with Company Portal
Apple iOS Device is required to go through setup assistance, part of initial setup users is promoted to create or sign in with exiting Apple ID to install apps from App Store, iMessage, iCloud backup etc. At times, it can be cumbersome when the employee does not have Apple ID, can’t recall password or have multi-factor authentication setup. ABM and Intune integration can bypass Apple ID, and the user can sign in with company credentials to start using the device. As a result, devices are deployed faster!
6. Supervised Mode
Supervised mode allows Intune administrator to have more control on a device than typically permitted. It can enforce to run iPhone or iPad in single app mode, configure always-on VPN, set wallpaper, message on lock screen, automatic app installation, device name changes, block Airdrop etc. Visit Apple support to learn about all supervised restrictions. ABM and Intune integration allows configuring supervised mode on devices.
7. Enforce Device Naming Standards
ABM and Intune integration allows to apple device naming templates. Devices are created with a unique name contain serial number, device type to make it easier for IT Admins and users to manage devices.
8. Seamless App Installation without Pop-Ups
Devices managed using ABM are supervised which allows seamless apps installation without any pop-ups. This can save time to install apps from AppStore or Intune company Portal manually. Users can be more productive and utilise time for more valuable tasks.
9. Procurement and Asset Management
It is quite challenging to manage device lifecycle including procurement, allocation, management, tracking ownership and decommissioning. ABM Administrator can add preferred supplied to ABM, as a result, all newly procured devices automatically added in Intune via ABM by a supplier. Intune shows the device state for lifecycle management. Devices are always enforced to sign in with company credentials so lost or stolen device cannot be sold in black market or eBay!
10. Minimise Support Cost with Zero Touch
We all know the feeling of unwrapping brand-new gadget or device. Many companies have a process where IT support will open device and walk through enrolment process with users. This can be a productivity killer and create unnecessary IT overhead. Devices are automatically enforced to sign in with company credentials as result it is protected out of the box. All Apps can be automatically installed using Company Portal without Apple ID requirement.
ABM and Intune integration enabled IT to ship devices direct to the user. User can follow necessary steps to enroll devices and sign using company credentials to access company email, apps, Wi-Fi, VPN etc. This can help to minimise IT support calls, helpdesk time and improve user experience. User can complete setup within 5 mins.