ABM and Mobile Iron

Hello all.
Just upgraded to ABM and would like to ask for a little info/help.
We have Mobile Iron as our MDM platform and happy with the inner workings etc of that. My question is around when using managed apple ID’s from ABM. Is there any way of unrestricting the ability to download apps from a user perspective? I basically want to manage our staff apple ID’s but give them the ability to download and install apps. Currently Apple Business Manager restricts the rights to do this. I simply just want to be able to control apple ID’s without all the admin and that is all. Simply just let my MDM do all that.
Any suggestions or other ways to do this then any help would be appreciated.

Hi Marshy,

You would use ABM to control DEP/Supervision and to deploy business applications via VPP, the end users are still able to add their own Apple ID’s and download personal applications.

Any account modification/application download restrictions originate from the Restrictions Profile, if they are enabled you would have have modify this policy.
(allowAccountModification, allowAppInstallation, allowAppRemoval, allowUIAppInstallation)

Device Activation Lock can be bypassed from the MDM so the Apple ID’s will not cause any issue from this perceptive. Also look into managed/unmanaged applications and the flow of data between them to limit data leakage.
(allowOpenFromManagedToUnmanaged, allowOpenFromUnmanagedToManaged)

In short you will not have control over the Apple ID’s.


1 Like

Top man Andrew! Really appreciate the response. Simply did not think as the app store being separate so cheers for that.
All the best, Marshy!