Apple Business Manager is a portal for administrators to manage the Device Enrollment program (DEP), Volume Purchase Program (VPP), Apple IDs, and content distribution in their organizations. Apple Business Manager with Workspace ONE UEM Mobile Device Management (MDM) solution makes it easy to enroll devices and deploy content.

Apple Business Manager has consolidated the management features that you have been using through the DEP and VPP portals. Once your organization upgrades to Apple Business Manager from Apple Deployment programs, the DEP and VPP portals will no longer be used to manage devices, assignments, apps purchases, or manage content.

For more information, see Apple Business Manager or contact your Apple representative.

Prerequisites

  • If you are using DEP, upgrade to Apple Business Manager.
    Note: Once upgraded to new Apple Business Manager portal, you will have no access to the Apple Deployment programs.
  • If you are using only Volume Purchase Program, you need to first enroll in Apple Business Manager and then invite VPP purchasers to your new Apple Business Manager account.

Apple Business Manager Services

To maximize the benefits of Apple devices enrolled in Mobile Device Management (MDM), Apple has introduced Apple Business Manager with combined services of the Device Enrollment Program (DEP) and the Volume Purchase Program (VPP) services.

Apple Business Manager's DEP service

Through Apple Business Manager's DEP service, you can perform the following.

  • Install a non-removable MDM profile on a device, preventing end users from being able to delete it.
  • Provision devices in Supervised mode (iOS only). Devices in Supervised mode can access additional security and configuration settings.
  • Enforce an enrollment for all end users.
  • Meet your organization's needs by customizing and streamline the enrollment process.
  • Prevent iCloud back up by disabling users from signing in with their Apple ID when generating a DEP profile.
  • Force OS updates for all end users.

For more information, see the Apple Business Support Portal portal or the Apple Business Manager Guide, or contact your Apple representative.

Note: Integration with any third-party software product is not guaranteed, and is dependent upon the proper functioning of those third-party solutions.

App Security Features for DEP Devices

Devices managed by Workspace ONE UEM and enrolled through the Apple Device Enrollment Program can receive security measures to protect corporate data on Workspace ONE productivity applications and Third-party applications leveraging Workspace ONE SDK.

Maximum App Passcode Attempts

You can configure your Workspace ONE productivity applications and Third-party applications leveraging Workspace ONE SDK to require the end user to enter a passcode to access app on the device. You can also set a maximum number of attempts to enter the passcode correctly. If this feature is enabled and a user exceeds the maximum device passcode attempts, regular Bring Your Own Devices (BYOD) perform enterprise wipe, while corporate dedicated DEP devices are quarantined and the devices lock into Lost Mode. A device in Lost Mode can only be unlocked from the UEM console. This way corporate dedicated DEP assets continue to be managed from the UEM console for tracking purposes while the user is locked out of the device.

To configure the app passcode settings, navigate to Groups & Settings > All Settings > Apps > Security Policies in the UEM console.

For more information, see Create or Edit the DEP Enrollment Profile in Apple Business Manager - Device Enrollment Program section.

Workspace ONE Intelligent Hub Unenroll Protection

If an end user attempts to unenroll a supervised DEP device through the Workspace ONE Intelligent Hub, the device locks into Lost Mode. A device in Lost Mode can only be unlocked from the UEM console.

For more information, see Perform Remote Actions on All Devices in DEP Device Management section .

Apple Business Manager Integration Prerequisites

To utilize the features of Apple Business Manager, make sure you have the following prerequisites in place.

  • An Apple Business Manager account – Register for a Apple Business Manager account. If needed, enroll with Apple using the Apple Enrollment Procedure.
  • Apple devices – Any macOS, iOS, and tvOS devices that you want to be managed through DEP service, you must have devices associated with Apple Business Manager account.
    • Devices purchased from a Third party or reseller must be associated with your Apple Business Manager account.
    • Starting iOS 11 and tvOS 11, any iOS and tvOS device can be added to device enrollment program of Apple Business Manager using Apple Configurator.
    • When enrolling devices, you must have Internet connectivity.
  • When integrating with the Apple Business Manager portal, ensure that the network is set up to communicate with mdmenrollment.apple.com on port 443, as for some on-premise clients.