Ntiva Live: Apple for Business

Apple Business Manager - What it is and Why You Need it

Apple Business Manager - Episode Overview

In this episode, Ben is joined by Ross Matsuda, the Apple Systems Administrator at Ntiva, to discuss Apple Business Manager (ABM) and how an ABM account can help oversee your organization's Apple devices and applications.

Sign Up Today

Complete the form to register for the Ntiva Apple for Business Livestream series. You’ll get an email reminder before each livestream, plus an email with a link to the recording in case you miss any of the live events.

Episode Transcript

 

Apple Business Manager - What it is and Why You Need it

Hi, everyone. Today is Tuesday, August 10th 2021, live streaming from Chicago. I'm Ben Greiner, Director of Apple Technology at Ntiva. With me today, joining me in a few minutes, will be Ross Matsuda, our systems administrator focused on the Apple platform.

Today, we're going to be discussing the Apple Business Manager. I'll also refer to it as ABM, so I don't have to keep saying Apple Business Manager. For those of you that already have an Apple Business Manager account, hopefully we'll get a little deeper into it.

So you can make sure you're taking full advantage of that platform. And for those of you that do not have an Apple Business Manager account, ABM account, we're going to discuss how important it is that you get one for enterprise mobility.

Because the real struggle with Apple Business Manager, and let me share my screen so everyone can see what I'm talking about, I'm going to go full screen here. This is the business.apple.com page. And if you can go to business.apple.com and login to an Apple Business account, then you have Apple Business Manager.

The struggle we run into is that Apple is very much a security and privacy driven company. And because of that, as a service provider, as a partner, we cannot do this for you. We can take you here. We can help you as much as possible, but it must actually be done by someone within your organization.

And I will talk about that in just a minute. But I just reminded myself, I'm trying to do Apple news first before we get into it. So some quick notes on Apple news, Parallels 17.

Apple News - August 2021

For those of you who don't know Parallels, Parallels is a longtime VM, software manufacturer, software developer, allows you to run Windows on a Mac. And with parallel 17, they now brought Windows 11 support, in addition to M1 support.

So when Apple came out with their new operating system, or not their new operating system, their new chip, their silicon chip, their custom Apple chip, they call it currently called the M1. You could not run Windows on that chip. VMware couldn't do it, Parallels couldn't do it. Parallels announced that their new version can do that.

I have not tested it, I just read about it. But that's one of the latest news items. And then I wanted to mention, because it's been in the news a lot here, and this is a whole another topic we could probably go into, but Apple mentioned that they're going to be putting out a way to more tightly integrate this CSAM, C-S-A-M, which is child sexual abuse material.

Apple's published a new FAQ as of two days ago, on its plan to scan user photos for child abuse imagery, in an effort to combat the growing concerns.

So basically, Apple said that they were going to do ... Let me see if I can get the link here. Da da da da da. So here's a PDF. You can search for it, Expanded Protections for Children, Frequently Asked Questions. That's what they posted recently. And then here's a great article in ... Hey, Ross.

 

Ross Matsuda:

Hey there, Ben.

 

Ben Greiner:

So what I wanted to point out is this article here, because there's been a lot of news articles talking about the demise of Apple privacy and Apple security because of their statement about the CSAM. I don't know if it's pronounced CSAM, Ross. Do you know this ...

 

Ross Matsuda:

I couldn't tell you, but until proven otherwise. It's CSAM.

 

Ben Greiner:

Yeah, I'll just call it CSAM. I just want to mention, this is a great article that talks about how a casual view of the Apple related headlines. And that's all I've been seeing, Apple related headlines might lead one to think that the company's child safety mechanisms are somehow unique, and they're not.

Google's been doing this. Microsoft has been doing this. Apple has been doing this to a certain extent. And now they're going to do it in a more in-depth way on the device. But I'm not going to go into that because, like I said, that's a whole another topic.

I just wanted to address it because it's clearly in the news. People are talking about it and because Apple did just publish this FAQ, which I have not even had time to read. I just found it when I was preparing my notes for today.

So those are the news related items. Let's get back to Apple Business Manager. And, Ross, what I was about to say is we want all of our clients to have Apple Business Manager, but the struggle is we cannot do this for them.

 

Setting Up Apple Business Manager for Your Organization

So I just want to briefly walk through if you don't have Apple Business Manager, how you get an Apple Business Manager account so that everyone knows, and hopefully we can even use this recording to help some of our clients in the future.

So if you cannot log in here, you need to go to the Enroll Now link, and Enroll Now link will take you to a very simple form, but it can also be a roadblock because one of the first things they ask for is a DUNS number. And I know from experience of owning my own business, I don't recall ever asking for a DUNS number.

I was just given a DUNS number when I registered my business. So any legal entity in the United States anyway will have a DUNS number. And that's a Dun & Bradstreet number. And it's like a credit check number. And it's used by the credit agencies to verify that you're in good standing, and who knows what else they use it for. I do not know.

But Apple is using that as an identifier for businesses. So you have to find your DUNS number. And there's a way to look it up. And unfortunately, I don't have the link handy.

I don't want to go looking for it, because that may take me down a rabbit hole. But, Ross, I think we have it in our private Keybase, maybe you could find it. And you can typically look up your own DUNS number very easily, but it's not always good to ask me to look it up for you.

Because occasionally, especially large organizations, they may have multiple DUNS numbers. It's rare and unusual, but I've seen it happen either through acquisitions or multiple offices, or they're just registered differently, possibly as an LTD and an LLC.

So they have multiple. It's a complex business setup. At the end of the day, you need to have one single DUNS number. And if you struggle with that, obviously, reach out to us and we can help you. But you have to provide that. There's no way around it.

So your name, your DUNS number, your phone number, your website, pretty straightforward. And then your details. Your details, you're the one filling out the form, maybe you are also the verification contact, maybe you're not. If we have the DUNS number, I have filled this form out for clients.

Sometimes that helps, sometimes I feel like it makes it more confusing because then they say, well, you filled it out, then you can verify for me, and I cannot. I absolutely cannot verify for you.

So if you click on this little question mark, Apple explains the person who can bind your organization Apple Business Manager. And they talk about examples of who that might be.

So it is important that whoever you put down as your verification contact knows that Apple will contact them. And I believe it's a phone call. And guess what, we all get too many phone calls today.

And we all get a lot of spam phone calls. So no one answers their phone. And so, what happens is, this form gets filled out. Apple reaches out to the verification contact. They don't hear anything.

If we already have a relationship with the client and Apple knows that or if I filled out the details form, Apple might contact me and say, we have not heard from your verification contact. And then I will reach out to them and say, please contact Apple because they're trying to get ahold of you. And I know that sounds like a scam, but that is real.

Apple must talk to you before they will validate this free account. It's a free account. So the form looks very easy.

But for whatever reason, or the reasons I've just explained, it can be very complex and can drag on what should take a few days can drag on for weeks, either because we struggled to get the correct DUNS number or we struggled to get the verification to have that conversation. And, Ross, you've been involved in some of these. Is there anything you would add to that summary?

 

Ross Matsuda:

No, I think that's pretty much it. The nice thing is, is that as long as you can pull together someone for Apple to talk to and you can use the DUNS lookup, I believe it's just dnb.com. I'll toss that into chat. I believe this is what we're looking for, as long as you can get through these first couple steps that really is going to open the gates for you.

 

Ben Greiner:

Yeah, here it is.

 

Ross Matsuda:

Yup, that looks right.

 

Ben Greiner:

So you can search for my company, if it's your company. Or you can search for another company. I don't really understand what the difference is there, because I think the process is very similar.

But if you look for another company, you have to have some basic information, which you can typically find out from a public website. But anyway, that's a good place to start. And the point is, we want to have everybody on here, everybody enrolled in this.

And when I say everybody, the general rule, and there's no hard fast rule, but if you have at least 10 Apple devices, you definitely want to think about enrolling in Apple Business Manager. If you only have one, it's probably not necessary, two, probably not necessary.

As you start to get multiple devices, it becomes more and more necessary. And 10 is definitely the tipping point, I would say. But we'll go into that in a little more detail once we log into it.

So the other challenge that people run into when filling out this form is Apple will then ask them to create or accept an invitation into Apple Business Manager. So let's say I fill this form out. I verified it with Apple, and now they send me an invite to actually log in for the first time.

That very first login is going to require me to enter an Apple ID. And it cannot be an existing Apple ID. Does this ring a bell, Ross? The frustrations we've had with this.

 

Ross Matsuda:

Yeah, this step always is trickier than it sounds.

 

 

Why You Need to Create an Apple Business Manager Account

Ben Greiner:

Yeah. So we recommend the Create an Account, that's like ABM at your domain.com or ABM admin at your domain.com, something like that, to be your dedicated Apple ID for Apple Business Manager.

This is where Apple Business Manager or rather Apple IDs I feel can get very confusing, because some Apple IDs can be used for multiple services, some IDs have to be dedicated to that service. I believe Apple Business Manager is one that has to have a dedicated account. I might be wrong, or they might have changed something.

But in my experience, it's just safer to have a dedicated Apple Business Manager account for this login and this login only. So what happens is people try to use their existing Apple ID, is already associated with buying music or iCloud or something, and it won't work.

Or they try to use our Apple ID or our email address, and ours won't work because it has to be your domain, has to be your company. So that's the other stumbling block that I see. So the best thing to do is to create, not a full on email account, it could be an alias or a mailing list.

It just has to deliver somewhere where you can respond to the verification process because the verification process, not only does Apple talk to you, but then they email you for verification. And I think they even text you today for verification. And you have to go through that in order to get into this.

The good news is once you're past that, that's the hard part. But why do you even want Apple Business Manager account? The reason that you wanted is this is the verification process for zero-touch.

And zero-touch is the method by which you can auto enroll company on devices into a management system. And you get special privileges with that zero-touch. There are three things that you must have to make that happen, you must buy from an authorized Apple reseller or Apple themselves.

You must have that purchase connected to your Apple Business Manager account, which is what we're talking about here. And then Apple Business Manager must be connected to your mobile device management solution, your MDM.

And that's typically what we bring to the relationship when we're helping clients. We bring the MDM, so you don't need to worry about the MDM. We bring that. And I do find it a little bit confusing when Apple talks about in their Apple Business Manager User Guide, all sorts of information here.

When they talk about what is Apple Business Manager, they do say, it's a simple web-based portal. It's a way for you to deploy Apple devices. And that's true. But they're leaving out the part that you cannot deploy Apple devices with Apple Business Manager alone.

You have to have MDM to go with it. As they say here, you can automatically enroll devices in your mobile device management, MDM, solution without having to physically touch or prepare the deployed devices before users get them.

That's a zero-touch device enrollment program. Ross, am I misrepresenting something here? This is always, I think, throws people off. They think if they get Apple Business Manager, they can start managing their devices. That's only half the story, right?

 

Ross Matsuda:

Yeah, yeah. Apple Business Manager is indispensable. And it's a necessary part of the ecosystem, both for initial deployment and then for future management, especially when we start dealing with apps and books distribution, which I'm sure we'll hit in a minute.

But it is one piece of the puzzle. And in one way, that's nice that Apple hasn't totally cornered the market on MDM solutions by baking one into Apple Business Manager. But it's also only one piece of the larger setup that you need to really take advantage of it.

 

Ben Greiner:

Yeah. And I had logged in to make sure I could get into our account so I could show you that. And Apple is very strict about kicking me out of there, if I'm idle. So I've already been two idle kick me out. I'm going to log in again. But what was it I was going to mention? How about business ... Well, I'll think of it in a minute.

So I'm going to log in with an Apple Business Manager account that we don't use anymore, but it still has lots of good data in it. So it'll give us an example of how this really works. So I'm logging in. And here we are. We had dumped into the accounts area. Ross, do you want me to walk through this? Or do you want to walk through this?

 

Apple Business Manager Admin Account Walk-through

 

Ross Matsuda:

Sure. If we can roll through here, I'll let you know right off the bat. And in this left sidebar, only a handful of items are going to be super useful in your day to day. This activity, it's a great log of changes if you have multiple people on your team who were in here touching things, can sometimes be nice to know when something moves or is added or deleted.

But the first thing that's really important is the second tab, that's called locations. And this is for setting up physical locations that you interact with.

Because you can then set up some further deployment options based on location for some of the other types of settings. And so, if you're a small organization, almost all of your devices are going to be treated pretty much the same, stick with one location.

If you've got multiple retail stores or multiple offices in different cities or different states, you're going to want to configure separate locations for each of those for the steps to come. You'll notice that ...

 

Ben Greiner:

And we can help with that. This is what I wanted to mention, Ross, is once you have an Apple Business Manager account, we then want to be invited in as an administrator into that account. And you would do that in the account area by adding a new account.

And we will provide you instructions on exactly what to fill out here. Because it is important to fill it out the way we ask it to be filled out, because there are options that I would avoid. And that can be confusing. Though, once this is filled out, the biggest thing people miss is in our instructions.

Once you create an account, you then have to send an invite to that person, right, Ross? And there are a couple different ways to do that. And we will walk you through that, but that's the other step people miss, is they create the account, but they don't send us the actual invite. So it's a two-step process. It's all these little things that make this super annoying to set up, Ross.

 

Ross Matsuda:

Yeah, yeah. But the good news is once we have access, we tend to be in pretty good shape. Another nice thing about this is that when Ben was first going through, how we want to get the account spun up to begin with and his recommendation of using an email alias or distribution list or something else, a shared mailbox, where and a pin can go from Apple when you're trying to authenticate and it forward server needs to go.

The nice thing about having that just being associated with a distribution list or alias, is it's not necessarily tied to a single employee's contact information. And so, if you have someone else at the organization, if the person who was running this, to begin with, was helping us get it set up, they leave the company. You don't need to do any juggling or management of that email address. We just change with, forwards to, and often on our way we go.

 

Ben Greiner:

Yeah, that's why we have four administrators here. Apple will warn you repeatedly that you should have at least two. Because if you only have one administrator and something happens to that login, where that person's not available when you need it, you're not going to get in it without a lot of verification through Apple.

To circle back on that, this is the thing I really wanted to mention, is this is super frustrating to me, how difficult it is to get set up. But I have to remind myself from a security standpoint, it's secure.

 

Ben Greiner:

If it was easy to set up, it would probably not be as secure. And you can imagine, when we're talking about zero-touch management of a device, you would not want that to be taken trivially or to happen so easily that someone could steal the management of your devices.

So it is super important from Apple's perspective, that they know where you're buying and that you've authorized that purchase to be associated with Apple Business Manager.

And you've authorized Apple Business Manager to be associated with an MDM, a mobile device management system. Because if it was super easy, you could imagine what the bad actors would do to that situation. Okay, that's my soapbox, Ross. Let's keep going.

 

Ross Matsuda:

Yeah, it's an important soapbox. So we talked briefly about accounts. So you have your locations for your business, you now have individual accounts that are logging in. Many of these will be administrators either of all of Apple Business Manager's features or you can actually get really specific here and allow users to manage certain types of things.

So you can have someone who just manages user accounts. You can have some that manages locations, apps and books, or MDM enrollment. And this is generally stuff that we're going to take care of for you.

The reason that you also see some other kinds of accounts there, and I don't think we're going to get too into it today. But one of the things you can do in Apple Business Manager is deal with what are called managed Apple IDs.

And these are Apple IDs that are all under the umbrella of your organization, instead of having your employees create their own at your business name.com. Apple IDs with their own personal information tied to their payment methods.

Inside of Apple Business Manager, you can take control of your domain, which is a whole other process, and then spin up these other accounts that you can centrally manage and use. They have their own unique feature set. And so, in some organizations, we may have dozens in here for all the individual employees. And for others, we'll just have a couple administrators and get on with it.

 

Apple Business Manager, Apple ID, and MDM

 

Ben Greiner:

Managed Apple ID is certainly a topic that we could focus on for another live stream. The debate is still out on this. I still feel it's early days. There are some very specific use cases where Apple IDs are super beneficial.

And there are others where they can just complicate the situation. So managed business or managed Apple IDs, which started in school manager. And by the way, we're in business manager, but there is a school manager for anyone who is associated with a school that's very similar. And Apple Business Manager grew out of the school manager.

 

Ben Greiner:

They're very similar. Eventually, we'll get to leveraging managed Apple IDs. And that brings me to another point, Ross, which is the reason you want to get in to this system now, is Apple is layering features onto this as we go. They introduced managed Apple IDs much later than Apple Business Manager. And I believe with the new MDM that they talked about, Ross, coming out with I think iOS 15 and Monterey macOS, what was the term? What is the term? Let me check my notes.

 

Ross Matsuda:

Was that a declarative MDM?

 

Ben Greiner:

Declarative MDM, yes. So I would imagine with their new iteration of MDM, we may see even more features tied to Apple Business Manager. But today, the real reason we need it is we need it for zero-touch and we need it for apps and books.

So maybe what we could do, Ross, we'll skip to the accounts for now. We talked enough about that. There are different roles you can assign people. When it comes to devices, there are ways to assign devices to different MDMs. Some people use one MDM, some people have different MDMs, maybe one MDM for their macs, and maybe another one for their iOS devices. I guess that's in the settings those, isn't it, Ross?

 

Ross Matsuda:

Correct, yeah. This is just going to be your master list of every device that was purchased in such way to associate to your Apple Business Manager. You'll see that the majority of these are set to unassigned, but most the top one says Addigy MDM server 2023.

So, when you've got these new devices, these new purchases from Apple or other authorized resellers, you can tell Apple Business Manager where it should go. And that's going to be down in settings where we'll then head to Device Management settings. This is where I spend a whole lot of my time.

So default device assignment, you can change each individual product type where it's going to land when it arrives. The great thing about this is that let's say we've got your computer's set up an Addigy, you want to start adding your iOS devices as well. But we're going to want to treat those a little bit different.

So all the policies that apply to your Mac's may not apply to your iPads and vice versa. And so, we can actually build separate MDM server tokens to make sure that if you enroll an iPad, it goes into a very specific place in Addigy, your Mac's go to a different very specific place, your phones, your Apple TVs. It allows us great granular control over that enrollment experience as far as your touch is concerned.

 

Ben Greiner:

So in this setup, we've told everything to go to our Addigy MDM, but we could switch the iPhones to automatically go to this Mosyle MDM, or we could say, none, I don't want to do anything. And that is where I've also seen some people get tripped up with ABM.

They try to use zero-touch. They miss this step. So the device is technically here, but it's not assigned anywhere. And it won't get assigned anywhere unless you manually assign it or you tell it where you want it to go. These are long gone devices. And I'm not going to make any edits here.

But there is a way to autoenroll as we just looked at and then you can also manually enroll. And you can also, if when the box arrives, if you're new to zero-touch and you're new to this, if you order from Apple, you will get a serial number, either on the box.

I think they might ... I don't know if they give you the serial number in a confirmation email before the box arrives. But I know, for sure, the serial number is on the shipping box if you look for it. And if you were to type that serial number, let's say it was this one, QP117. Actually, I got two of them.

But if you have a box that you think should be an Apple Business Manager and you look it up, and it's not here, the zero-touch is not going to work. And the reason it's not going to work and the reason it's not here is because something happened with your purchase that never assigned it to Apple Business Manager.

I've seen this most often with resellers, but it can also happen with Apple. If you buy directly from Apple and you didn't tell Apple Business Manager about your accounts, your Apple accounts, then they're not going to know which Apple Business Manager to assign it to.

So there's a relationship there that has to be set up. And you can see here in this example, we had set up an Apple customer number, so Apple knew where to assign devices.

And we'd also set up Apple retail, because at least half the time, I don't know if they've combined retail and online yet, but online and Apple retail were separate at one point. I think they're working to get those to merged, and then, of course, AT&T. And allow these reseller numbers.

If I needed to add more, I could just add them here, could be CDW would be another one that would have a reseller number. But just because I added the CDW here, doesn't mean that CDW will know to take my purchase and apply it to my Apple Business Manager until I give CDW that information and say, please do this when I purchase Apple devices. So just be prepared.

The first time you go through this, you might run into some of those challenges that you didn't miss or you gave to CDW on. Sorry to beat up on CDW, but I don't mind doing that.

If you do that, and they don't have their process in place yet, you may run into issues. So the assignments are pretty straightforward. The devices are either in the system or they're not. They're either assigned or not.

You can see there's also an option to release a device. Just be careful. You have a onetime release button. There's no coming back.

When you're done with the device, you're going to give it to somebody, you're going to sell it, you're going to recycle it, you need to release that device. And it cannot come back into your system, unless something's changed, right, Ross? That's my understanding.

 

Ross Matsuda:

Yeah. Once it's released, it is gone. It's also worth just mentioning briefly, again, this is a subject complex enough to warrant its own separate talk. But there's only one other real way to get devices into Apple Business Manager app and be an authorized reseller. And that's something called Apple configurator. And it's a tool that allows you to take a Mac or an iOS device that's already out in the wild.

With an administrator physically having access to that device and connecting it through configurator, there's a way to get that into the system manager. It is a bit of a process and it does require raising the device. So it is not our preferred method. But in a worst case scenario, there are still some options that is much more labor intensive, I guess I should say.

 

Ben Greiner:

Yeah, here's one that ... There's an iPad, we had enrolled via configurator. We recently released it, because we wanted to move it to another MDM in stock, because we're not using this Apple Business Manager anymore. So we wanted to get it out of here, so we released it.

But that's a good point, Ross. And that also reminds me that if you use Vision-Bot, if you're a client of ours and you use Vision-Bot, we have a little tag in Vision-Bot that tells you if a device is supervised or not. And essentially, supervision means that the device is in Apple Business Manager.

And that means we have full control as far as Apple is concerned over the device. It is supervised. You can still manage the device without supervision.

It's just that that device is not in Apple Business Manager. So we may be missing some capabilities, and those capabilities differ from macOS to iPadOS, even to iOS.

In fact, one of the features of Apple Business Manager that's required or is required to have Apple Business Manager is shared iPads, which is also more popular in school. So I don't know a lot of businesses that do that.

But if you want to do the shared iPad concept, you have to have Apple Business Manager, and that iPad has to be in here, whether it's brought in through configurator or through purchasing. Okay, so we talked about managed Apple IDs, we touched on it, touched on shared iPads.

I mentioned supervision and enrollment. What I really want to mention is content, apps and books. And, Ross, you know more about this than I do. But I think this is a super cool feature, because it essentially allows you to install some software and not deal with Apple IDs, right?

 

Ross Matsuda:

Yeah, it is powerful and it is necessary. Because you may run into business critical applications that are only being deployed via the App Store.

There's always been chatter in the admin community of people saying like, alright, so given the option, do we want to install things manually, deploy them manually, using package installers, things like that? Or do we want to use apps and books? And sometimes that decision is made for you. The developer isn't publishing something for you to just take off their website and deploy.

You're going to need this setup in order to use their applications. And the powerful things here are that you can just immediately search for anything in the App Store, and that's going to be apps for Mac, iOS, iPadOS.

You can search for books to the deployed as well. And you can procure those licenses right here, assign them to a location.

Remember, we talked about locations back at the beginning of this. And this is where you can start being very granular about what you want to land on which devices in different geographic regions, things like that.

And then deploy these apps to your fleet, completely Apple ID agnostics. You don't need to worry about any privacy concerns, about your employees that may have their own personal Apple ID setup or their own payment methods setup.

These apps are going to be licensed to the serial number of the device that they're being deployed. And that just means that not only is it easier to make sure that everyone gets the same applications, it means that you don't need to worry so much about updates to those as well.

Because historically, you download an app with one Apple ID on a phone and switch and log into a different one. It's still going to ask you for the password for the Apple ID that originally purchased or licensed that comes in order to run updates.

By getting this information through Apple Business Manager, by building this license, then deploying it through an MDM solution connected to Apple Business Manager, you can push all of those updates automatically.

There's no additional authentication required. It is not owned by the user on that device. It is owned by the device. That just makes the whole process so much smoother.

 

Ben Greiner:

Yeah. So if I went to the App Store and tried to get Adobe Lightroom, I would have to provide it with my Apple ID or an Apple ID that works, and presumably mine. And if I did that, then it would at least forever that it lives on my computer be linked to my Apple ID.

So every time there was an update, it would ask for that Apple ID. And we all know people struggle with remembering their passwords, especially ones they don't use very often. So it is nice to eliminate the need for user to enter a password or an Apple ID credentials when installing or updating software.

But more importantly, as Ross mentioned, it's now no longer tied to the individual, it's no longer tied to me. If I go through Apple Business Manager and deployed Adobe Lightroom in this method, it would be controlled by the organization, and especially if this were a paid application.

I don't know if we have any examples of paid applications. It's a little strange, you buy the license even if it's free, but you buy it, allocate it, and assign it. But we could take that assignment away from my computer and say, give it to Ross.

Or if someone left the organization, you get the license back. And this is a huge problem in the beginning, even when apps cost a couple dollars.

People were frustrated that they would buy them for their team members, and then the team member would walk out the door. And you'd have to buy it again, and again and again.

So now whether the app is free or the app is $50 or anything in between, the organization owns the app. Nobody needs to enter an Apple ID. It's all managed here. I think I just said exactly what you said, Ross.

 

Ross Matsuda:

It's good information.

 

Ben Greiner:

Yeah, anything else we want to ... Is there an example? Can you think of an app that would cost money? I haven't even looked at this in a while.

 

Ross Matsuda:

No, we don't really push a lot of paid licenses. You can always pull up the Affinity suite, A-F-F-I-N-I-T-Y. They're a great software developer that works in the same specs that Adobe does.

 

Ben Greiner:

Here you go.

 

Ross Matsuda:

And so, they've got their own versions of Photoshop, Illustrator, and InDesign that they publish. And it's a great solution for designers who are looking for a onetime purchase rather than a recurring subscription.

 

Ben Greiner:

Yeah, so that is a great example. Because rather than spend $55 and give it to somebody, I could spend that money, the organization owns it and retains ownership. And I noticed it can be managed or redemption code. Have you ever used redemption code?

 

Ross Matsuda:

Not in a long time. Those are generally provided by developers to individuals or to organizations. You can make a purchase the licenses through them directly financially, and then they'll provide you with the codes. You drop the code in there, and then it'll let you up. But you secure the license without an additional financial transaction.

 

Ben Greiner:

Okay, great. Well, let's see. I've gone over my goal of half hour live streams. But that's a great overview of Apple Business Manager. Unless, Ross, you want me to mention anything else. And actually, as I'm in here, I could mention or would like to mention, there are ways to federate Apple Business Manager to your domain.

Be careful, there are pros and cons to that. We did do it with this one. We federated to Microsoft Azure Active Directory, which is super cool. But there's a transition phase to get those existing accounts.

Well, there really is no migration process, is pretty much you can migrate the Apple ID, you cannot migrate the content. And that's the struggle. So if you're a brand new business, setting up Apple Business Manager for the very first time and nobody has Apple IDs, maybe we'll look at federated authentication.

But if you're an established company and you have Apple IDs out there, it can get rather complex. So once again, talk to us, we can help you through that. The main goal is let's get everyone on these accounts.

And slowly, let's start using as many of the features as makes sense for your business. So I want to end just with a few Keybase articles from our website, which once again is support.forgetcomputers.com.

Because even though we updated the branding, it's going to be awhile before we can update the domain and the situation. I'm not going to go into the details of why that is, but it is what it is. So I wanted to point out in the list here a couple things. One, going on vacation, learning how to write an effective out of office message.

I thought this was a great article to check out. Under resilience, AirTag basics. I do have an AirTag now. I've been playing around with it. And the big thing in the news is how you're going to stock people with AirTag. Even though there have been tiles and other things out there, Apple has a pretty unique system and the way AirTags work, and the way it works with iPhones.

So I think as people learn more, they'll become less paranoid about this, but definitely read through this. And the last one I wanted to point to, was under ... Don't cook your digital devices in the summer heat.

If anyone's experienced this, my Apple Watch actually got thrown into a warming oven once with a pile of something. And it got really hot, I took it out and it was too hot to use. And it warned me about that, and eventually cooled down. And I've seen a phone do that in a car.

I know it's very common, my brother lives in Arizona, and phone's overheating and cars in Arizona is much more common than it is here in Chicago. But I've also had phones, in the Northwoods of Minnesota in the middle of winter, turn off because it's too cold.

So these are just like us, these devices can only live in certain ranges of temperatures before they start to fail. So be aware of that. And this is a great article. And then the last thing I just have to share, because I think it's so cool, is if you go to youtube.com/Apple, you'll get to Apple's ...

Apple has their own YouTube page. And there are lots of great videos here. And I stumbled upon this one. Charlie Brown, draw yourself as a Peanuts character in pages of all applications. It does require an Apple Pencil. Well, I guess you could use your finger.

But it's a great little video of how to draw yourself as a Charlie Brown character. And then there's this PDF reference, how to draw yourself. So I just thought that was fun. I want to share that. And remember to take advantage of our support channel, as well as Apple support channel, and our support team if you have any questions.

So with that, unless I missed any questions, I'm going to wrap it up. And we'll see everyone in two weeks where our special guest will be Extensis.

We're going to have someone from Extensis, talking primarily about universal type server and universal type client and our new offering that we built in the cloud in cooperation with Extensis. And then we'll probably touch on some of their other products.

They have a digital asset management product, both heavy weight portfolio and more of a lightweight web application, which is relatively new to me. Ross, anything else you want to add?

 

Ross Matsuda:

I think that covers all the basics. Online, Apple Business Manager lets you do a lot of really, really important things today. And as has been mentioned, it's likely going to just become more and more leveraged in the future. And so, it's in everyone's best interest. Our users will appreciate having the functionality and that system and us, as administrators. It's going to allow us to take better care of your devices and offer you a better experience [crosstalk 00:44:08].

 

Ben Greiner:

Yeah, although it's not absolutely required today, it sort of is. If you really want to do everything you need to do, you got to have an Apple Business Manager account. And who knows, eventually, maybe it will be required for all things, managing Apple devices. Apple just hasn't taken it that far yet.

If you have trouble signing up, let us know. And once you are signed up, if you do work with us, ask us how to let us in so we can get that connected to the MDM that we use. Thanks, everyone. Have a great rest of your week. Thanks for joining me, Ross. And we'll see you in two weeks. Bye.

About the Ntiva Apple for Business Livestream

Ntiva’s Ben Greiner hosts the Ntiva Apple for Business livestream every other Tuesday from 12:00 to 12:30pm CT. These live events, presented by the Ntiva team of Apple experts, are sharply focused, easily digestible, and cover topics including the latest Apple/macOS/iOS technology updates, cybersecurity, data privacy, MDM and BYOD policies, and more! We take questions from the audience and share what's working—and not working—for us and others in the industry.

VIEW MORE LIVESTREAMS