The 2021 Apple Worldwide Developers Conference showed us a lot of great things that Apple has been working on. Included in Apple’s plans are improvements and focus around the iOS User Enrollment workflows for adopting MDM for BYOD devices. This is a welcome development that gives organizations the ability to enforce a few lightweight restrictions (A PIN code! Automatic Lock! Managed Open In!) without having to enroll into a full MDM with the possibility of corporate overreach on personal devices.
There’s a challenge here, and this is where I need your help.
User Enrollment requires a Managed Apple ID in the hands of the user. Currently, there are two ways to create a Managed Apple ID. You can manually fill out the form in Apple Business Manager, or you can federate your domain with Azure AD. This isn’t ideal for organizations that aren’t using Azure AD generally speaking. There are a lot of other IDPs out there. Okta. OneLogin. My very own JumpCloud. These are organizations that should have the ability to provide both SCIM provisioning and identity federation.
Apple handles feature requests in a novel way, via Feedback Assistant. This system allows them to receive feature requests and bug reports in the same system, and allows them to group issues and respond to them based on need. I’m here to encourage the community to let Apple know they want to federate Managed Apple IDs with other IDPs.
First step is logging into Feedback Assistant with an AppleSeed for IT Apple ID. You can use the same Apple ID that you login to Apple Business Manager with. Once you’re logged in, it’s time to create the Feedback:
Start your Feedback in the Enterprise & Education section. If you don’t see the Enterprise & Education section, check to make sure the top left says the name of your organization (for Developer accounts) or Personal (for Managed Apple IDs).
Writing feedback to Apple is a lot like writing feedback to your team. You want it to be actionable, you want it to be specific, and you want the reasoning to be clear and concise. In the product world, this is a User Story. As an IT manager, I want to allow my staff to sign into company resources on their personal device in a safe container, but I don’t want to manually create Apple IDs, or add another IDP to our workflow.
Provide a clear title that lays out your concern. In my case “Federate Managed Apple IDs with JumpCloud”. Set the area you’re seeing an issue with to Apple Business Manager.
The next piece is up to you. I can see this as a Suggestion, or an Incorrect/Unexpected Behavior. You choose.
Using the latter flags it as a bug that is preventing business activity, and requires an impact statement. Suggestion is a ‘nicer’ way of handling this.
The Feedback here is an art, and every organization needs to approach it organically. There are a couple of major points to make:
Apple has placed a huge emphasis on User Enrollment for BYOD Devices in Enterprise. They see BYOD devices as an important area for development. A major feature of iOS 15, and of MDM development, is tied to User Enrollment.
I would align feedback to the effect of:
“As an organization, we want to encourage the adoption of User Enrollment to our MDM. We believe that our corporate data should be safe on our employees’ iPhones and iPads, and that our organization should be allowed to set some basic guidelines for access to that data around security. To that end, we want to support User Enrollment, but we have XXX people, and manual creation of Managed Apple IDs is a dealbreaker for our IT department, and federation and provisioning with our Single Sign On Provider, JumpCloud, would allow us to implement this feature in a manner consistent with our IT goals and requirements.
Our current user count is XXX and we currently spend $XX,XXX on Apple products, and estimate that our XXX employees spend approximately (XXX times $800) per 2 years on personal iPhones.”
It’s important to provide impact dollar amounts so that categorization can be done on the feedback request.
Once you’ve written your story, submit your feedback! If you wanted to do me a favor, let me know about your Feedback Request.