Apple has begun rolling out some nice improvements for Business Manager in the domain management aspects, particularly on easily accessible insights into personal Apple IDs on your verified domains.
The updates include:
- Option to lock your domain to prevent people from creating personal Apple Accounts on your domain.
- Ability to view unmanaged accounts and capture your domain without connecting to an identity provider.
- Once you capture your domain, users have the option to transfer their account to a Managed Apple Account or rename it and keep it as a personal account.
- If users don’t convert or rename their accounts within 30 days (previously 60 days), they remain personal accounts and are renamed automatically as before.
What will this mean? Well, first of all domain locking means that organizations can now lock their domains to prevent the creation of any new personal Apple accounts using company email addresses. This is a big step forward in maintaining clean separation between personal and business accounts.
A close second is better domain visibility with a new feature that allows administrators to view unmanaged accounts within their domain without requiring an identity provider connection. This improved visibility helps organizations better understand their Apple account landscape, and wasn’t easily done – since you had to connect your IdP provider first, and that often isn’t done before you are in the implementing stages.
Account migration is also getting a revised timeline, with a shorter grace period given to the Apple IDs that are targeted for capture by the verified domain owner – down from 60 days to 30 days. After this period, accounts that haven’t been explicitly converted to Managed Apple IDs will be allowed to remain as personal accounts and undergo automatic renaming.
This makes sense if the account contains lots of personal data, and has purchases linked to Apps and content in the App Store. If the account has been set up by the employee primarly for work purposes however, then the best option might be to convert it to a Managed Account in the organization.
What does it all mean?
These updates – in my humble opinion – are quite the step up in Apple’s ABM toolbox, especially when it comes to account and domain ownership. The ability to lock domains and manage account conversions / migrations more effectively helps organizations maintain better control over their digital workplace environment.
For those managing BYOD environments or moving to managed Apple devices, these features provide clearer boundaries between personal and organizational accounts.
Aditional resources
For detailed information, check out Apple’s official documentation and release notes:
- Apple Business Manager User Guide – Apple Support
- Apple Business Manager release notes – Apple Support
Stay tuned for more insights on Apple device management and enterprise mobility. If you have experience with these new domain management features or questions about implementation, feel free to reach out!
