Apple Business (formerly Apple Business Manager)

What Apple Business Enables

Apple Business (formerly Apple Business Manager / ABM) is Apple's enterprise portal for organizations deploying Apple devices. Apple rebranded to simply "Apple Business" in 2024. Without it, you're managing iPhones, iPads, and Macs like a consumer — manually enrolling each device, buying apps through personal Apple IDs, and losing control when someone factory resets a device.

Automated Device Enrollment (ADE)

The central capability: when your organization purchases Apple devices through an authorized channel and registers those devices in ABM, they enroll in your MDM platform automatically when first activated. This enrollment is supervised — giving IT access to management controls not available on unsupervised devices — and it's sticky. A factory reset doesn't remove enrollment; the device re-enrolls on next activation.

This is the Apple equivalent of Windows Autopilot. A new iPhone can be shipped directly to an employee; they power it on, sign in, and the device is enrolled, configured, and ready.

Apps and Books

Organizations can purchase app licenses in bulk and deploy them to managed devices silently — no employee Apple ID required, no personal payment information. Apps deployed via ABM licenses can be reclaimed when an employee leaves, freeing the license for reuse.

Managed Apple IDs

Apple Business lets organizations create Apple IDs that belong to the organization, not the individual. Managed Apple IDs give employees access to iCloud, FaceTime, and Apple collaboration features using organizational credentials you control — and can revoke.

A key limitation: Managed Apple IDs cannot be used with the consumer App Store. Apps must be deployed through the Apps and Books program. This is intentional — it keeps personal and organizational identities cleanly separated.

If your organization uses JumpCloud or Entra ID as your identity provider, you can federate those identities into Apple Business directly. When a new employee is provisioned in your directory, a Managed Apple ID can be created automatically. When they leave, removing them from your IdP revokes access to Apple Business as well — no separate offboarding step.

This federation also enables personal device BYOD in a meaningful way: an employee can sign into their personal iPhone with their Managed Apple ID alongside their personal Apple ID, enabling User Enrollment (see the Device Trust & BYOD article) without any organizational visibility into personal data.

MDM Integration

Apple Business ships with a basic built-in MDM capability. It works — but it's only appropriate for the smallest, simplest deployments. Any organization with more than a handful of devices, or with policies beyond the basics, should use a dedicated third-party MDM platform.

Apple Business is a portal and device registration system, not the management system itself. You still need an MDM platform:

• Jamf Pro: Enterprise standard for Apple management. Powerful, extensible, expensive. Right for organizations with 100+ Apple devices or complex Mac management requirements.
• Jamf Now: Simpler, lower cost, adequate for many smaller deployments.
• Microsoft Intune: Adequate for basic Mac management in Microsoft-centric environments. Less feature-complete than Jamf for complex scenarios.
• JumpCloud: Good cross-platform MDM for organizations that want a single platform managing both Mac and Windows.

The Reseller Requirement

Devices must be purchased through an Apple Authorized Reseller or directly from Apple (Business Store) to be automatically registered in ABM. Devices purchased at retail Apple Stores or Amazon are not pre-registered.

You can add these manually via Apple Configurator 2 on a Mac, but it requires physical access to each device. For any significant Apple deployment, establish a purchase relationship with an authorized reseller before buying hardware.

The Zero-Touch Custom Store

When Apple Business is fully configured with IdP federation and an authorized reseller relationship, you can unlock one of the most compelling end-to-end experiences in device management: a custom-branded Apple Business Store.

The workflow:

1. Your IT team logs into Apple Business and sets up a custom storefront
2. Any staff member can visit the store, sign in with their Managed Apple ID (backed by your IdP), and place an order for approved hardware
3. The order ships directly to the employee from Apple
4. When the device powers on, it automatically enrolls in your MDM, pulls its configuration, installs required apps, and is ready for work

No IT staff touching the machine. No imaging station. No shipping to the office first. The employee orders, receives, powers on, signs in, and works. This is the Apple-first vision of device deployment done properly.