iOS Deployments Without Apple IDs

The Problem with Apple IDs

Not long ago, a unique Apple ID was required for every iOS device in a deployment. Without it, a device wouldn’t be able to install apps. Similarly, features like iCloud Lost Mode could not be utilized.

For bring-your-own-device (BYOD) deployments where employees own their own devices, this wasn’t a problem. A given employee already had an Apple ID on their device from installing personal apps. If a device went missing, the company couldn’t utilize lost mode, but the employee could.

For large deployments of company-owned devices however, this Apple ID requirement was a massive headache. Two common solutions emerged:

One Apple ID would be used for every device in the deployment. This sometimes worked, but was a violation of Apple policy. Apple was known to shut down Apple IDs that were being used in this manner. Administrators used scripts to automatically generate hundreds of Apple IDs. They then entered these Apple IDs by hand on each device.

Both of these solutions were nightmares in of themselves for obvious reasons.

Luckily, Apple has gradually loosened the dependency on Apple IDs over the years and now provides facilities to manage iOS devices entirely independent of Apple IDs. If you are planning on deploying a fleet of company owned devices, we strongly recommend using the following features of SimpleMDM.

Device-Assignable VPP App Licenses

An iOS device will not run an app unless it has a license for it. This goes for free apps as well. This isn’t readily apparent because a lot of the app licensing in iOS occurs in the background.

For instance, when installing an app from the Apple app store, iOS prompts for an Apple ID before allowing the app to download. The reason is that Apple needs to apply a license to the Apple ID so that the app will have permission to run on the device.

Enter the Apple Volume Purchase Program (VPP). Apple recently expanded VPP to allow assignment of licenses directly to a device via serial number, instead of requiring an Apple ID. This means that a company can purchase licenses for most apps, including free apps, and license a device to run an app without the need for an Apple ID at all.

SimpleMDM seamlessly handles app licensing at the device level by default. By purchasing licenses for apps in VPP, SimpleMDM will intelligently assign licenses to devices right before installing the app to the device. No Apple ID prompt will appear on the devices themselves.

MDM Lost Mode

As recently as iOS 9.3, Apple and SimpleMDM now support activating, monitoring, and disabling Lost Mode from within SimpleMDM without requiring access to an Apple ID or iCloud account. The only requirement for using this functionality is that a device is in supervised mode.

Lost mode via MDM makes particular sense for company owned devices because IT can effectively recover a device without requiring intervention from the device user. Previously, the owner of the Apple ID on the device would need to grant IT access to their iCloud account, or, IT would need to have pre-initialized a device with an Apple ID.

Next Steps

SimpleMDM supports iOS Lost Mode and device-assignable VPP app licenses. You can begin using these features today and manage your deployment without using Apple IDs.

For further reading, we suggest the following articles:

iOS 9.3 Lost Mode, Per-Device App Deployment, Notes

Introducing Per-Device VPP App Distribution. No Apple ID required.