Apple Event: May 7th at 7 am PT
I understand the ability to restrict features on a business or educational device but I don not understand not having the option to allow these features. It makes me question Apple's security and their confidence in their own products.
This is a strange conclusion to draw.
I am assuming you are criticizing the feature set of Managed Apple IDs. The concept of Managed Apple IDs is that payment information does not need to be associated with the ID since the company/school that is managing the Apple ID should be providing all the apps and services required for a person to perform a job or learn. This usually does not include entertainment services.
For example, why would a student in the 8th grade need Apple Pay, Music, TV, etc.? These service are geared toward the individual and thus are accessible via personal Apple IDs. Likewise, why might an employee need access to these consumer focused services? I would not be happy if my employees were watching Apple TV all day or started installing Apps that are not approved by the organization (interpret this as games).
Digging deeper, Managed Apple IDs can be recovered by the company. The fact that Apple does not allow attaching payment information is a sign of how well the security model is thought out. If you have a Managed Apple ID and you added your personal credit card to the ID, how comfortable would you feel knowing that your employer now has access to that payment information through their Managed Apple ID?
Apple's decisions are about security. But not in the way you are interpreting. Apple is providing Managed Apple IDs for companies/schools who need to use Apple IDs but also want to control the data associated with them. Remember, personal Apple IDs are some of the greatest data leakers in enterprise. A user who enables iCloud Desktop is now storing intellectual property of the business in their personal Apple ID. When they leave, the data goes with them. Rethink your position on why Managed Apple IDs have the limitations. It has nothing to do with the security of Apple's services. It has everything to do with protecting the organization's data and workflows.
Hope this provides a clearer understanding of the role Managed Apple IDs play.
A business or school should be able to lock down a device to whatever degree they deem appropriate, which may be extremely restrictive for many reasons. They should also be able to loosen the restrictions as they see appropriate. We have Apple Business Manager to simplify device provisioning and take control of a device if an employee leaves the Firm. However, I do not want to approve and add every application that 90+ executive-level employees may wish to use on the device that I have entrusted them with. They work around the clock and are welcome to listen to Apple Music or watch Apple TV when traveling, during their 90-minute commute, or as background noise in their executive office . They can add their corporate card to their Apple Wallet for convenience when incurring business expenses. These items may be a risk to some businesses but not mine. Control needs to be granular. However, the Apple site says it blocks the App Store, Apple Pay, Apple Music, and Apple TV+ blindly to protect businesses, so it obviously classifies these activities as inherently risky.
If Apple Business Manager blocks App Store, Apple Pay, Apple Music, and Apple TV+ to protect the business does that mean Apple does not have confidence in its own security?
