Greetings! In this post, we will be discussing the Best way to Add Mac Devices to Apple Business Manager ABM or ASM and to Intune. We’ll provide a brief introduction to Apple Business Manager and Apple School Manager and how they have evolved over the years in terms of device management for MDM solutions like Intune.
Our previous blog post covered Troubleshooting the Microsoft Enterprise SSO plug-in on macOS using Intune. We provided detailed information on the different types of extensions supported by Apple and, with the help of the Troubleshooting model, discussed in detail Deployment and Application Authentication troubleshooting for Microsoft Enterprise SSO.
Now let’s discuss more on the device add-on feature on ABM or ASM. To manage devices with Intune MDM, adding them to Apple Business Manager (ABM) has become easier nowadays. However, having ABM set up to receive devices is important. Once done, we can manually add iOS, iPadOS, and macOS devices.
To add devices to ABM, we can make use of any of the below methods. This method can help to get the devices into Supervised mode so that the organizations can manage the devices with all the supported capabilities.
- iOS, iPadOS, and macOS devices can be added to Apple Business Manager (ABM) when purchased directly from Apple or through any Apple-authorized reseller.
- Also, we can manually add iOS, iPadOS, or macOS devices to ABM using the configurator app.
What is ABM / ASM?
ABM, aka Apple Business Manager, is a user-friendly online platform for IT Admins to manage third-party MDM solutions (such as Intune). With this platform, purchasing content in bulk for an organization’s iPhone, iPad, or Mac devices becomes effortless.
Let’s discuss the features of ABM,
- Automated Device Enrolment(ADE): Using this feature, we can automate MDM enrollment to simplify device setup without touching or preparing devices for users. It works as simply as Autopilot for Windows. Just add devices to the organization during the purchase or via Apple Configurator along with the preferred MDM solution.
- Apps and Books: In ABM, Admins can bulk purchase apps and books, Push app updates, and complete ownership and control over purchased apps. It seamlessly integrates with MDM solutions.
- Managed Apple IDs: ABM makes it easy to create Managed Apple IDs for each user in an organization. These IDs are separate from personal Apple IDs, and IT administrators can manage their access to services.
- Apple Business Essentials: A subscription helps small businesses to manage their employees with Apple devices with device management. It is only available in the US Region.
ASM, aka Apple School Manager, is a web-based portal similar to ABM Portal. It has similar user interfaces and features. With the MDM solution, Admins can streamline the user setup process, customize device settings, and share purchased apps and books.
- Learn How to Configure macOS Antivirus Policy Using Intune
- Configure macOS Compliance Policy in Intune for Devices
Video How to Setup Apple Business Manager in Your Organisation
Check out the detailed video, which covered How to Setup Apple Business Manager in your Organisation | How to Process Automatic Device Enrollment with the help of ABM/ ASM | How to Create DUNS Number | VPP Purchases and ABM and Intune Sync Options.
Steps to Manually Add Devices to ABM/ASM
Previously, only Apple resellers and telecom carriers could add devices to ABM or ASM through Automated Device Enrolment(ADE). However, Apple now allows users to manually add devices using the Apple Configurator tool, Which means that users can take advantage of ABM or ASM regardless of where the device was purchased.
To manually add devices to ABM/ASM and enroll them into Intune, Let’s check the pre-requisites as listed below
- Apple Business Manager(ABM) must be available for your country
- The Configurator App must be on an iPhone running iOS 16 or later
- Devices should be new or reset to factory settings
- MacBooks should be running macOS v12.0.1 or later and must have Apple Silicon or T2 Security Chip.
During the enrollment process, all devices are completely wiped. Apple considers devices added to ABM/ASM exclusive to the account and, therefore, requires resetting all previous settings.
Steps to Manually Add a Mac to ABM
Before beginning the setup process for your Mac, it’s important to determine how you wish to connect your MacBook to the internet. A few options are available such as :
- Using shared Wi-Fi network credentials (please make sure both iPhone and Mac are on the same Wi-Fi network)
- Using a network configuration profile (create a profile with the right credentials and a Wi-Fi/802.1X payload and save it in the Files app, and configure it in Apple Configurator)
- Using an Ethernet connection(Mac must be internet-connected through cable before being assigned to ABM or ASM)
Please note that Mac devices can be manually added only using the Apple configurator app on an iPhone, However, iPhone/iPad devices can be manually added using the Apple configurator app on either iPhone/iPad or Mac.
Once everything is set up, let us follow the steps mentioned below to get started:
- Ensure the MacBook is connected to a power source.
- Ensure the MacBook is connected to the internet using any of the chosen methods mentioned above.
- Select the preferred language on the MacBook and click ‘Continue’ in the setup assistant.
- Stop at the Country or Region pane as shown below.
In case you moved ahead of the steps Country or Region pane, please restart the Mac.
On the iPhone, install the Apple Configurator if not installed yet, Once installed, launch the app and click continue to sign in with appleID provided by IT Admin.
Note: It’s important to note that this must be an Administrator or Device Enrollment Manager role allowing device assignment to ABM.
With the Configurator App installed, as soon as you move the iPhone close to the MacBook to enroll, it should automatically detect and show as below screen to add the Mac to the organization device.
Scan the image that appears on the Setup Assistant page, or else select the option Pair manually and enter the 6-digit code that appears.
Once enrollment completes, the MacBook’s serial number and other important information will be uploaded into ABM. Once this process is complete, click on the Restart button, as shown below.
It’s important to wait to restart the MacBook until it successfully assigns the device to the Intune MDM server within ABM. Additionally, sync the device to Intune and assign an enrollment profile before proceeding with the end-user setup assistant process.
Steps to Assign the Device to ABM Portal
Let’s follow the steps as mentioned below, on the browser, log in to ABM Portal https://business.apple.com/, and after login, you should now be able to see the new device, which is added manually using iPhone.
To assign the device to the MDM server, click on Edit MDM Server, as shown below.
Select the MDM Profile as created in Intune portal, click on Continue, and then confirm to change the MDM server for the assigned device.
By following the above-mentioned steps, we can be assured that the Mac will be properly set up and connected to the internet. Once the device is added, we can enroll the device on Intune.
Assign Mac Device to Intune Portal
Once the device is assigned in ABM, it will sync in Intune portal automatically every 12 hours, however, IT Admins also can manually trigger the sync process by following the below-mentioned steps.
- Sign in to the Microsoft Intune Admin Center
- Select Devices > Enroll Devices> Apple Enrollment > Enrollment program tokens.
Select the token created for your organization.
On the Enrollment program token, Under Devices Blade, click on Sync and wait for the newly added device to appear.
After the device appears in the list, select the device and click on Assign profile and select the enrollment profile as shown below.
Note: Devices added using ABM/ASM can be synced to Intune at a maximum frequency of every 15 minutes.
Once the profile is assigned to the MacBook in Intune portal, continue with the setup process on the MacBook. And in Intune portal, the devices will be shown as fully managed (Supervised mode).
As we know, organizations use the Hybrid method to join their employees, and this method can be helpful to add the devices to ABM for management features also, devices can be enrolled smoothly without any issues. Once the device is enrolled, Intune compliance policies and configuration profiles can be pushed by IT Admins to secure and protect the device inside the organization.
Snehasis Pani is currently working as a JAMF Admin. He loves to help the community by sharing his knowledge on Apple Mac Devices Support. He is an M.Tech graduate in System Engineering.