Why You Need Apple Business Manager Before Upgrading to Catalina OS

by Elaine Evans, on Oct 21, 2019 5:01:43 PM

Mac OS 10.15, Catalina, was released earlier this month and comes with a ton of great new features like Sidecar, enhanced security considerations and more native Mac apps than ever. However, some new features could end up costing your business a lot of time and money if they aren’t addressed properly ahead of time.

The biggest issues will come for businesses who have issued Macs to employees, but have not set up Apple Business Manager or a device management solution.

What’s the potential issue?

Your company-owned Macs could be “locked” by employees via their Apple IDs. Removing this lock could be anywhere from painful to impossible.

Companies that deployed iPhones to their employees five years ago may remember drawers full of bricked iPhones sitting in IT’s desk. Or, having to trek to the Apple store with a receipt to get the lock removed manually. This is the same potential pain that will be coming on Mac OS Catalina for businesses.

Why do Macs get "locked"?

For (very good) privacy reasons, Apple considers all devices as consumer-owned and has put systems in place to protect private data and secure the device for the individual. This particular “lock” is called Activation Lock and is enabled by turning it on through "Find My Device." That way, if a device ever gets lost or stolen, a person can lock it and it can only be unlocked or wiped by knowing the Apple ID and password associated with that “Find My Device” account. 

Currently, it will only affect Macs that have a T2 Security Chip and that are on Catalina. It’s worth mentioning that any new Macs ordered from Apple will usually ship with the newest operating system.

However, unprepared businesses might unwittingly get a Mac back from an exited user, go to wipe it for the next user and suddenly find that they need the Apple ID and password for the previous employee in order to unlock it. This is because they have deployed the device as if it were a consumer device instead of deploying it with Apple’s best practices for business.

How to avoid your devices getting locked?

Apple has developed solutions for businesses and enterprises that prevent this from occurring. You need to make sure you have both of the following:

  1. An Apple Business (or School) Manager account
  2. An Enterprise Mobility Manager (EMM) or Mobile Device Manager (MDM) that allows you to remotely manage and update your company-owned devices (example: Jamf Pro).

The first step is simple to do and you can do it yourself for free. Whether or not your organization is ready for step two, you should absolutely-without-a-doubt set up Apple Business Manager.

When choosing and setting up an EMM, there are many considerations and this could be a longer journey. Depending on your business size, needs and complexity there are a lot of items to consider when picking a vendor. If you’re not familiar with Apple’s best practices around this, you can always use a partner to help you set up an EMM or even manage it ongoing for your company.

This way, if an employee leaves and forgot to remove their Apple ID from the Mac, you aren't stuck with a $2,000 paperweight. 

Wondering what else came with Catalina?

Find out about 32-bit apps, iPad OS, Extensible Enterprise SSO, and more here!


A Blog for Businesses That Use Apple

Our blog is dedicated to educating our clients and potential clients about all things Apple IT-related but in real-world capacity. So, we talk about Mac management, but we also talk about ways to teach your employees about phishing. We highlight topics surrounding our Best Practices for Managing Apple IT in Business.  Learn More  >

Get Apple IT tips for your business straight to your inbox (do it!)