Embracing BYOD Security with Managed AppleIDs

I am excited to see Apple’s recent expansion of identity support in Apple Business Manager, their device and app lifecycle management tool for the enterprise. Simply put, it enables wider adoption of Managed Apple IDs by allowing organizations to use corporate email addresses as corporate Apple IDs, and integrate with a broader range of identity providers (IdPs) beyond Google Workspace and Microsoft Entra ID. IT and security teams can now leverage federated authentication and sync user directories with any public or in-house IdPs (with Okta being the most prominent example), for a more seamless and secure user experience. 

Why This Matters

To me, this is much more than just a new feature. It addresses a long-standing challenge in enterprise mobility: the blurred lines between personal and corporate data. 

Historically, employees were required to use their personal Apple IDs on corporate-owned MacOS devices. This meant the same Apple ID on their work computer, personal phone and tablet. This commingled corporate data with personal data, creating a gray area for both enterprise security tools and users’ privacy. Every BYOD & Enterprise Mobility program has to account for and respect both security and privacy.

• Think about synchronization of our favorite Apple services such as Notes, Files, or iCloud Drive.
• Think about how easy it could be to share an attachment from corporate email to Files synced via personal Apple ID.
• Think about how inconvenient it is to carry two phones and carry the burden of data separation.

Managed Apple IDs have been around for a while and are finally ready for mainstream enterprise adoption. They enable clean separation between corporate and personal space, as well as clean guardrails for data movement, sharing, backups, and synchronization. They will also lead to a better user experience and mutually beneficial terms for BYOD enrollment. Hopefully, MDM will stop being a dirty word.

Protecting sensitive data

With this expanded identity support, IT and security teams will be empowered to establish clear data perimeter controls around corporate devices, and more importantly, on personal devices. However, this separation means that when an end user can’t easily share sensitive information through the usual channels (i.e., attach, copy/paste, print), they are more likely to resort to uploading it to personal, unsanctioned cloud file-sharing services. This makes protecting the web and SaaS vector more critical than ever.

Netskope’s industry-leading security service edge (SSE) platform offers a comprehensive data protection solution. By integrating with Apple’s Per-App VPN capability, Netskope provides granular control over corporate apps and data, ensuring sensitive information remains secure even when accessed through personal devices. 

How do I get started?

The Netskope One Mobile Client is available to use today. If you haven’t yet used the Mobile Client, check out our documentation and get started now. The Mobile Client features available are free for customers. If you’re interested in hearing more about how we address mobile data security, reach out to me or your sales team at Netskope.