Small-Business iPhone Deployment
I have a friend who has managed to successfully lobby his employer to switch the company-issued "feature phones" to iPhones. He has been peppering me with questions on how to set these phones up with employees' and the employer's Apple IDs.
(The company has between one and two dozen employees, so they're definitely not at the level that Apple considers "Enterprise". Plus they're in Canada, so the new business app store isn't available to them yet.)
Ideally the employees would be allowed to install their own non-business-related apps, music, videos, etc. In addition, a number of business-related apps need to be installed, some of which may be expensive.
Here's what I'm going to suggest to them:
Each employee should be assigned their own company Apple ID using their company email address and a password that will be known only to the IT guy. The billing information will be set up to bill to a company credit card.
Company apps would be installed (and updated) using this Apple ID and password (this would probably happen only infrequently). Personal apps would be installed and updated with the person's personal Apple ID.
That way if and when an employee leaves the company, the expensive business apps can stay with the company/device, and the employee's extensive collection of Lady Gaga remixes can stay with their iTunes account and any subsequent devices they purchase.
The only workable alternative would be to purchase all company apps with the same Apple ID. Unfortunately this runs afoul of the (non-personal-use) App Store T&Cs.
Any advice or alternatives I've overlooked would be greatly appreciated.
I recently went through a similar proof of concept corporate iPad deployment and had the same questions walking in. The direction we went might not be the best solution, but it worked for us and maybe it will give you a hand with your deployment.
Know your Audience
Early in our deployment it became glaringly obvious that this would have to be a simple solution. Apple devices are designed to be simple, that's the draw in the corporate world. Our main audience was managers, VPs, and CXX level executives. A good number of these folks either aren't technically savvy enough to deal with a complicated configuration, or simply don't have the time to fuss with a device.
It should just work, out of the box, like it was designed.
Just Say NO to Multiple Accounts
Firstly I can see one big problem with your initial plan. By stating that you have an account created with a secret password I'm assuming that you're having a helpdesk configure the devices and install the software before they're handed over to your end users. What happens when an application is updated in the AppStore? Your helpdesk will have to enter the password to have the application updated. Depending on the size of your company this could eat up a ton of time, and most of your end users most likely won't ever bother to go through the process to upgrade.
Additionally, when John Doe leaves the company, the software purchased for [email protected] will be assigned to John's replacement Fred Flinstone and his iPhone. You now have [email protected] using the account [email protected]. It might not be a big problem at first, but this will easily get difficult to manage down the road.
Mobile Device Management
Depending on the size of your deployment you might eventually start looking at one of the many Mobile Device Management (MDM) solutions out there. We did. It's likely that things will change in the future, but as of this posting we didn't find much that an MDM solution would bring to the table that our Exchange environment wouldn't already provide.
MDM offers a simplistic way to deploy VPN, Wi-Fi, and user profiles. If you're not using Exchange or aren't comfortable with rolling your own solution you might gain more from one then we were able. Other benefits would be device tracking, and enabling your helpdesk to do basic device troubleshooting, device wiping, remote locking, etc. Read the link to Wikipedia above for more information and a decent list of the bigger vendors in the field.
Application Purchasing
We first identified a list of applications that we would recommend for different tasks, and published the list and relevant links on our company intranet. Initially we installed a few applications when we initially configured the device, but ran in to the time problem above. We calculated a total estimated dollar figure of all applications that an average user would purchase and bought gift cards for that amount + an additional X% for growth. This was more convenient for how we do purchases then gifting would have been.
Apple recently announced their Volume Purchase Program (VPP), and you might want to look in to that if the solution above isn't any help.
Further Reading
- iPhone in Business
- Gartner Magic Quadrant for MDM
- iPhone Business Profiles
Best of luck to you, we learned that smart devices in the enterprise is a rapidly growing environment and there's no "right way" to do things yet. Apple is constantly improving their tools to make the transition better, but they're not quite there yet.
Having two accounts on a device is a real hassle. Until it makes sense for the company to get a Dunn & Broadstreet number and go enterprise, the gifting of apps is the easiest way to go.
If the app allows them to perform a critical job function, how is even $500 a year "expensive" when you are paying a salary, benefits, insurance. I don't mean to trivialize any IT expense, but would anyone want to work with a company that's so cheap, they won't pay for tools that make sense? Especially tools that let it's employees get work done 24/7 wherever they have a cell signal.
We're not talking about $25k which is a ballpark true costs of a 10 person laptop deployment covering one year and light software. If you look at this from a productivity / ROI standpoint - iOS deployments are some of the cheapest on the planet as well as the easiest to justify. Just buy apps that are obvious winners in the next 6 to 18 months and assume your employees will stick around.
That being said, most deployments I have seen end up layering a work Apple ID for work purchases and a personal Apple ID for personal purchases. At some point, people will be more comfortable expensing iOS app purchases like they expense hotel rooms and instead of worrying about losing all the purchases, they will learn that losing only a fraction of the apps when an employee leaves or changes roles isn't as expensive in practice as it seems when you start upon a project where all apps are purchased through Apple's app store ecosystem.
There is Apple Business Manager and VPP as well, but it's not clear that the benefit in flexibility outweighs signing up for MDM and VPP and just expensing apps, but if you want to start for free with a very well supported MDM that is targeted for small organizations that don't necessarily have IT staff, the best for a few years going is:
- Jamf Now - https://www.jamf.com/products/jamf-now/
- Apple Business Manager - https://support.apple.com/en-us/HT208817
I would go with JAMF Now until the cost outweighs the benefit and then stop paying for that the next month you don't feel you benefit from it or go back to the 3 free devices to manage. I wouldn't start down VPP / Business until you've spent $1000 and have 10 devices to manage for the average team, but you situation and funding might tilt the balance higher or lower based on how much you value the time of the people that will manage / set up / learn how this all works.