It can be done that way, but it is definitely not the norm. Businesses will generally “purchase” (many for €0) apps in ABM that are to be used for business purposes and push those to devices, the user can then use an Apple ID to download any other apps they want for personal use.
If they’re using Managed Apple IDs they will have no access at all to the app store and won’t be able to download their own apps anymore. IT department will have to buy and assign any apps that anyone needs, even the $0 ones that only 1 person needs.
Yep. Truly horrid policy. Where I work our issued iPhones suck to use without App Store access; no Bitwarden was the killer for me personally. Everyone I checked with uses their personal email/Apple ID instead of the MAID, and there's a sword over your head if you ever accidently copy/paste something from internal emails to something like Notes which has iCloud sync (we're semi serious about leaker). Absolute failure of an MDM setup by Apple.
MDM can restrict pasteboard from managed apps to non-managed apps, as well as allowing iCloud sign-ins but restricting which iCloud services are allowed.
It's an absolute failure of the MDM server administrator for allowing such things, not on Apple.
I haven’t. Did have issued laptops that were company managed but I basically didn’t use and, in any case, I like many others reinstalled a clean operating system image and did my own support.
At most decent sized companies with a cyber security and network admin team, this is probably the fastest way to get disconnected from the internal corporate network with no way to reconnect.
I was talking about domain capture. If you own my apple ID just because I used the company email to register it, I will definitely consider sueing you.
Just on a personal note, tying your personal devices to your work email account is a very silly thing to do. Even if it's your company you could be locked out of your company email account at any time (HR grievance, SEC investigation, hostile takeover...) Losing access to your devices and not being able to access things like reset emails at the same time would not be fun.
This was a big pain in the ass for me to figure out. I ended up using the free version of Mosyle and hiring someone on Fiverr to help me figure out how to get the licenses assigned to our managed devices.