Understanding the Key Differences Between Personal and Managed Apple IDs

In the Apple world, the account that controls access to all your Apple-related online services is the Apple ID. Buying apps from the App Store, putting photos in iCloud Photos, and sharing data between iCloud-enabled apps—all these actions rely on your Apple ID. If you’re a regular Apple user, you have an Apple ID associated with your email address.

Most Apple users set up an Apple ID when they configure their first Apple device, and if you don’t have an email address that you want to use, you can create a free @icloud.com address during the process. (If you need to create a new Apple ID, you can do that at appleid.apple.com.)

There are actually two types of Apple IDs: personal Apple IDs used by individual users and managed Apple IDsgiven to employees by businesses and other organizations. Managed Apple IDs are popular with companies that give devices to staff members and need to ensure compliance with various usage and security policies. Let’s look at how they differ:

●     Creation, ownership, and control: Individuals set up personal Apple IDs on their own and maintain full ownership over the account and control over the device. Managed Apple IDs are set up by the organization, typically through Apple Business Manager, and the organization retains ownership and control for centralized management. That control is essential when an employee leaves. Otherwise, a company may be unable to reset a returned device and give it to another employee.

●     Access to Apple services: Personal Apple IDs have full access to all Apple services and features. Managed Apple IDs have much more limited access to protect the organization from unauthorized purchases and insecure behavior. Users with managed Apple IDs can’t purchase anything from the App Store, iTunes Store, or Apple Books. Nor can they access Apple Arcade, Apple Fitness+, Apple Music, Apple Music radio, Apple News+, or Apple TV+. The Find My, Health, Home, Journal, and Wallet apps aren’t available or fully functional. Plus, Apple Pay, iCloud Family Sharing, iCloud Mail, and iCloud+ services like Private Relay, Hide My Email, and custom email domains are unavailable.

●     Security and management: When a device relies on a personal Apple ID, that user is responsible for maintaining security and managing apps (which will belong to the user). That’s appropriate for individuals, but for companies that need to protect corporate information, managed Apple IDs allow the IT department to enhance security by requiring passcodes, enforcing password policies, setting role-based permissions, and separating work and personal data. On the management side, managed Apple IDs make it easier to reset devices, revoke access, comply with legal and privacy regulations, integrate with corporate identity systems, and centralize app licensing.

Though some organizations may prevent it, it is technically possible to use both types of Apple IDs on the same device. For instance, you could use a managed Apple ID on an employer-provided device along with a personal ID to access the App Store, Apple Music, Apple News+, and other Apple services. To do that on an iPhone, you’d go to Settings > Your Name > Media & Purchases and either sign in with your personal Apple ID or, if necessary, tap Sign Out and sign back in.

What’s the takeaway? There are three possibilities, depending on who owns the device and the employer’s security and management policies:

●     Personal device not used for work: If you’re a regular user who has purchased your own device and you either don’t use it for work or your employer doesn’t care what you do, all you need is a single personal Apple ID. Although it’s possible to create multiple Apple IDs and use them for different purposes, it’s a recipe for confusion down the road.

●     Personal device used for work: If your employer has a BYOD (Bring Your Own Device) program that lets you use your own device with corporate resources, they will likely ask to use Apple’s User Enrollment to create a profile on the device that separates personal and work data and allows the use of both personal and managed Apple IDs. Although the IT department cannot access your personal data (emails, messages, photos, location, etc.), it can enforce security policies, install and configure work-related apps, and control corporate data on the device. Some people find the privacy implications of this approach troubling and opt for separate work and personal devices.

●     Employer-provided device: If your employer provides a device for your use, they will likely require you to use a managed Apple ID on it. That prevents you from having to worry about security or management, but comes with some restrictions on what you can do. Talk to your IT department if you also want to use your personal Apple ID on the device.

Hopefully, we’ve clarified the situation surrounding personal and managed Apple IDs. Which makes the most sense in any given situation depends on a wide range of variables, so contact us if you need to talk through the possibilities as either an employee or employer.

(Featured image based on an original by iStock.com/dolgachov)

Social Media: There are actually two types of Apple IDs: personal and managed. Regular users have personal Apple IDs; those who use employer-provided devices are often required to use managed Apple IDs.

Be Careful When Scanning Unknown QR Codes

QR codes, those square, blocky codes you scan with your iPhone’s camera to load a Web page, have become ubiquitous. So much so that we seldom pause before scanning any QR code we see. But if you think about it, that’s the same as clicking random links in emails or texts, which is a terrible idea from a security perspective. “Quishing” (QR code phishing) isn’t commonplace yet, but some sources say there are thousands of cases per month. To avoid falling victim to a quishing scam, only scan QR codes from trusted sources, try to verify what a code will do once scanned, and evaluate the yellow URL preview Safari provides (when using other browsers, all you see is Open in Browser Name). Finally, always install iOS security updates promptly because they often address vulnerabilities that could be exploited with malicious data.

(Featured image based on an original by iStock.com/B4LLS)

Social Media: QR codes—those blocky squares you scan with your iPhone camera—are an easy way to open a Web page. Unfortunately, scammers also use them to trick people into visiting malicious websites, so read our tip about scanning these codes safely.

Two Techniques for Improving Google Chrome Security

Although most Mac users rely on Apple’s Safari for Web browsing, plenty of people prefer Google Chrome for its cross-platform compatibility, massive collection of extensions, and tight integration with the Google ecosystem. Chrome is by far the most popular browser in the world, with about 65% of the market, compared to Safari’s 18%. Still others opt for alternative browsers based on the same open-source Chromium engine, such as Arc, Brave, Microsoft Edge, Opera, and Vivaldi.

Unfortunately, Chrome’s dominance makes it a target for attackers in two ways. First, attackers may attempt to find vulnerabilities that would let them steal data or compromise credentials. Second, although Google reviews extensions submitted to the Chrome Web Store, researchers have discovered malicious extensions with millions of downloads. To keep your copy of Chrome secure, we recommend two things: relaunch the browser regularly and be careful with extensions.

Relaunch Chrome to Install Updates

Google Chrome and all the other Chromium-based browsers update themselves automatically. Sort of. While the browser is running, it downloads the latest update but doesn’t install it until you quit and relaunch. Since both macOS and most apps are highly reliable, many people go weeks or even months without relaunching, leaving Chrome vulnerable to recent security exploits. You can check if you’re running the latest version or need to install an update by choosing Chrome > About Google Chrome. (Some extensions, like 1Password, even refuse to run when an update is required.)

In other words, it’s important that you quit and relaunch Chrome and any other Chromium browsers regularly—we recommend a weekly schedule to match Google’s schedule for security updates. There’s no need to worry about losing your open tabs as long as you set Chrome to “Continue where you left off” in Chrome > Settings > On Startup. All the Chromium-based browsers have a similar setting. (While we’re on the topic, remember that it’s also a good idea to restart your Mac occasionally!)

There is one exception among the alternative browsers: Arc. Its developers have figured out how to download and install updates automatically. The feature is still being rolled out to all users, but when enabled, it installs updates when the Mac wakes from sleep rather than forcing the user to quit and relaunch.

Be Careful with Chrome Extensions

Chrome extensions can be both a blessing and a curse. There are vastly more Chrome extensions than Safari extensions, so Chrome and the Chromium browsers enjoy added features that Safari lacks. On the downside, in 2023, researchers discovered dozens of malicious extensions with tens of millions of combined downloads. Google has removed all of them, but many had been on the Chrome Web Store for 6 months or more.

There are over 100,000 extensions in the Chrome Web Store, so while malicious extensions are real, most extensions are legitimate. But if Google can miss them for months or years, how can you reduce the chances of installing something evil? Here’s what we do:

●     Reduce the number of extensions you install: The fewer extensions you install, the less likely one is to be malicious or cause other problems. Regularly uninstall any extensions you don’t use from Window > Extensions (the location may vary slightly in the Chromium browsers).

●     Only install from the Chrome Web Store: Stick to extensions that have at least gone through Google’s reviews for the Chrome Web Store and avoid direct downloads for extensions.

●     Read reviews before installing: Although reviews are no guarantee, if you see people complaining about unusual behavior, that may be a clue that the extension is doing something sketchy.

●     Evaluate extension metadata: In general, avoid extensions that aren’t used by many people, that don’t have many reviews, or that aren’t updated frequently. Those aren’t guaranteed signals of a malicious extension but may be a hint to be cautious.

●     Review permissions before installing: When you click the Add to Chrome button in the Chrome Web Store, a prompt explains what permissions will be granted to the extension. If they seem unnecessarily broad, cancel the installation.

Don’t stress too much about this. Maintaining good Chrome security comes down to relaunching the browser once a week and being careful about which extensions you use—it’s easy.

(Featured image based on an original by iStock.com/ArtemisDiana)

Social Media: If you use Google Chrome or another Chromium browser instead of Safari, you can stay secure by following two simple rules regarding updates and extensions.