We would like to enforce the use of Managed Apple IDs on company-owned devices. At the same time, users should be able to install free applications on their own without requiring administrators to deploy every app through MDM, as this creates additional administrative overhead.
Why is this required? The primary objective is to ensure that company-owned devices are used only with corporate-managed accounts and to prevent corporate data from being synced, backed up, or transferred to employees' personal iCloud accounts. This helps protect organizational data and reduces the risk of company information remaining accessible after an employee leaves the organization or stops using the device.
We are looking for a solution that enforces Managed Apple ID usage while still allowing users the flexibility to install free apps independently.
Account-driven enrollment methods allow organizations to provide users with the ability to sign in with both a Managed Apple Account and a personal Apple Account. This would allow employees to access their personal iCloud account, download personal apps, and keep work and personal data separate.
For scenarios not addressed by those enrollments, please be sure to file feedback through AppleSeed for IT.