Apple Business: When the Free Built-in MDM Is Enough (and When to Upgrade) for UK Businesses in 2026
Apple Business launched on 14 April 2026 with free built-in MDM, replacing Apple Business Manager and Apple Business Essentials. Here's when it's enough for UK SMEs and when you need Jamf, Intune, or Iru instead.
Dustin Rhodes
Stabilise
Apple's most consequential enterprise move of 2026 wasn't a new chip or a WWDC keynote. It was a quiet consolidation: on 14 April 2026, Apple replaced Apple Business Manager, Apple Business Essentials, and Apple Business Connect with a single free platform called Apple Business, and bundled built-in MDM into it at no cost across 200+ countries.
For UK businesses that have been running unmanaged Apple devices because Jamf felt heavy, Mosyle and Iru wanted commercial commitments, and Intune felt like a Microsoft tax, this changes the calculation. Free, zero-touch, no minimum device count, and from a company that historically wanted you to use a third party for any of this.
The question we're being asked by clients is the right one to ask: is this enough? Where does it stop being enough? And if we start on Apple Business now, can we move off it later without a forklift migration?
This is the answer, based on what's in the official documentation as of May 2026, what we've seen rolling out across UK fleets in the four weeks since launch, and what independent enterprise analysts have published about the gaps.
What Apple Business is
Apple Business is one platform that bundles four previously separate things:
- Device management (formerly Apple Business Manager plus the MDM features of Apple Business Essentials)
- People management (Managed Apple Accounts with identity-provider federation)
- Brand management (formerly Apple Business Connect, for Maps and place card data)
- Email, calendar, and directory services (with custom domain support)
The headline change is that the MDM piece was previously a paid Apple Business Essentials subscription at $2.99 per device per month, available only in the US, and limited to organisations under 500 employees. Now it's free, global, and has no documented device ceiling. Existing Essentials customers stop paying the device fee from launch day.
Apple's free MDM includes:
- Blueprints: preconfigured profiles that combine settings, restrictions, and app assignments. This is the zero-touch deployment layer, and it works with devices purchased through Apple or authorised resellers via Automated Device Enrolment.
- Identity federation with Google Workspace and Microsoft Entra ID for automated Managed Apple Account creation.
- App distribution through the App Store, including Volume Purchase Program license management.
- User groups and custom roles for delegating admin permissions by function or team.
- Admin APIs for device inventory, user, audit, and MDM service data, which is the first time Apple has shipped a properly documented API for this layer.
- MDM migration between providers via Automated Device Enrolment, which lets you reassign a device's management service without erasing it.
The paid add-ons are AppleCare+ for Business ($6.99 per device per month, or $13.99 per user per month covering three devices) and iCloud storage at $0.99 per user per month for up to 2TB.
The MDM migration capability is the most important shipping detail buried in the launch. It means you can adopt Apple Business now, run it as your MDM for as long as it fits, and move to a full MDM later without re-enrolling devices or losing your ADE relationships. That single feature changes the risk profile of starting on Apple Business at all.
When Apple Business is genuinely enough
The honest answer is: when your fleet is small, Apple-only, and your security ceiling is "better than nothing."
Specifically, we'd recommend Apple Business on its own when all of these are true:
- Under 25 Apple devices. The current Jamf minimum, and a sensible rough threshold below which the operational simplicity of Apple Business outweighs the depth of a dedicated MDM.
- No compliance obligations beyond standard data protection. No Cyber Essentials Plus, no ISO 27001, no SOC 2, no HIPAA equivalents in your sector.
- Apple-only fleet. No Windows or Android devices that need to live under the same compliance umbrella.
- No EDR or threat detection requirement. You're protecting against device loss and casual misuse, not against a determined adversary.
- No granular configuration policies. You're happy with baseline encryption, passcode rules, app deployment, and remote wipe.
The strongest fits we see in this category are early-stage startups, small creative studios, founder-led teams, and Apple-first agencies that have been running completely unmanaged until now. Going from zero policy enforcement to Apple Business is a genuine security improvement, and it's free.
It's also a reasonable choice for organisations using Apple Business Essentials today. The migration is automatic, the cost goes down, and the capability stays roughly equivalent.
The signals you've outgrown Apple Business
This is the section that matters more, because most of our UK clients hit at least one of these signals within a year of starting with built-in MDM.
Compliance frameworks
Cyber Essentials Plus, ISO 27001, SOC 2, NIS2, and HIPAA-equivalent frameworks all require evidence that you can't produce from Apple Business alone. Independent analysis from Iru's own product team summarises it bluntly: "Apple Business has no compliance posture reporting or automated evidence workflows."
You can build Cyber Essentials Plus compliance on top of Apple Business with manual evidence collection, but if you're going for the certification we'd argue strongly against it. The audit overhead removes any cost saving from using free MDM. We've taken several clients through CE+ on Jamf and the audit trail comes together with very little custom work; doing the same on Apple Business is a different sport.
If you're chasing any compliance certification in the next 18 months, plan to be on a dedicated MDM by audit time.
Mixed fleets
Apple Business manages Mac, iPad, and iPhone. That's it. Any Windows, Android, or Linux device in your fleet needs separate management, and the moment you have two MDMs you're maintaining two policy stacks, two reporting layers, and two compliance contexts.
For UK SMEs with even a small Windows minority, Microsoft Intune is almost always the right answer because Intune is bundled into Microsoft 365 Business Premium and E3/E5 licences that most businesses already own. We covered this trade-off in detail in our Jamf Pro vs Microsoft Intune vs Iru comparison.
EDR and threat detection
Apple Business is a configuration platform, not a security platform. It does not detect malicious processes, lateral movement, ransomware activity, or compromise indicators. It cannot integrate with CrowdStrike, SentinelOne, or Defender for Endpoint.
If your insurance, your customers, or your legal counsel require demonstrated endpoint threat visibility, Apple Business does not provide it. You need either a dedicated EDR layered on top of an MDM that can deploy and govern it, or a unified platform like Iru that bundles endpoint management and EDR together.
Granular configuration policies
Apple Business policies are designed for ease and coverage rather than depth. There's no CIS benchmark library, no custom script execution, no staged rollout logic, no advanced configuration profile authoring, and no conditional access enforcement.
Apple Business does federate with Microsoft Entra ID and Google Workspace for account creation, but it is not an identity provider and does not enforce conditional access policies on its own. If your security model relies on "device must be compliant to access this app," you need an MDM that can report device compliance back to your IdP, which is one of Jamf's and Intune's core strengths.
Multi-tenant or MSP-style management
Apple Business is built for a single organisation managing its own devices. If you're an MSP, an investor managing multiple portfolio companies, or a parent organisation with multiple subsidiaries, you'll struggle. The platforms designed for this work (Jamf, Intune, and Iru) all have mature multi-tenant architectures; Apple Business does not.
Admin authentication and audit depth
The 2026 enterprise feedback Apple received was clear: admin authentication is still SMS-based, passkey support for admins isn't there yet, and granular audit trails for security-sensitive actions are thinner than enterprise buyers want. None of this is fatal, but if your security operations team is auditing every admin action, dedicated MDM platforms have much deeper logging.
The 2026 decision matrix
Putting this into a single view:
| Situation | Recommended stack |
|---|---|
| Under 25 Apple-only devices, no compliance, simple needs | Apple Business alone |
| 25–50 devices, Apple-only, no compliance certifications | Apple Business plus selective Jamf Now or Mosyle for granular policies |
| Any Cyber Essentials Plus, ISO 27001, or SOC 2 obligation | Apple Business plus Jamf Pro or Intune |
| Mixed Mac and Windows, Microsoft 365 estate | Apple Business plus Microsoft Intune |
| Mac-heavy, Microsoft-light, mid-market | Apple Business plus Jamf Pro |
| 100+ devices, Apple-first, want consolidation | Apple Business plus Iru |
| MSP or multi-tenant requirement | Skip Apple Business as primary, use Jamf Pro, Intune, or Iru directly |
In every "plus" scenario, Apple Business still does useful work. It handles Automated Device Enrolment, Volume Purchase, and Managed Apple Account federation, and it remains the trust anchor for the rest of your stack. You're layering a full MDM on top, not replacing it. This is the model Jamf has been describing for years: "you need both Apple Business Manager and an MDM." That's still true in 2026, with the bonus that the Apple Business half is now free.
What changes about how we'd advise a client today
For our smaller clients who've been resistant to MDM cost, the conversation we're having now is different. The new starting point is: "let's get you onto Apple Business this week so you have a baseline, then we'll plan the upgrade path." Six months ago, the same conversation involved a Jamf Now quote and some hesitation.
For clients with compliance requirements or mixed fleets, the conversation hasn't changed much. They needed a real MDM before; they need a real MDM now. What did change is the trust anchor: Apple Business sits underneath Jamf, Intune, or Iru as the federated identity and ADE layer, and it works better than the old Apple Business Manager did. The APIs are properly documented, the migration story is real, and the brand and identity layers are now usable instead of half-finished.
The other shift is for clients on Apple Business Essentials. That product is end-of-life as a paid service. The migration to Apple Business is automatic, the cost goes down, and the feature set roughly equivalent. If you were on Essentials and have been wondering whether to move, the answer is that Apple already moved you. The new question is whether the Apple Business that replaced it still fits, or whether the gap you've been working around is finally big enough to justify a proper MDM.
How we help with this
We're a Jamf Silver Partner and our engineers hold JAMF 300 certifications, but we deploy and run all five common stacks (Apple Business, Jamf, Mosyle, Intune, Iru) across UK clients in film and TV, creative agencies, architecture, and finance.
The pattern we use with clients in 2026 is:
- Get everyone on Apple Business as the baseline. It's free, it's fast, and it solves the "completely unmanaged" problem in a week.
- Map your compliance, identity, and security obligations against the gap matrix above.
- Pick the smallest dedicated MDM stack that closes the actual gaps. Don't buy Jamf Pro for a 20-person agency with no certifications. Don't try to do Cyber Essentials Plus on Apple Business alone.
- Use Apple Business as the federation and ADE layer underneath, not as a competitor to whatever you layer on top.
If you want to talk through which version of this maps to your business, book a free audit and we'll work through the gaps together. If you're in a hurry and just want a baseline this week, the Apple Business path is now genuinely useful, which is a sentence we couldn't write a month ago.
Frequently asked questions
Is Apple Business really free for UK businesses? Yes. Apple Business launched on 14 April 2026 across 200+ countries including the UK, and the platform itself, including built-in MDM, identity federation, app distribution via the App Store, and Blueprints for zero-touch deployment, is free for businesses of any size. Optional paid add-ons include AppleCare+ for Business at $6.99 per month per device or $13.99 per month per user covering three devices, and upgraded iCloud storage at $0.99 per user per month up to 2TB. Apple Business Essentials customers no longer pay the previous monthly service fee for device management.
Does Apple Business replace Jamf, Intune, or Iru? For most organisations with compliance, security, or scale requirements, no. Apple Business covers the basics well: zero-touch deployment, passcode enforcement, app distribution, and identity federation. It does not provide EDR, threat detection, SOC 2 or ISO 27001 compliance reporting, granular configuration policies, Windows or Android management, or third-party security integrations like CrowdStrike or SentinelOne. If you need any of those, you still need a full MDM like Jamf Pro, Microsoft Intune, or Iru.
When is Apple Business built-in MDM genuinely enough? Three signals: you have fewer than 25 Apple devices, no compliance obligations beyond standard data protection hygiene, and no requirement for granular configuration profiles or EDR. Typical fits are early-stage startups, small creative studios, founder-led teams, and anyone moving from completely unmanaged Apple devices to a baseline that includes encryption, passcode enforcement, and remote wipe. Anything beyond that and you outgrow it quickly.
What happened to Apple Business Manager and Apple Business Essentials? Both were consolidated into Apple Business on 14 April 2026, along with Apple Business Connect. Existing data and workflows migrate automatically. Apple Business Essentials customers stop being charged the previous monthly fee, which was $2.99 per device per month for the basic plan. Apple Business Manager workflows including Automated Device Enrolment, federated identity, and Volume Purchase Program continue to work, now under the new Apple Business brand.
Can I migrate from Apple Business to a third-party MDM without wiping devices? Yes, and this is the single biggest operational improvement Apple shipped in 2026. The new MDM migration capability in Apple Business lets you reassign Automated Device Enrolment from one MDM service to another without a factory wipe. This applies to iPhone and iPad fleets in particular, where reassignment was previously disruptive. It makes starting on Apple Business and moving to Jamf, Intune, or Iru later a low-risk decision rather than a one-way commitment.
