How do you manage your Apple accounts at work and at home?
With the use of asset management software, iCloud accounts pose an issue for me.
If you receive a Mac from work, often times it requires an iCloud account. If you for example, want to respond to iMessages, or listen to your Music, you would have to login with your personal account.
If you were to create a separate iCloud account, then you will basically need to have two subscriptions for Music for example. And different ids you are contactable at.
In addition, assuming that they don't need to do password entry, an admin could view some contents of your iCloud account.
Is there a solution to this that might not be commonly known? Does this actually require me to have a separate iCloud account for work and home, and a separate Mac for work and home?
I understand that Apple are releasing a work and home mode for safari to help with some of this personal usage, but I think it is an issue, and a waste for people to maintain multiple iCloud accounts, purchase multiple machines, and have notes and other materials scattered across machines and accounts. At the same time, the company has an interest to be able to update or wipe the machine in case of security issues.
Would appreciate your opinions. I separate work from personal life as much as possible. I create a new iCloud account with my work email and use that. I never use my iCloud account in my company’s hardware [0]. If I want to listen to music, I play it from my personal iPhone, which I have with me all the time and has all my personal accounts. 0: This is the same as I would use my work email to create a GitHub account and join my company’s organization, etc Especially with a remote role, there is no good reason to use your work laptop for personal. Just keep your personal at the same desk. I sign into my work Mac with my personal iCloud account. I use most of the Apple features, but don't sync files. My login account is attached to Active Directory, and admins would have to sign in with a standard local account or their own AD account to manage my device. AFAIK there's no way to access the Photos.app contents from the filesystem. I haven't tried that hard, but you can't look in the directory in ~/Photos. I'm sure at some level most of this stuff is possible, but only in some extreme situation would anyone go that deep to access any of it. I'm much more concerned about accidentally syncing work things out to iCloud than syncing personal things into my work environment. Seems like they would be accessible from: /Users/<username>/Pictures/Photos Library.photoslibrary/originals If another user is a domain administrator (and depending on your AD configuration) they may be able to access the files in your home directory. Might want to check on that! That directory is files that are exported from the app or imported from MacOS into Photos.app. Photos is just a database file isn’t it? You could copy that file out and the import it into another instance of Photos on another Mac. I’ve done this before to recover photos when moving around laptops. My concern with logging into my Apple ID on my work Mac is that there is cached data installed locally. Things like messages, photos, even tabs from other devices if you’re syncing Safari… there’s just too much to consider that could potentially be recovered by IT. I think (hope) most of this stuff is encrypted (like I think iMessages is) but it still gives me pause. Would love to be educated otherwise! My wife needed more storage, so we got the family iCloud+ subscription. When it came time for me to set up my work laptop, I made a separate account, but added it to my family. That way I can use my purchased apps and subscriptions on my work machine. Not a perfect solution, but works pretty well for me. This! If you really want to have access to some of your personal stuff, setup a family account and only share what you want with the account (music/subs etc). With Messages and Music in particular (and perhaps other apps), you can sign into a different Apple ID than the one used for the system-level iCloud account. Did not know about messages, but I was logging in with personal account to Music. Haven’t tried that with Messages or Music. But I know for certain that it works with TV.app. Create a work appleID and use it on your work laptop. Don't allow any personal data on your work laptop (don't visit HN from it) and don't allow anything work related to contaminate your personal devices. Legally you don't want them to mix. This makes it easier to keep track of which IDs you are using, etc; makes it harder for you to goof off while working; and reduces the opportunities for work to intrude on your personal time. I sidestep the issue and use Spotify. My music use is spread between my iPhone, work Mac and my Linux PC at home. Previously, used to also have an Echo Show. I find Apple’s offering too restrictive even if lossless listening is tempting. Data storage and services are different accounts. The iCloud account stores your documents and files while the itunes account contains your subscriptions like apple music, app purchases, playlists, etc. I usually have a separate iCloud for work devices while having a common iTunes account between work and personal devices. That's what I do. I have one account ("Apple ID") for iCloud, and a separate one for music and App Store purchases. A couple of caveats, though: Apple encourages using the same account for everything, and their interfaces try to autopilot you into that setup. You have to pay attention, and find & choose the "I'll set it up myself" options. Also, Apple uses email addresses as the name/identifier for Apple IDs, so to set up multiple IDs, you need multiple email addresses. iCloud includes an optional email account, do it's easy to use that for the iCloud account yourself and your personal email address for the other. Which reminds me: don't tie your personal stuff (iCloud, purchases, whatever) to an Apple ID under your company email address. If it's stuff you should keep after leaving your current job, it should be under an Apple ID that's tied to an email address you'll still have after leaving the job. On the other hand, for things that're part of the job (e.g. apps purchased by the company for the job), it should be under an Apple ID "owned by" the company and tied to a company-controlled email address. I keep it all separate. Use my personal phone if I want to access my own stuff. Works hardware belongs to them and I use it for work only. You should never sign into personal accounts on a work device. Use your phone for this I ran the Apple Enterprise account for a municipality in Denmark. I don't usually have a work device, partly because I don't want to bother with the taxation rules but mainly because I just don't want two devices. Anyway, what I did was that I got our IT department to create an Apple account that wasn't exactly tied to a specific person and use that to create the municipality owner account. You'll have to go through Apple verification which involves real world phone class, but once we were done with that process, I added my own account with admin rights. This way I didn't have the issue of not having a "work" device while also making sure the municipality would keep owner rights with no issues if I died. I think our biggest issue was actually the payment. Usually you won't want to tie a credit card to enterprise payments because credit cards run out, but with Apple we had to. So we had to set up alarms and stuff to remind IT to renew it. Ideally you wouldn't want to do much of that, but unless Apple has changed their ways they are still just terrible at selling products to enterprise and you'll likely have to make do. Just make sure the "owner" account isn't a personal account that can't be transferred when an employee leaves. Totally seperate. I learn never to cross pollinate. If I want to use my Apple Music subscription, then I’ll use my iPhone. Your work laptop is not your laptop. Make seperate account and just abandon then when you switch jobs. > it is an issue, and a waste for people to maintain multiple iCloud accounts, purchase multiple machines, and have notes and other materials scattered across machines and accounts It is an issue, and security concern, for employees of an organization to risk adding corporate devices to their personal accounts, and vice versa. Why would you want your personal stuff on a machine you don't own? I use my work email for my work AppleID, and use that to sign into my work-provided devices. Never the twain shall meet. In addition, we have a Developer account, which would even further muddy the waters if I start mucking around with personal stuff (certificates, provisioning profiles, etc.). > an admin could view some contents of your iCloud account Yeah; that's why you don't give them access to it. I also don't use Outlook and Teams on my personal phone. Work gets to contact me on my work devices. > two subscriptions for Music for example. And different ids you are contactable at No? Just don't buy a second Music subscription. Also, you have a work and personal email; are those multiple points of contact also an issue for your coworkers/family? Apple supports app specific sign-ins. That is what I do. I don't have a novel solution to your problem, but here's my experience. I had a mac laptop for a previous job and I went down the route of using separate a iCloud account. I used spotify so it was no issue in terms of music. The company was also heavily into the Microsoft office suite of products, but I opted to not use OneNote but instead used a password protected sync-able third party note app. I did this so I could have my notes if and when I left. I personally value a clear separation of my work and personal accounts so I found this worked pretty well for me. Perhaps you could remote into your personal mac for iMessage/Music? It would be clunky but would protect your privacy. My work Mac provided by my company disables iCloud, which is fine by me, as I never wanted or intended to do things like check text messages or listen to music on my work laptop anyway. I do sometimes listen to music while working, but usually I stream that from my television, as the home theater sound system is far better than what I'd get from a laptop. Heck, I don't even check Hacker News or sign into the browser from my work machine. Laptops are lightweight. I just keep two nearby so I can work from one and goof off using the other. Same. Completely blocked at work and probably should be to prevent data exfiltration, so I'm fine with it. We have a separate network for personal devices anyway if you want to listen to Spotify or YouTube music all day. Only complaint and it's minor is I can't treat my personal ipad pro as a second monitor because that requires being logged into the same account on both devices. But again that would be a vector for data exfiltration so that's cool. I keep the accounts separate. If I want to listen to music while using my work computer, I use my phone. I only do work on my work computer. I've seen people unintentionally leak personal info that they did not want their employer finding out by work and personal mixing things, either through carelessness or raw stupidity. Don't sign up for Ashley Madison with your work email or text your sugar baby from your work iPhone, don't download porn or buy drugs on the dark web with your work laptop. Just don't do it. Music on phone and messages with focus times or do not disturb. I rarely log into any personal things on my work computer. I encrypt and email my weekly notes or reports to build my resume or send personal things home from work if necessary. I tried using apple notes for sync between iOS/macOS/pc and it fails due to slow or no updates. Only work around I found is pin/unpin each note which gets annoying. My co-worker uses a personal PC laptop and remotes into a work PC so he controls what work sees. > If you receive a Mac from work, often times it requires an iCloud account. It doesn't. Organizations should prohibit employees from using iCloud at all on their work machines. It's not work. If employees need to listen to music or respond to iMessages they should feel free to bring their own Mac or most likely an iPhone to the workplace. The workplace should provide a separate Wi-Fi that directly connects to the public internet. I think you may have missed Managed Apple IDs, they are exactly for corporate accounts. The administrator can select which services are available and also which devices they can be signed into. > Organizations should prohibit employees Why? The answer is in the next sentence after the one you quoted. "It's not work." Well unless the company is actively working on integrating their product with iCloud. Not a solution but FWIW, in my time working at Apple, they encouraged you to log in to work devices with your personal ID (with the expectation you don't allow files to sync). There were some people who kept them apart, but the overwhelming majority just used their personal with no issues. Personally I made a new one, but at the time it was my first Apple device so wasn't really a decision. iOS developer here. I have separate Apple accounts for work and home. My phone is on my home account, so I don't have access to Teams or Outlook on that. And I don't use iMessage on my work machine because pretty much all company communication is in Teams or Outlook or some other work-related software. I have a separate github account for work and personal. I have 2 accounts. One for work, one for home. I don't generally mix and match work devices and home devices... I have email (via Outlook) on my phone, but things like texts, contacts, photos, and copy / paste between devices I don't want between personal and work devices. If I need to get files between devices I just use AirDrop. Wouldn’t using your own personal phone make much more sense? I personally keep my work and personal devices extremely separate. I even have a second phone as my own “work phone” because I don’t want work related slack or 2FA on my personal phone. In the past what I did was I created a Work iCloud account and then added that account as my “family member”, which gave me access to Music etc. I use my work Mac for work and my personal Mac for personal use. I use my personal phone to listen to music and for messaging. It works well. Ah, so you can't log in separately to Apple Music? That kinds of sucks. Was thinking of moving from Spotify but this is an issue for me. It has been a bit but I believe you can log in to Music and Messages with a separate appleid. I believe you have to login to the app store though with the ID assigned to the machine. I am not 100% sure that is still the case though. So, I think you can have the Mac and app store on a work id and then Messages and Music on your personal ID. You can. And there’s a website too, that will soon be installable as a PWA. I have separate accounts for work and home. I have my work account as a member of the family group, and that seems to work well. I use Apple Music’s web app on my work laptop, that’s the only apple service I’ve felt a need for at work Ask HN: