ABM Warranty Blog

ABM Warranty uses Apple’s official OAuth 2.0 client flow. You create an EC P-256 private key in Apple Business Manager, then enter the required identifiers in the app. Credentials are stored locally on your Mac and are not sent to third-party services.

Yes. The app is designed for large organizations and includes pagination safeguards, serialized coverage requests, retry handling, and protections for malformed or partial ABM API responses.

No. ABM Warranty is focused on reading and reporting warranty data; it does not modify device records or coverage settings in ABM.

Individual device failures do not stop the overall import. Errors are captured so the app can continue processing remaining devices and you can review failed items later.

Yes. You can export warranty and AppleCare+ coverage data to CSV for audits, lifecycle planning, budgeting, and internal tooling.

Managed preferences allow you to deploy and enforce configuration for ABM Warranty using your MDM, removing the need for manual setup on each device. This is especially useful in enterprise and MSP environments where consistency and control matter.

To use managed preferences, you define the required keys (such as API credentials, certificates, or feature flags) in a configuration profile and deploy it via your MDM solution (e.g., Jamf, Kandji, Mosyle). Once applied, ABM Warranty will automatically detect these managed settings at launch and treat them as authoritative.

If managed preferences are present, the app respects them as read-only. Users cannot override or modify these values locally, ensuring that credentials and configuration remain consistent across all deployed machines.

This approach is ideal for standardized environments where administrators want to centrally control how ABM Warranty is configured and used.

Source: Managed Preferences.

Managed credentials are designed for environments where API access should be centrally controlled and not manually entered by end users.

Instead of adding credentials directly within the app, administrators can deploy them via managed preferences (MDM). Once deployed, ABM Warranty will automatically load and validate these credentials on startup.

Managed credentials are clearly distinguished from manually added credentials within the app. They cannot be edited or deleted by the user, which prevents accidental changes or credential drift.

This is particularly useful for MSPs managing multiple tenants, organizations with strict access controls, and environments where credential rotation and auditing are required.

The app will use these managed credentials just like local ones, but with added safety and enforcement from the management layer.

Source: Multiple Credentials.

The ABM Credential Packager is used to prepare your Apple Business Manager API credentials for deployment via MDM.

Instead of manually distributing raw API keys and certificates, the packager bundles them into a format that can be securely embedded into a configuration profile.

The general workflow is:

1. Export your ABM API key and certificate from Apple Business Manager
2. Use the Credential Packager tool to convert certificates into the required format and bundle credentials into a structured payload
3. Insert the packaged output into your MDM configuration profile
4. Deploy the profile to target devices

Once deployed, ABM Warranty will automatically detect and use these credentials as managed credentials, requiring no user interaction.

This process ensures secure handling of sensitive credentials, consistent deployment across devices, and compatibility with managed preferences. It is the recommended approach for organizations deploying ABM Warranty at scale.

Source: How to Use the ABM Credential Packager.