I guess I don’t understand this point. This is exactly what ios mdm backup is for. Relying on users backing up their personal icloud accounts for work seems highly problematic. If they are work icloud accounts... usb should not be a problem since you are probably provisioning the devices, and the itunes backup approach over your intranet seems actually ideal.