Forum Discussion
Use federated authentication with MS Azure AD in Apple Business Manager
- Apr 08, 20221. Yes, when creating the Federation the Apple ID will get a notification telling it to change it to another email domain within x days
2. No, the Apple ID with the maildomain which was the same as the Azure user must be renamed
3. No, I don't think so but you will have to communicate (and test this yourself)
4. If they registered an iCloud address which is the same as the Azure AD userprincipalname, then yes. They will have to login again on their device with the renamed account, all apps and settings will still be there
But.. There are downsides to having Managed Apple ID's:
What is the downside of using Managed Apple IDs?
You may be reading the above section and thinking to yourself, “All of that is perfect, why wouldn’t everyone be using these?” It’s a fair question to ask, and to summarize an answer for you, Apple stresses that because Managed Apple IDs help protect your business, there are services that are automatically disabled.
These disabled services include:
App Store purchasing
iTunes Store purchasing
Book Store purchasing
HomeKit connected devices
Apple Pay
Find My iPhone
Find My Mac
Find My Friends
iCloud Mail
iCloud Keychain (although, keychain items are saved and restored on Shared iPad devices)
iCloud Family Sharing
FaceTime (this is off by default, but your institution can turn it on)
iMessage (this is off by default, but your institution can turn it on)
https://www.jamf.com/blog/managed-apple-ids-in-business/
Thank you for your reply
So the user will receive an email, but no significant impact if I understand correctly.
In my current situation I create an Apple id managed account
from the Apple business manager console.
I create an Azure AD account identical to the managed Apple id account.
example :
ABM
- Apple ID Managed: Email address removed
- Email address: mailto:Email address removed
AZURE AD
- Azure AD: Email address removed
- Email address: mailto:Email address removed
Tomorrow I will have to set up federated authentication
the questions I have are :
1- can there be a login conflict?
2- Will there be a duplicate Apple id Managed login name?
3- Will the production be blocked?
4- Will this have a big impact on users already registered?
Thank you in advance.
- Apr 11, 2022Was this enough information for you?
- david972Apr 11, 2022Copper ContributorHello,
yes thanks for that information who helped me- Apr 11, 2022No problem, glad to help. Please mark my answer as solution to mark it as solved
- Apr 08, 20221. Yes, when creating the Federation the Apple ID will get a notification telling it to change it to another email domain within x days
2. No, the Apple ID with the maildomain which was the same as the Azure user must be renamed
3. No, I don't think so but you will have to communicate (and test this yourself)
4. If they registered an iCloud address which is the same as the Azure AD userprincipalname, then yes. They will have to login again on their device with the renamed account, all apps and settings will still be there
But.. There are downsides to having Managed Apple ID's:
What is the downside of using Managed Apple IDs?
You may be reading the above section and thinking to yourself, “All of that is perfect, why wouldn’t everyone be using these?” It’s a fair question to ask, and to summarize an answer for you, Apple stresses that because Managed Apple IDs help protect your business, there are services that are automatically disabled.
These disabled services include:
App Store purchasing
iTunes Store purchasing
Book Store purchasing
HomeKit connected devices
Apple Pay
Find My iPhone
Find My Mac
Find My Friends
iCloud Mail
iCloud Keychain (although, keychain items are saved and restored on Shared iPad devices)
iCloud Family Sharing
FaceTime (this is off by default, but your institution can turn it on)
iMessage (this is off by default, but your institution can turn it on)
https://www.jamf.com/blog/managed-apple-ids-in-business/