Forum Discussion

david972's avatar
david972
Copper Contributor
Apr 07, 2022
Solved

Use federated authentication with MS Azure AD in Apple Business Manager

Hello Everyone ,   iOS Migration Airwatch to Intune Existing: I have users added in the ABM who already have a device managed in Airwatch and Intune.   Today I want to set up a federated authe...
  • Harm_Veenstra's avatar
    Harm_Veenstra
    Apr 08, 2022
    1. Yes, when creating the Federation the Apple ID will get a notification telling it to change it to another email domain within x days
    2. No, the Apple ID with the maildomain which was the same as the Azure user must be renamed
    3. No, I don't think so but you will have to communicate (and test this yourself)
    4. If they registered an iCloud address which is the same as the Azure AD userprincipalname, then yes. They will have to login again on their device with the renamed account, all apps and settings will still be there

    But.. There are downsides to having Managed Apple ID's:

    What is the downside of using Managed Apple IDs?
    You may be reading the above section and thinking to yourself, “All of that is perfect, why wouldn’t everyone be using these?” It’s a fair question to ask, and to summarize an answer for you, Apple stresses that because Managed Apple IDs help protect your business, there are services that are automatically disabled.

    These disabled services include:

    App Store purchasing
    iTunes Store purchasing
    Book Store purchasing
    HomeKit connected devices
    Apple Pay
    Find My iPhone
    Find My Mac
    Find My Friends
    iCloud Mail
    iCloud Keychain (although, keychain items are saved and restored on Shared iPad devices)
    iCloud Family Sharing
    FaceTime (this is off by default, but your institution can turn it on)
    iMessage (this is off by default, but your institution can turn it on)

    https://www.jamf.com/blog/managed-apple-ids-in-business/

Resources