Managed Apple ID features for students and instructors in Apple School Manager
You can define password policies for each account, and it’s easiest to assign them per role. Student role accounts can have a simpler four- or six-digit passcode. Accounts with all other roles must have strong passwords consisting of at least eight characters. See Role privileges.
In addition, the administrator and manager can manually add an account at any time, such as when a temporary instructor is added to your school. You can also view and edit account information, such as the user’s name, ID number, grade level, and more. Depending on your role, you can also reset a user’s Managed Apple ID password, send them a verification code so they can sign in, and delete, deactivate, or restore an account.
Many states and regions have laws that require schools to protect student data and restrict the ways in which it can be used. Managed Apple IDs are designed to help K–12 schools (or equivalent) comply with student data privacy requirements. See Privacy and Security for Apple Products in Education.
Managed Apple IDs provide access to the following key iCloud services for education.
Feature | Description |
|---|---|
iCloud storage | Managed Apple IDs receive 200GB of free iCloud storage. |
iCloud services |
|
iCloud Drive folder sharing | Students and instructors can share files and folders in iCloud Drive. By default, sharing is limited to participants in the same organization, but sharing outside the organization can optionally be enabled in Apple School Manager. |
iWork collaboration | Students and instructors in the same organization can collaborate using Keynote, Numbers, Pages, Reminders, and Notes. By default, sharing is limited to participants in the same organization, but sharing outside the organization can optionally be enabled in Apple School Manager. |
Schoolwork | Class rosters created in Apple School Manager are automatically available in Schoolwork. Student progress reporting can optionally be enabled in Apple School Manager. |
Classroom | Class rosters created in Apple School Manager are automatically available in Classroom. |
Organizational password reset | Using the Classroom app, instructors can reset students’ Managed Apple ID passwords without involving their IT department. |
FaceTime and iMessage | FaceTime and iMessage are disabled by default but can optionally be enabled in Apple School Manager by role. |
Managed Apple ID password complexity
When you add users to Apple School Manager, you set a password complexity for that user. That complexity level dictates which Lock screen appears when a user signs in with Shared iPad. A four- or six-digit passcode shows only digits on the screen. A complex password shows the full keyboard. When the user signs in with their Managed Apple ID and their initial password, they are prompted to change their password using the level of complexity you initially set in Apple School Manager.
If you add Profile Manager as one of your mobile device management (MDM) servers to Apple School Manager, you have the option of merging any users in Apple School Manager to Profile Manager. When you do this, those users appear in the Profile Manager users list. After they appear, you can view their Managed Apple ID password type in the About tab. See Merge Apple School Manager accounts in the macOS Server User Guide.
Important: If you set the Lock screen behavior to a four- or six-digit passcode and the Apple School Manager setting for that user is set to a complex password, that user must manually enter their Managed Apple ID and password.
Inspect Managed Apple IDs
Organizations can comply with legal and privacy regulations by using Managed Apple ID inspection. Administrator, manager, and instructor accounts can be granted inspection privileges for specific accounts. Inspectors can monitor only accounts that are below them in the school’s hierarchy. For example, instructors can monitor students, and administrators can inspect managers, instructors, and students.
To inspect an account, an authorized user must create special inspection credentials within Apple School Manager for a specific Managed Apple ID. These credentials can be used only to access that Managed Apple ID, and they expire after 7 days. During that period, the inspector can access the user’s content stored in iCloud Drive or in CloudKit-enabled apps. Every request for access is logged in Apple School Manager. Logs show the inspector’s name, the Managed Apple ID in question, the time of the request, and whether or not the inspection was performed. All users with inspection privileges can search these logs, which discourages misuse of inspections.