Managed Apple ID security
Managed Apple IDs function much like an Apple ID but are owned and controlled by enterprise or educational organizations. These organizations can reset passwords, limit purchasing and communications such as FaceTime and Messages, and set up role-based permissions for employees, staff members, teachers, and students.
For Managed Apple IDs, some services are disabled (for example, Apple Pay, iCloud Keychain , HomeKit, and Find My).
Inspecting Managed Apple IDs
Managed Apple IDs also support inspection, which allows organizations to comply with legal and privacy regulations. An Apple School Manager administrator, manager, or teacher can inspect specific Managed Apple ID accounts.
Inspectors can monitor only accounts that are below them in the organization’s hierarchy. For example, teachers can monitor students, managers can inspect teachers and students, and administrators can inspect managers, teachers, and students.
When inspecting credentials are requested using Apple School Manager, a special account is issued that has access to only the Managed Apple ID for which inspecting was requested. The inspector can then read and modify the user’s content stored in iCloud or in CloudKit-enabled apps. Every request for auditing access is logged in Apple School Manager. The logs show who the inspector was, the Managed Apple ID the inspector requested access to, the time of the request, and whether the inspection was performed.
Managed Apple IDs and personal devices
Managed Apple IDs can also be used with personally owned iOS and iPadOS devices and Mac computers. Students sign in to iCloud using the Managed Apple ID issued by the institution and an additional home-use password, which serves as the second factor of the Apple ID two-factor authentication process. While students are using a Managed Apple ID on a personal device, iCloud Keychain isn’t available, and the institution might restrict other features such as FaceTime or Messages. Any iCloud documents created by students when they are signed in are subject to audit as described previously in this section.