Change a federated user’s role in Apple Business Manager
When you successfully complete your federated authentication, all users from your domain have the role of Staff. You may want to change roles for Content Managers, Device Managers, and Staff. If you change the role to Administrator, Site Manager, or People Manager, that user’s authentication changes from Federated (they use their Microsoft Azure AD password) to Apple. They still retain their Managed Apple ID and email address they had when federated authentication was completed.
Change a federated user’s role
In Apple Business Manager , sign in with an account whose role can make changes to other accounts, then tap Accounts in the sidebar.
Select the account whose role must be changed, then tap Edit.
Change the role, then tap Save.