What are Managed Apple IDs in Apple Business Manager?
Like any Apple ID, Managed Apple IDs are used to sign in to a personal device. They’re also used to access Apple services—including iCloud and collaboration with iWork and Notes—and Apple Business Manager. Unlike Apple IDs, Managed Apple IDs are owned and managed by your organization—including password resets and role-based administration. Apple Business Manager makes it easy to create a unique Managed Apple ID for each person in bulk from verified domains. Managed Apple IDs don’t support Family Sharing.
Important: A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than 10 times, or, if the account is suspected of fraudulent activities by Apple. To reset their password, the user must contact an Apple Business Manager administrator, People Manager, or another user with password reset privileges. For accounts locked due to suspected fraudulent activities, an Apple Business Manager administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Apple Business Manager administrator.
How Managed Apple IDs are created
Managed Apple IDs are created after you:
Use federated authentication with Microsoft Azure Active Directory (Azure AD)
Create accounts manually
Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that your administrators, managers, and staff may already have.
How Managed Apple IDs are used
As an administrator or manager, you use Managed Apple IDs in two main ways—with accounts and roles.
Accounts: Administrators can complete a range of tasks within Apple Business Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
Roles: After a Managed Apple ID is created for a user, the administrator can then assign roles for the user. These roles define which tasks users can perform in Apple Business Manager with their Managed Apple ID.
In addition, the administrator and manager can manually add an account at any time, such as when a temporary user is added to your organization. You can also view and edit account information, such as the user’s name, ID number, and more. Depending on your role, you can also reset a user’s Managed Apple ID password, and delete or deactivate an account.