This article is intended for network administrators.
Apple requires organizations to verify all existing unverified and new domains that are associated with Apple Business Manager and Apple School Manager. You must do this before creating Managed Apple IDs.
On December 8, 2021, all unverified domains were removed from Apple Business Manager and Apple School Manager organizations. Managed Apple IDs on unverified domains will be migrated to the reserved domain. End users won't be notified of this change. All roles and privileges will remain intact, including the account password and associated email address. For example, if you're using the domain example.com and don't verify before December, managed Apple IDs will be renamed from firstname.lastname@example.org to email@example.com automatically.
Administrators will not be impacted.
To prevent disruption, verify your domain now or move your Managed Apple IDs to a verified domain or the reserved domain.
To determine whether you need to verify your domain, sign in to Apple Business Manager or Apple School Manager and navigate to Settings > Accounts. Domains with a green circle to the left of the name are verified. Domains with a yellow circle need to be verified.
Verify existing domains in Apple Business Manager.
Remove a domain
To remove a domain that you can't verify or don’t intend to use, sign in to Apple Business Manager or Apple School Manager and navigate to Settings > Accounts. Click Edit next to Domains, then click Remove. If there are Managed Apple IDs in the unverified or unused domain, click Update Domain Name to move the Managed Apple IDs to a verified or reserved domain. You'll need to notify these users that they'll be required to use the updated Managed Apple ID the next time they sign in.
Certain features require verified domains, including integrating Apple School Manager with your Student Information System (SIS), importing users with Secure File Transfer Protocol (SFTP), or enabling federated authentication. If you want to use these features, you must use a verified domain.
Verifying a top-level domain doesn't verify subdomains. For example, verifying example.com won't verify appleid.example.com. You'll need to verify appleid.example.com independently.
A reserved domain is a domain that Apple provides. You can use it without additional verification. It's based on the website that you used when you enrolled in Apple Business Manager. For example, if you enrolled using the website www.example.com, the reserved domain name would be example.appleid.com. If multiple organizations use the same domain, an incremental number is added to the name, such as example2.appleid.com. The reserved domain is generated automatically and can't be edited or removed.
If you don't verify your domain
If you don't verify your domain, Shared iPad and iCloud sessions will be signed out and Managed Apple IDs on that domain will be moved to the reserved domain. End users aren't notified of this change and it's your responsibility to inform them.
Multiple organizations can all verify the same domain if the domain was associated with Apple Business Manager before March 2020. Each organization must verify the domain individually. Work with other Apple Business Manager administrators to make sure that one organization has verified the domain before the other organization starts the process. If multiple organizations try to verify at the same time, it could cause errors when validating the TXT record.
Personal Apple IDs
Verifying a domain doesn't create conflicts with existing Apple IDs that use the domain. However, if the organization enables federated authentication, users will be required to choose a new name for conflicting Apple IDs.