Change a federated user’s role in Apple Business Manager
When you successfully complete your federated authentication, all users from your domain have the role of Staff. You may want to change roles for Content Managers, Device Managers and Staff. If you change the role to Administrator or People Manager, that user’s authentication changes from Federated (they use their Microsoft Azure AD password) to Apple. They still retain the Managed Apple ID and email address they had when federated authentication was completed.
Change a federated user’s role
In Apple Business Manager , sign in with an account that has the role of Administrator or People Manager.
Tap Accounts in the sidebar, search for an account in the Search Accounts field, then select the account from the list. See Search for user accounts.
Tap Edit, change the role, then click Save.