What are Managed Apple IDs?

Last updated July 22, 2019

Managed Apple IDs are a type of Apple ID that is available for use through Apple Business Manager and Apple School Manager. Managed Apple IDs are used to, amongst other things, allow devices to be enrolled in and managed with MDM via the User Enrollment option.

What is a Managed Apple ID?

Traditionally, Apple IDs have had to be created individually by users and were designed primarily for personal use. These personal Apple IDs are used for things like app licensing, managing iCloud accounts, accessing iCloud services, etc. These could only be accessed and reset by the user that created the ID. This presented a number of difficulties when used at scale in a business environment.

Managed Apple IDs are a solution to overcome the difficulties associated with personal Apple ID usage while still providing similar functionality. These managed IDs can be created en masse and are controlled by the Apple Business Manager account, rather than a personal account, and can be managed by users that have administrator privileges to Apple Business Manager. Admins, or “Managers”, have the ability to create new IDs, assign roles to the IDs, reset ID account passwords, restrict users’ access to ID accounts, delete IDs, and update account information for IDs.

Apple also supports federation of Managed Apple IDs through Azure Active Directory. Apple Business Manager accounts can be linked to Azure AD so that Managed Apple IDs are created automatically based on identities that exist in Azure AD.

What is a Managed Apple ID used for?

There are multiple uses for Managed Apple IDs. First, Managed Apple IDs can be used for granting users access to the Apple Business Manager portal. This allows admins to delegate ‘roles’, or sets of permissions, relating to what the users can and cannot access within Apple Business Manager.

Second, Managed Apple IDs allow users shared access to company accounts, such as iCloud Drive and iCloud Notes, for collaboration purposes.

Third, Managed Apple IDs are used for VPP app license assignment. When a managed ID is associated with a device, VPP app licenses can be tied to that ID rather than the device. This makes app licenses transferable between devices based on the ID that is signed in on a device.

The final, and possibly most significant, use for Managed Apple IDs relates to User Enrollment. User Enrollment is an addition to the device enrollment options supported by the Apple MDM
spec starting with iOS 13 and macOS 10.15. The User Enrollment method is a solution for organizations that want to support a ‘Bring Your Own Device’ (BYOD) policy. It is a significantly more privacy-focused form of enrollment that gives MDM only limited access to users’ devices while separating personal and corporate data. We have written about the topic of User Enrollment in greater detail here: What is Apple’s “User Enrollment”?

When participating in User Enrollment, a Managed Apple ID is required and must be associated with the device. The user must enter their Managed Apple ID credentials in order to complete the user enrollment process. This ID will be used to allow the installation of the MDM profile, assign app licenses, provide access to shared iCloud accounts, and manage which users have access to these company-owned assets on their personal devices. A single Managed Apple ID can be used on multiple devices and also will not interfere with any standard (personal) Apple IDs that have been configured on devices.

In summary, Managed Apple IDs play a vital role in the User Enrollment option available as of iOS 13 and macOS 10.15 Catalina. They are one aspect of Apple’s attempt to further separate personal data and company data on user-owned devices (BYOD), while also helping to improve management options for device administrators.

Comments (3)

I’m confused. I checked in with Apple, because i had the same intentions for a managed apple id as you describe it above. But they explicitly told me, that this is not an allowed practice, also described in their Business Manager Starting Guide:

“Managed Apple IDs are for use primarily by IT administrators to manage functionality within Apple Business Manager. They shouldn’t be used for services like iCloud or by standard employees who don’t manage functions 
 in Apple Business Manager”.

I know, that i can use iCloud with managed id’s, i’ve tried that. But apple forbids it (not only advise it not to use it as written above) when using it in a business envirement with Apple Business Manager, it’s written in their EULA according to their support.

Do you have further informations?

Hi Michael- Our understanding from the WWDC presentations is that Managed Apple IDs can be used to access business-owned iCloud services, such as document storage. Managed Apple IDs for employees (and not just administrators) is a newer concept, primarily related to User Enrollment in iOS 13 and macOS 10.15 Catalina. The excerpt from the Starting Guide is likely due to be updated.

Your school or district can use Managed Apple IDs to log in to a Shared iPad and access Apple services. These services include iCloud, iTunes U, and Schoolwork, and you can collaborate in Pages, Numbers, and Keynote with other users within your organization. Managed Apple IDs also include 200GB of iCloud storage.

Leave a Reply

Your email address will not be published. Required fields are marked *

See Why Apple Admins Prefer SimpleMDM

Start My FREE 30-Day Trial Now

See Why Apple Admins Prefer SimpleMDM No strings. No Spam.

Start My 30-Day Free Trial Now