Last updated October 28, 2019
Managed Apple IDs are a type of Apple ID that is available for use through Apple Business Manager and Apple School Manager. Managed Apple IDs allow devices to be enrolled in and managed with MDM via the User Enrollment option.
Traditionally, individual users create Apple IDs designed primarily for personal use. They are used for activities such as app licensing, managing iCloud accounts, accessing iCloud services, etc. Once created, the original user is the only user to access the ID. This presents a number of difficulties when used at scale in a business environment.
Managed Apple IDs is Apple’s latest solution to overcoming these difficulties while still providing similar functionality. The benefits include:
Users that have Apple Business Manager administrator privileges can also manage accounts. Admins, or “Managers”, have the ability to:
Additionally, Apple also supports federation of Managed Apple IDs through Azure Active Directory. In this scenario, an Apple Business Manager account links to Azure AD. Then, Managed Apple IDs create automatically based on identities that exist in Azure AD.
There are multiple uses for Managed Apple IDs:
The last use case is one of the most significant, so let’s expand here.
User Enrollment is an addition to the device enrollment options supported by the Apple MDM spec starting with iOS 13 and macOS 10.15. Geared for organizations that want to support a ‘Bring Your Own Device’ (BYOD) policy. It is a significantly more privacy-focused form of enrollment. It gives MDM only limited access to users’ devices while separating personal and corporate data. We have written about the topic in greater detail here: What is Apple’s “User Enrollment”?
User Enrollment requires a Managed Apple ID and must be associated with the device. The user must enter their Managed Apple ID credentials in order to complete the enrollment process. This ID is used to allow the installation of the MDM profile, assign app licenses, provide access to shared iCloud accounts, and manage which users have access to these company-owned assets on their personal devices. A single Managed Apple ID may be used on multiple devices and also will not interfere with any standard (personal) Apple IDs that have been configured on devices.
In summary, Managed Apple IDs play a vital role in the User Enrollment option available as of iOS 13 and macOS 10.15 Catalina. They are one aspect of Apple’s attempt to further separate personal data and company data on user-owned devices (BYOD), while also helping to improve management options for device administrators.