Use Managed Apple IDs in Apple Business Essentials
A user can have two types of Apple IDs: a Managed Apple ID and a personal Apple ID:
A personal Apple ID is used to access personal data such as Photos, iMessages, and other personal iCloud data when signed in to a personal device.
A Managed Apple ID is owned and managed by your organization—including password resets and role-based administration. Users that are assigned to an employee plan can use it to sign in when enrolling a device into device management. It also provides access to iCloud for collaboration with iWork and backup on iPhone and iPad devices. Apple Business Essentials makes it easy for organizations to create and manage these accounts at scale.
Important: A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than 10 times or if Apple suspects any fraudulent activity on their account. To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Essentials user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Administrator.
Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that other users may already have.
Roles: After a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles define which tasks users can perform in Apple Business Essentials with their Managed Apple ID.
Accounts: Users with the role of Administrator can complete a range of tasks within Apple Business Essentials to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
As any user with the role of Administrator or any Manager, you use Managed Apple IDs in two main ways—with accounts and roles.
You can’t change the Managed Apple ID of a user with the role of Administrator. You must first change the role to any other role, change the Managed Apple ID, then change the role back to that of Administrator.
Edit Managed Apple IDs
In some cases, it may be necessary to change the Managed Apple ID for accounts—for example, if the domain name of the organization changes. Managers who have the “Create, edit, and delete Managed Apple IDs” privilege can edit the Managed Apple ID of other accounts. This changes the Managed Apple ID format for all new and existing accounts.
After you change the Managed Apple ID, active users can sign in using their new Managed Apple ID and existing password. If the new format includes an element that’s missing or empty for that user, the user’s Managed Apple ID won’t be updated. If the new format results in a Managed Apple ID that’s already in use, a number is added to the end of the new Managed Apple ID to make it unique.
Important: Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.