Hello-
We've recently been setting up our iOS/iPad infrastructure, and are trying to get a configuration for shared iPads ready. We are generally a microsoft org so I looked into and configured the Microsoft Authenticator app + the Microsoft Authenticator Enterprise SSO extension (or whatever it is called), and to my chagrin it still appears to be in preview mode (I think). The other solution I've been looking into is just putting the iPads in shared mode and then syncing managed AppleIDs from EntraID for users to log in. My issue with that solution is there appears to be no (easy) way to enforce that users use our managed appleID domain at login. This is really frustrating, because without a way to ensure users are using our managed AppleIDs, our org will likely have to plainly disable most features that make AppleIDs useful (and we'd like to make sure people are using only managed accounts on our devices). Does anybody have a recommendation to either serve SSO directly from EntraID or guide users to log in with their managed IDs without having somebody there literally breathing down their necks?