Federated Managed Apple ID Verification Errors / Issues

m_green
New Contributor III

I work for a K-12 district. Before this year, we had been using ASM, Apple Classroom and Shared iPad. However, this school year it was decided that we would take the plunge in 1:1. At about the same time we made the decision to go 1:1, Azure Federation came out. I saw this as an opportunity to fix two major issues we were having:

  1. By federating our domains, that would keep teachers and students from creating personal Apple IDs that they would then use on personal device. Teachers often complained after leaving our district that they would lose their personal content because it was all tied to their school email/Apple ID.
  2. Since we were making a shift from a Shared iPad deployment to a true 1:1, I was ditching Shared iPad mode anyways, and decided that now was as good a time as any to also switch from passcode authentication and management via ASM to Federated password management via Azure. Thus, students would use their email and email password to login to iCloud.

We read Apple's documentation on the proper processes to have in place to Federate our domain, got our ducks mostly in a row, and pulled the Federation trigger. Overall, everything seemed to go as planned and mostly everyone could authenticate their Managed Apple IDs as expected.

However, 2 main issues cropped up. Managed Apple ID Verification Error and Managed Apple ID Verification Loops.

Managed Apple ID Verification Error: This is when a user can successfully authenticate through the Microsoft Azure portal but iCloud comes back with various verification errors and denies iCloud login.
Managed Apple ID Verification Loops: This is when a user can successfully login to their iCloud account via the MS Azure portal, but then moments/days/weeks later they start an endless loop of having to verify their Apple ID again. Often times, the user can input their username and password, iCloud will re-auth, the message goes away..... then comes back whenever it feels like it. The behavior is sporadic at best.

Both of these issues have been reported to Apple Enterprise Support and I've received fixes; however, this only applies for the accounts that I've reported and I know there are many many more accounts in our environment that have been unreported and most users are beyond frustrated and have probably given up on iCloud altogether. iWorks and Schoolwork usage and collaboration is moot at this point. As is the training teachers have received on how to use these technologies in their classrooms.

My questions are:
- Has anyone else heard of or experienced one or both of these verification errors?
- Have you figured out a way to fix it or a root cause?
- If you have had one or both of these errors; have you reported this to your SE or Apple Enterprise Support to increase impact data?

At this point, I have nothing to blame but my choice to federate as we did not have these issues before while being un-federated and using Shared iPad mode.

4 REPLIES 4

SteveC
New Contributor III

@m.green Have your issues been resolved yet? I've been looking at implementing federation soon so it's worrying to hear your story. We find that devices sometimes have to logout/log back in to Apple Classwork to solve class/assignment sync issues, and there was also an unrelated issue we had back in March that was causing sign in problems with managed appleIDs on iPads, although this has since been resolved.

codum
New Contributor

I too am in the same boat, have you received any information about the Managed Apple ID Verification error? That is where I am now and would really like this to work.

user-YUqpbpIZiM
New Contributor

@m.green did you find a fix for this we are getting Managed Apple ID Verification Loops and apple are not being very helpful in resolving it

hudsonjamf
New Contributor II

We are experiencing these same issues. I reached out to our SE and Apple Enterprise Support. According to Apple, we are the first district to call in about this issue. Here is what they suggest for the next steps.

1.) We should video the login loop/failure when it's happening to submit the evidence to them. 2.) Have the user completely sign out of his/her Apple ID and then sign back in. 3.) We should contact Microsoft to report the issue since Apple feels this is on them. 4.) I told them this is an iOS-specific issue right now. I haven't heard or experienced this on Mac. Do you concur?