Help

How to introduce Managed AppleID's the right way

Jacek_ADC
Contributor

Posted on ‎10-11-2023 01:55 AM

Hi folks

I know, its maybe more an Apple topic as a jamf topic. But hopefully is here someone who has experience with this.

So I just started to configure in the Apple Business Manager and Entra the Federated Authentication and the Directory sync. I was able to configure everything. 
My idea was to test this with one testuser (created through me) which will be also have an private apple id.

When I am in the last step to enable the federated Authentication, I see an info, that i have 155 username conflicts. So I just stopped with this and have not enabled it for now

SCR-20231011-jwbt.png

Directory Sync is already enabled.

In the Azure App I have only me and my testuser which I would like to test first, before enabling it for all.
So anyone an idea what I have missed or done wrong. I need to test this first, document it and then I need to inform also all of the 155 user they are in the conflict.
As i was reading the apple documentation, I saw this:

Apple Push Notification service (APNs)

APNs certificates are most commonly used by organisations to enable communication from their mobile device management (MDM) solution to managed devices. The APNs certificate associated with a personal Apple ID can be moved to a Managed Apple ID by contacting Apple. This process can take up to 10 business days. No interruption in communication between the MDM solution and the devices occurs when the move to a new account is completed. See Contact Apple for help with Apple Push Notification service certificates.

What this means for our devices they are all enrolled with ADE and jamf CONNECT.
Will all MacBooks with signed in privateAppleID's loose the connection to jamf PRO?

I am grateful for any tip

BR

J

Labels:
0 Kudos
2 REPLIES 2

AJPinto
Honored Contributor II

Posted on ‎10-11-2023 04:44 AM

I have never found Managed AppleID's to be worth the effort beyond the account that keep up with the MDM and ABM/ASM. You cant force users to use Managed AppleID's. There are a lot of limitations on Managed AppleID's. The only real function of value is being able to assign AppStore Apps to the Managed AppleID, however our deployment is 1:1 so assigning to devices is fine.

 

When you flip the switch, users will get an email from Apple advising of the conflict. Apple views the current AppleID's that are using your orgs domain as personal AppleID's and will in no way shape or form assist you in  helping the users. 

 

As far as APNs, that really has nothing to do with this process. When you setup ABM, and your MDM it was likely with a personal AppleID (ie not managed). They are telling you to contact your Apple rep to have that personal AppleID converted to a Managed AppleID. Due to the importance of this AppleID to your environment, you want to have Apple convert it.

0 Kudos

jtrant
Valued Contributor

Posted on ‎10-11-2023 08:52 AM

The conflicts are probably users who have already created personal Apple IDs with their company email.

Your company's APNs certificate is tied to a specific Apple ID, and has nothing to do with you enabling MAID for your oragnization.

What Apple are saying in the documentation is that you can convert your non-MAID Apple ID used to create your APNs certificate to a MAID, if you wish.

0 Kudos