Use Managed Apple IDs in Apple Business Manager Flashcards
https://support.apple.com/en-ph/guide/apple-business-manager/axm78b477c81/web
Which Apple software makes it easy for organizations to create and manage Managed Apple IDs (owned and managed by your organization—including password resets and role-based administration. It also provides access to iCloud for collaboration with iWork and backup on iPhone and iPad devices)
Apple Business Manager
Which one of these is used to access personal data such as Photos, iMessages, and other personal iCloud data when signed in to a personal device?
A. Managed Apple ID
B. Personal Apple ID
B. Personal Apple ID
A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than _____ times or if Apple suspects any fraudulent activity on their account
10
To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Administrator.
What is the process of using a user account’s user name and password from one directory system allowing the same user name and password to be used in other systems?
federated authentication
What are the 2 types of Apple IDs
Managed Apple ID
Personal Apple ID
How are Managed Apple IDs created? (4 ways)
- Configure and enable federated authentication with Google Workspace, Microsoft Entra ID, or your identity provider (IdP)
Note: If your organization is using federated authentication, the Default Managed Apple ID Format setting doesn’t apply.
- Sync with Google Workspace
- Sync using Open ID Connect (OIDC) with Microsoft Entra ID or your IdP
- Sync using System for Cross-domain Identity Management (SCIM) with your IdP
Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that other users may already have.
As any user with the role of Administrator or any Manager, you use Managed Apple IDs in two main ways — with ____ and ____
- Accounts: Users with the role of Administrator can complete a range of tasks within Apple Business Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
- Roles: After a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles define which tasks users can perform in Apple Business Manager with their Managed Apple ID.
Can you change the Managed Apple ID of a user with the role of Administrator?
No
You must first change the role to any other role, change the Managed Apple ID, then change the role back to that of Administrator
A user’s changed/edited Managed Apple ID won’t be updated if?
If the new format includes an element that’s missing or empty for that user
Newly edited Managed Apple IDs changes the Managed Apple ID format for all new and existing accounts.
Users are notified when their Managed Apple ID is changed
A. True
B. False
B. False
Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.
When changing a Managed Apple ID, what happens when a new format results in a Managed Apple ID that’s already in use?
a number is added to the end of the new Managed Apple ID to make it unique
What are the steps for editing a Managed Apple ID format for a single user?
- In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
- Select Users in the sidebar, then select or search for a user in the search field.
- Select the user from the list.
- Select the Edit button , then edit the Managed Apple ID.
You can also enter text, such as a period (for example, eliza.block), in the field.
- Select a domain from the list, then select Save.
What are the steps for editing the Managed Apple ID format for multiple users?
- In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
- Select Users in the sidebar, then select or search for users in the search field.
- Select the users from the list.
- Select Edit next to Update Managed Apple IDs, then select the Add button to select what the Managed Apple ID will start with.
You can also enter text, such as a period (for example, eliza.block), in the field.
- Select a domain from the list, then select Continue.
- Do one of the following:
- Select Activity to view this activity.
- Select Done.
This task can be successfully completed only for users created manually.
For Federated authenticaion
When Apple Business Manager and Google Workspace, Microsoft Entra ID, or your IdP are linked, Managed Apple IDs are automatically created for users
A. True
B. False
A. True
They can then sign in using their existing user name (generally their email address) and password.
To use federated authentication and syncing, your Apple devices must meet what following minimum operating system requirements?
- iOS 15.5
- iPadOS 15.5
- macOS 12.4
- visionOS 1.1
What will happen upon syncing Apple Business Manager with Google Workspace, Microsoft Entra ID, or your IdP after setting up a directory sync connection?
You can add Apple Business Manager properties (such as roles) with user account data imported from one of those services
The services’ user account information is added as read-only until you turn off syncing. At that time, the accounts become manual accounts, and attributes in these accounts can then be edited. If a user account is removed from one of those services, that user account can be removed from Apple Business Manager
What can you do if a user forgets their passcode on a Shared iPad account
The administrator must reset the Shared iPad passcode
When syncing user accounts from Google Workspace to Apple Business Manager, syncing user groups is supported
A. True
B. False
B. False
You can sync user accounts from Google Workspace into Apple Business Manager. When this occurs, you merge Apple Business Manager properties (such as roles) with user account data imported from Google Workspace. The account information is added as read-only until you turn off syncing. At that time, the accounts become manual accounts, and attributes in these accounts can then be edited.
The initial sync takes longer to perform than subsequent cycles.
To use Managed Apple IDs, you must verify the domains you want to use, or you can use the reserved domain
A. True
B. False
A. True
Domains (also known as domain names) designate the larger organization rather than an individual member. Domain names are registered and must be globally unique.
What ensures that your organization—and no one else—can use the domain you entered to create Managed Apple IDs?
Domain verification
For example, to use theacmeinc.com as your domain, you must add a specific TXT record—a type of Domain Name System (DNS) record—to your domain name server’s zone file within 14 calendar days of beginning the verification process (which begins when you select the Verify button).This indicates your organization has the authority to modify the domain name service (DNS) records for your domain.
You have only ____ calendar days to complete the Domain verification process or you must start over.
14
Depending on the network configuration, it may take some time for DNS changes to appear. Make sure you’ve notified the person in your company who can write records to your DNS entries (for example, your IT or DNS administrator) so the task can be completed before the expiration.
If you’re unable to verify your domain, what can you use?
Reserved domain
The reserved domain:
Is a domain that Apple generates automatically
Is based on the website that you used when you successfully signed up
Can’t be edited or removed
Doesn’t require the organization to verify the domain
if you enrolled using the website www.theacmeinc.com, the reserved domain name would be?
theacmeinc.appleid.com
If multiple organizations use the same domain, an incremental number is added to the name, such as theacmeinc2.appleid.com
What are the 2 types of domain conflicts?
- A domain that’s registered by another organization.
- A domain that’s registered by another organization and they verified it with Apple.
In Example 1, Your organization can choose to send their contact information (the name of the person requesting to be contacted, their email address, and the name of their company) to the organization that registered the domain name. That organization can choose whether or not to contact your organization to resolve the domain claim.
In Example 2, Your organization can’t send anything to their organization because it’s registered and they verified it with Apple. Therefore your organization can’t use the domain name.
Apple intervenes in domain claims
A. True
B. False
B. False
Apple doesn’t intervene in domain claims.
In Apple Business Manager, what are the steps to adding a domain?
In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
Select your name at the bottom of the sidebar > Preferences > Managed Apple IDs .
In the Domains section, select Add Domain, then enter the domain you want to use.
Follow onscreen instructions
What records contain information about your domain that helps external network servers and services handle outgoing email from your domain?
TXT record
When a user account is synced from Google Workspace, Microsoft Entra ID using OIDC, or IdP using SCIM to Apple Business Manager, what is the default role?
Staff
This attribute is stored with the user account in Apple Business Manager and isn’t written back to Google Workspace
User groups from your IdP aren’t synced to Apple Business Manager. If you want the same groups, you can create new groups in Apple Business Manager and add users to them
Don’t reuse a user name for 30 days in the Apple Business Manager Entra ID app
Apple Business Manager requires that the attribute used for the Managed Apple ID be unique. This is normally the user’s email address.
What happens If a user has an attribute that’s exactly the same as an existing Apple Business Manager user with the role of Administrator
No syncing is performed and the source field remains unchanged.
When a Google Workspace user account is synced to Apple Business Manager, a ____ is created for the Apple Business Manager user account (to identify conflicting user accounts)
Person ID
What are the steps to turn on Google Workspace Sync
- In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
- Select your name at the bottom of the sidebar > Preferences > Managed Apple IDs
- Under Directory Sync, turn on Google Workspace Sync.
What are the steps to turn on Microsoft Entra Connect Sync
- In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
- Select your name at the bottom of the sidebar > Preferences > Managed Apple IDs
- Turn on Microsoft Entra Connect Sync then select Sync Now.
Continuity services availability
Which Continuity features can users use between devices that are signed in with the same Managed Apple ID as the primary account on both devices?
AirDrop
AirPlay to Mac
Auto Unlock
Continuity Camera
Continuity Markup and Sketch
Handoff
Personal Hotspot
iPhone cellular calls
Sidecar
Universal Clipboard
Universal Control
Due to the organizational focus and to protect user privacy, which services are not available for Managed Apple IDs?
Find My - The app appears, but the user can’t use it.
Health - The app can be used, but data isn’t synced to iCloud.
Home - The user can’t add HomeKit devices to the Home app.
Journal - The app appears, but the user can’t use it.
Apple Wallet - The app appears, but organizations can add only student ID cards and employee badges.
iCloud Family Sharing - Unavailable.
iCloud Mail - Unavailable.
iCloud+ services (Private Relay, Hide My Email, Custom Email Domain) - Unavailable.
Scenario: A user is signed in to a device with a Managed Apple ID
Which media services are unavailable to the user?
Apple Arcade
Apple Fitness+
Apple Music
Apple Music radio
Apple News+
Apple One
Apple TV+
Scenario: A user is signed in to a device with a Managed Apple ID
Which iCloud services are available to the user?
Calendar
Contacts
Freeform
iCloud Backup
iCloud Drive
iCloud Keychain
News
Notes
Photos
Reminders
Safari
Siri
Stocks
