Use Managed Apple IDs in Apple Business Manager

Question 1

Which Apple software makes it easy for organizations to create and manage Managed Apple IDs (owned and managed by your organization—including password resets and role-based administration. It also provides access to iCloud for collaboration with iWork and backup on iPhone and iPad devices)

Answer 1

Apple Business Manager

Question 2

Which one of these is used to access personal data such as Photos, iMessages, and other personal iCloud data when signed in to a personal device?

A. Managed Apple ID
B. Personal Apple ID

Answer 2

B. Personal Apple ID

Question 3

A user with a Managed Apple ID can be locked out of their account if they enter an incorrect password more than _____ times or if Apple suspects any fraudulent activity on their account

Answer 3

10

To reset their password, the user must contact any user with the role of Administrator or People Manager. For users locked due to suspected fraudulent activities, an Apple Business Manager user with the role of Administrator must contact Apple to have the account unlocked. At that point, the user’s password can be reset by the Administrator.

Question 4

What is the process of using a user account’s user name and password from one directory system allowing the same user name and password to be used in other systems?

Answer 4

federated authentication

Question 5

What are the 2 types of Apple IDs

Answer 5

Managed Apple ID
Personal Apple ID

Question 6

How are Managed Apple IDs are created? (4 ways)

Answer 6

1. Configure and enable federated authentication with Google Workspace, Microsoft Entra ID, or your identity provider (IdP)

Note: If your organization is using federated authentication, the Default Managed Apple ID Format setting doesn’t apply.

2. Sync with Google Workspace
3. Sync using Open ID Connect (OIDC) with Microsoft Entra ID or your IdP
4. Sync using System for Cross-domain Identity Management (SCIM) with your IdP

Important: Keep in mind that every Managed Apple ID must be unique. It also can’t be the same as other Apple IDs that other users may already have.

Question 7

As any user with the role of Administrator or any Manager, you use Managed Apple IDs in two main ways — with ____ and ____

Answer 7

• Accounts: Users with the role of Administrator can complete a range of tasks within Apple Business Manager to manage accounts. For example, you can assign roles or reset passwords for a specific set of users.
• Roles: After a Managed Apple ID is created for a user, roles can then be assigned for the user. These roles define which tasks users can perform in Apple Business Manager with their Managed Apple ID.

Question 8

Can you change the Managed Apple ID of a user with the role of Administrator?

Answer 8

No

You must first change the role to any other role, change the Managed Apple ID, then change the role back to that of Administrator

Question 9

A user’s changed/edited Managed Apple ID won’t be updated if?

Answer 9

If the new format includes an element that’s missing or empty for that user

Newly edited Managed Apple IDs changes the Managed Apple ID format for all new and existing accounts.

Question 10

Users are notified when their Managed Apple ID is changed

A. True
B. False

Answer 10

B. False

Users aren’t notified when their Managed Apple ID is changed, so you must notify them as soon as you make the change.

Question 11

When changing a Managed Apple ID, what happens when a new format results in a Managed Apple ID that’s already in use?

Answer 11

a number is added to the end of the new Managed Apple ID to make it unique

Question 12

What are the steps for editing a Managed Apple ID format for a single user?

Answer 12

• In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
• Select Users in the sidebar, then select or search for a user in the search field.
• Select the user from the list.
• Select the Edit button , then edit the Managed Apple ID.

You can also enter text, such as a period (for example, eliza.block), in the field.

• Select a domain from the list, then select Save.

Question 13

What are the steps for editing the Managed Apple ID format for multiple users?

Answer 13

• In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
• Select Users in the sidebar, then select or search for users in the search field.
• Select the users from the list.
• Select Edit next to Update Managed Apple IDs, then select the Add button to select what the Managed Apple ID will start with.

You can also enter text, such as a period (for example, eliza.block), in the field.

• Select a domain from the list, then select Continue.
• Do one of the following:

1. Select Activity to view this activity.
2. Select Done.

This task can be successfully completed only for users created manually.

Question 14

For Federated authenticaion

When Apple Business Manager and Google Workspace, Microsoft Entra ID, or your IdP are linked, Managed Apple IDs are automatically created for users

A. True
B. False

Answer 14

A. True

They can then sign in using their existing user name (generally their email address) and password.

Question 15

To use federated authentication and syncing, your Apple devices must meet what following minimum operating system requirements?

Answer 15

• iOS 15.5
• iPadOS 15.5
• macOS 12.4
• visionOS 1.1

Question 16

Federated authentication and directory syncing

What will happen upon syncing Apple Business Manager with Google Workspace, Microsoft Entra ID, or your IdP after setting up a directory sync connection?

Answer 16

You can add Apple Business Manager properties (such as roles) with user account data imported from one of those services

The services’ user account information is added as read-only until you turn off syncing. At that time, the accounts become manual accounts, and attributes in these accounts can then be edited. If a user account is removed from one of those services, that user account can be removed from Apple Business Manager

Question 17

What can you do if a user forgets their passcode on a Shared iPad account

Answer 17

The administrator must reset the Shared iPad passcode

Question 18

When syncing user accounts from Google Workspace to Apple Business Manager, syncing user groups is supported

A. True
B. False

Answer 18

B. False

You can sync user accounts from Google Workspace into Apple Business Manager. When this occurs, you merge Apple Business Manager properties (such as roles) with user account data imported from Google Workspace. The account information is added as read-only until you turn off syncing. At that time, the accounts become manual accounts, and attributes in these accounts can then be edited.

The initial sync takes longer to perform than subsequent cycles.

Question 19

To use Managed Apple IDs, you must verify the domains you want to use, or you can use the reserved domain

A. True
B. False

Answer 19

A. True

Domains (also known as domain names) designate the larger organization rather than an individual member. Domain names are registered and must be globally unique.

Question 20

What ensures that your organization—and no one else—can use the domain you entered to create Managed Apple IDs?

Answer 20

Domain verification

For example, to use theacmeinc.com as your domain, you must add a specific TXT record—a type of Domain Name System (DNS) record—to your domain name server’s zone file within 14 calendar days of beginning the verification process (which begins when you select the Verify button).This indicates your organization has the authority to modify the domain name service (DNS) records for your domain.

Question 21

You have only ____ calendar days to complete the Domain verification process or you must start over.

Answer 21

14

Depending on the network configuration, it may take some time for DNS changes to appear. Make sure you’ve notified the person in your company who can write records to your DNS entries (for example, your IT or DNS administrator) so the task can be completed before the expiration.

Question 22

If you’re unable to verify your domain, what can you use?

Answer 22

Reserved domain

The reserved domain:

Is a domain that Apple generates automatically

Is based on the website that you used when you successfully signed up

Can’t be edited or removed

Doesn’t require the organization to verify the domain

Question 23

if you enrolled using the website www.theacmeinc.com, the reserved domain name would be?

Answer 23

theacmeinc.appleid.com

If multiple organizations use the same domain, an incremental number is added to the name, such as theacmeinc2.appleid.com

Question 24

What are the 2 types of domain conflicts?

Answer 24

1. A domain that’s registered by another organization.
2. A domain that’s registered by another organization and they verified it with Apple.

In Example 1, Your organization can choose to send their contact information (the name of the person requesting to be contacted, their email address, and the name of their company) to the organization that registered the domain name. That organization can choose whether or not to contact your organization to resolve the domain claim.

In Example 2, Your organization can’t send anything to their organization because it’s registered and they verified it with Apple. Therefore your organization can’t use the domain name.

Question 25

Apple intervenes in domain claims

A. True
B. False

Answer 25

B. False

Apple doesn’t intervene in domain claims.

Question 26

In Apple Business Manager, what are the steps to adding a domain?

Answer 26

In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.

Select your name at the bottom of the sidebar > Preferences > Managed Apple IDs .

In the Domains section, select Add Domain, then enter the domain you want to use.

Follow onscreen instructions

Question 27

What records contain information about your domain that helps external network servers and services handle outgoing email from your domain?

Answer 27

TXT record

Question 28

When a user account is synced from Google Workspace, Microsoft Entra ID using OIDC, or IdP using SCIM to Apple Business Manager, what is the default role?

Answer 28

Staff

This attribute is stored with the user account in Apple Business Manager and isn’t written back to Google Workspace

User groups from your IdP aren’t synced to Apple Business Manager. If you want the same groups, you can create new groups in Apple Business Manager and add users to them

Don’t reuse a user name for 30 days in the Apple Business Manager Entra ID app

Question 29

Apple Business Manager requires that the attribute used for the Managed Apple ID be unique. This is normally the user’s email address.

What happens If a user has an attribute that’s exactly the same as an existing Apple Business Manager user with the role of Administrator

Answer 29

No syncing is performed and the source field remains unchanged.

Question 30

When a Google Workspace user account is synced to Apple Business Manager, a ____ is created for the Apple Business Manager user account (to identify conflicting user accounts)

Answer 30

Person ID

Question 31

What are the steps to turn on Google Workspace Sync

Answer 31

1. In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
2. Select your name at the bottom of the sidebar > Preferences > Managed Apple IDs
3. Under Directory Sync, turn on Google Workspace Sync.

Question 32

What are the steps to turn on Microsoft Entra Connect Sync

Answer 32

1. In Apple Business Manager , sign in with a user that has the role of Administrator or People Manager.
2. Select your name at the bottom of the sidebar > Preferences > Managed Apple IDs
3. Turn on Microsoft Entra Connect Sync then select Sync Now.

Question 33

Continuity services availability

Which Continuity features can users use between devices that are signed in with the same Managed Apple ID as the primary account on both devices?

Answer 33

AirDrop

AirPlay to Mac

Auto Unlock

Continuity Camera

Continuity Markup and Sketch

Handoff

Personal Hotspot

iPhone cellular calls

Sidecar

Universal Clipboard

Universal Control

Question 34

Due to the organizational focus and to protect user privacy, which services are not available for Managed Apple IDs:

Answer 34

Find My - The app appears, but the user can’t use it.

Health - The app can be used, but data isn’t synced to iCloud.

Home - The user can’t add HomeKit devices to the Home app.

Journal - The app appears, but the user can’t use it.

Apple Wallet - The app appears, but organizations can add only student ID cards and employee badges.

iCloud Family Sharing - Unavailable.

iCloud Mail - Unavailable.

iCloud+ services (Private Relay, Hide My Email, Custom Email Domain) - Unavailable.

Question 35

Scenario: A user is signed in to a device with a Managed Apple ID

Which media services are unavailable to the user?

Answer 35

Apple Arcade

Apple Fitness+

Apple Music

Apple Music radio

Apple News+

Apple One

Apple TV+

Question 36

Scenario: A user is signed in to a device with a Managed Apple ID

Which iCloud services are available to the user?

Answer 36

Calendar

Contacts

Freeform

iCloud Backup

iCloud Drive

iCloud Keychain

News

Notes

Photos

Reminders

Safari

Siri

Stocks