One of the biggest questions schools have when deploying iPads is about creating Managed Apple IDs for students, teachers, and staff. This is a key concern because many tools and resources are available through the use of these special type of Apple ID, including configuring Apple Shared iPads, synchronizing users’ data in the iCloud account, installing applications that will be used during school activities, and downloading books and apps automatically using VPP licenses..
With the Apple School Manager portal, educational institutions can create Managed Apple IDs in bulk for their students, teachers, and staff. Recently, Apple also introduced the federated authentication capability that enables admins to create the Managed Apple IDs by linking the Microsoft Azure AD with the ASM.
Read on to learn more about Managed Apple IDs – what they are, why they will help you manage iPads and deliver content to students and teachers, and how to create them in a couple of minutes.
A Managed Apple ID is a special type of Apple ID that has been created to meet the needs of educational institutions when deploying and managing iPads. They work like customized Apple accounts for education, allowing school admins to set up restrictions and configurations that will support them in daily management and keep students’ data safe.
There are some relevant differences between Managed Apple IDs and regular Apple IDs, like the terms and conditions of each one. The Managed Apple ID conditions include terms that satisfy the needs of school admins when managing iPads in educational environments, such as protecting school data, allowing device management at a deep level, and delivering apps and books to students’ and teachers’ devices in the easiest way.
In addition, schools using Managed Apple IDs take advantage of 200GB of cloud storage for free per each Managed Apple IDs, providing students with a great amount of storage in order to save what they have created using the iPad.
As we already explained, Managed Apple IDs bring more data security to schools by creating an Apple account that will be used by the student for educational purposes only. The Managed Apple ID is unique and separate from any other Apple ID that you’ve created for yourself or your students. And, unlike personal Apple IDs, the IT administrator manages the services that your Managed Apple ID can access.
That's why the Managed Apple ID allows administrators to restrict the use of some tools and iOS features – a task that is more complex to do in bulk using a regular Apple ID.
Streamlining content distribution is definitely the greatest benefit of using Managed Apple IDs. The administrators can easily assign VPP licenses using an MDM software solution, and the apps and Apple Books will be downloaded on the device without the need for user interaction. Managed Apple IDs are especially useful when distributing Books through the Volume Purchase Program (VPP), as this type of content delivery is only user-based.
In addition, some iOS features are disabled when logging into a device using a Managed Apple ID. For example, students will not have the ability to download or purchase apps and/or books directly through the App Store, iTunes, and/or Books Stores.
Another main reason why schools create Managed Apple IDs for students is because deploying Apple Shared iPads have certain requirements, which include Supervised iPads, devices enrolled in DEP, and Managed Apple IDs.
Other features available for Managed Apple ID include access to iCloud services such as iCloud Drive, Photos, Safari, Notes, Reminders, and Backup. It's also possible to disable features like Find My Friends, Search for my iPhone, the iCloud email, and other native settings.
Using Managed Apple IDs, administrators can also enroll users to school courses in iTunes U, and teachers and students with Managed Apple ID created within the same ASM account can work collaboratively with the iWork apps. In addition, teachers can reset their student`s Managed Apple ID password through Apple's Classroom App.
To create Managed Apple IDs for students, teachers, and staff, you need to access your Apple School Manager account. If you don't have one, read our read our Apple Deployment Program 101 for tips to open an account.
Then, start by organizing the data structure you will create for the Managed Apple IDs. It's highly recommended to create it using the following guidelines:
You can use information from the user’s Student Information System (SIS) account, such as an email address or another account name, as the unique user name. You can also create a unique user name from their names, initials, or ID numbers. If two users end up with the same user name, Apple School Manager will add a number to differentiate them. For example, scottmiller1@ would be the unique username.
Apple recommends using “appleid” as the text for all accounts. For example, scottmiller1@appleid would be the beginning of the full Managed Apple ID.
For example, a fully complete Managed Apple ID would be firstname.lastname@example.org. Be sure you use the same formula for all Managed Apple IDs in your school.
Please note: A Managed Apple ID should be different from a user’s personal email address to help avoid confusion.
Managed Apple IDs don’t have to be the same as user email addresses. If everybody in your school has an email address and those addresses have never been used for the Device Enrollment Program, Volume Purchase Program, Apple ID for Students, or personal iTunes or iCloud accounts, then you can choose to create Managed Apple IDs using those email addresses.
Please note: If you choose to use existing email addresses for Managed Apple IDs, the user will have to remember two passcodes: the original one associated with their email address, and the one associated with their Managed Apple ID.
Recently, Apple launched a new feature that made possible to create Managed Apple IDs within the Apple School Manager by using the federated authentication. There are two ways to configure it: one of them is linking to Microsoft Azure AD only, and the second one is using federated authentication with users from other sources, such as SIS or updating SFTP files.
The Managed Apple IDs will be automatically created when you link to Microsoft Azure AD. With this, users will simply sign in with their current email address as their Managed Apple ID. If a user is removed from Microsoft Azure AD, that user can be removed from Apple School Manager.
When you link to Microsoft Azure AD, Managed Apple IDs are automatically created for users, and they simply sign in with their current email address as their Managed Apple ID.
You then link to your SIS or upload files with SFTP. All information, such as classes and rosters, are updated for the users in your Microsoft Azure AD system. If a user is removed from Microsoft Azure AD, that user must be deactivated in Apple School Manager by an account with permissions to change the status of users.
If you’re connecting to a Student Information System (SIS) or importing users with Secure File Transfer Protocol (SFTP), and using federated authentication, users must have an email address. You can learn more about the Federated Authentication on Apple Support.
Please note: Only domains that haven’t been claimed by another institution can be added. See Federated authentication eligibility check.
You can also edit the default Managed Apple ID formats within the Settings for your Location in the Apple School Manager. If you need to edit the Managed Apple ID format, refer to Apple Support.
Need any further help? We’re here to assist you! Feel free to send us a message!
Save countless hours of IT effort while empowering teachers to manage iPad devices
2019 Mosyle™ Corporation | Trusted by 11,000+ educational institutions across the globe