How to easily create Managed Apple ID using Azure AD?
Learn how to make use of your Azure Active Directory Domain to create Managed Apple IDs in bulk.
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Feb 23, 2021
14 min read
Apple School Manager (ASM) is an online platform that utilizes the cloud, to configure, deploy, and manage Apple devices in classrooms. It combines both Apple VPP and DEP with features such as Managed Apple IDs to streamline device deployment and enable content distribution.
Apple School Manager guides institutions to present a unique classroom experience, tailor-made for students and teachers. ASM supports features including:
DEP is an online service that helps your enterprise configure and deploy Apple devices, that are integrated into Apple School Manager. It simplifies device deployment by reducing the steps involved in the enrollment process. DEP supports over-the-air supervision of iOS devices, enabling access to advanced restrictions and policies otherwise unavailable. This deployment program is usually used hand-in-hand with Mobile Device Management solutions to ensure bulk over-the-air enrollment of Apple devices to its users.
VPP is a web platform that enables your enterprise to purchase, manage and distribute content in bulk, which is integrated into Apple School Manager. VPP enables international allocation of licenses and supports multiple payment options, including distribution of licenses using redeemable codes. It also lets users acquire custom apps that Apple approves through the VPP app store. The Apps and books tab in ASM enables you to view all purchased apps and books, buy new app licenses and transfer licenses from one school to another.
Managed Apple IDs are accounts created explicitly for enterprises, that grant the users access to the secure apps and data stored in your school’s iCloud Drive. They help protect user information and enable students to collaborate with Apple’s apps and services. Managed Apple IDs are generated when you connect Apple School Manager with an SIS, SFTP or Azure AD domain. On top of access to 200GB of iCloud storage, these Apple IDs provide user accounts with role-based administration, password resets, and limitations on communications and app purchases, to ensure a focus on education and learning in your classrooms.
Apple Classroom and Schoolwork are apps that help you guide, monitor and manage student devices. They are available on the app store for iPad and macOS devices. With Apple School Manager, you can integrate user data into these apps. This is done by logging in to iPads using users’ Managed Apple IDs that are linked to the ASM portal. Also, Teachers can manually create classes and add students to the class.
Shared iPads let your school provide a personalized environment on an iPad, that can be used by multiple students. Setting up iPads for shared use allows students to log in to their accounts on these devices, using their Managed Apple IDs. ASM can be linked-to Azure AD, SIS, have accounts imported using SFTP, or be created manually. The Shared iPad sign-in process differs depending on how you configure Apple School Manager.
Using Classroom, you can launch apps or books on any iPad in the class, share work between users, see a summary of your students’ activities, cast the screen to Apple TV, and do much more. Schoolwork lets you quickly assign and manage assignments, monitor student progress, and collaborate with students individually. Together, Apple Classroom and Schoolwork offer great utility and help make classroom management simple and effortless.
Federated authentication is the technique of using an account’s username and password that is stored in one directory and permitting the same username and password to be used in other systems. Managers can use this method to link your ASM portal to your instance of Microsoft Azure Active Directory (Azure AD). Hence, Azure AD users can use their user IDs and passwords as their managed Apple IDs. This lets them use their Azure AD credentials to sign in to iCloud and access managed devices.
ASM supports integration with data sources and directories, including SIS, SFTP, and Azure Active Directory, to ease student data transfer and create new user accounts for your institution.
SCIM is used to automate the communication of user identity data between different identity domains (in this case, ASM and Azure AD). Using SCIM, it is possible to import users into Apple School Manager by merging ASM properties like classes and roles, over the account data imported from Azure AD.
SIS is a computerized database managed and maintained by schools to help track all their student data – including personal information, grades, attendance, and more. ASM lets you securely integrate your SIS and sync specific information to create user accounts, that are created using uniquely generated managed Apple IDs. After the accounts are created, you can set their initial passwords and assign roles to all the users.
SFTP is an SSH (Secure Shell) protocol for moving vast files securely through the internet. Using SFTP, you can upload all the information in CSV files to Apple School Manager. ASM gives you a CSV template to set up your SFTP. After initial configuration, changes in the data are recorded by providing updates to the CSV files.
Apple School Manager lets you build individualized teaching and learning experiences for both students and instructors. This is done with the help of tools like accounts, roles, locations and classes.
Accounts are created using managed Apple IDs. They are set up by IT admins, for all the users in an institution. These accounts can then be managed by the administrators.
Roles allow you to distinguish accounts as managers, instructors, staff or students. The type of role decides which tasks the account can perform in ASM.
Locations are used to manage information on the schools and institutions run by an entity. It shows information about the institutions operating in each location.
Class is a collection of student and instructor accounts. Most classes comprise mostly of student accounts that can be assigned to at least one instructor account.
The features mentioned above enable you to manage and set up a well-functioned administration for your school using Apple School Manager.
Role-Based Access Control (RBAC) authorizes your enterprise to assign and edit role permissions to multiple administrators. Every Apple School Manager account has one or more roles that decide what privileges that account has. Each role defines the level of access that a user has over the network.
ASM provides a quick and straightforward solution to configure and deploy Apple devices. After enrolling your institution in Apple School Manager, devices can be purchased and enrolled directly from Apple or an Apple Authorised Reseller. Once the devices are enrolled in the portal, you can deploy them via a Mobile Device Management (MDM) solution and assign them to the required individuals.
The first step involves enrolling your institution in Apple School Manager. Go to the ASM website and click on ‘enroll now’. Enter your institution details. Enter the name, occupation, and work email of the individual enrolling on behalf of your institution. Add the details for a verification contact to validate your enrollment.
Next, Apple checks with your verification contact to confirm your information. They will receive a mail from ASM to accept the individual whose account will be provided with administrator privileges. Apple will send a mail to this administrator account affirming the enrollment process, after which your institution account is set up, and your managed Apple IDs are created.
There are two methods to add and configure Apple devices to your Apple School Manager portal.
You can add an Apple authorized Reseller or network provider to your ASM portal by adding their Reseller ID to your account profile and sharing your Organisation ID with the reseller. With this step, you authorize that reseller to submit your purchased devices to Apple through their registered reseller portal for enrolment in Apple School Manager.
You can configure iOS, iPad and tvOS devices to Apple School Manager through the Apple Configurator 2 app. This method does not require the devices to be purchased from an authorized reseller or network provider. Once you prepare the device via Apple Configurator 2, it will appear in ASM under the section ‘Devices added by Apple Configurator 2.
Integrating a Mobile Device Management solution with Apple School Manager helps automate device deployment and ease content management for institutions. With the help of an MDM solution, authorities can wirelessly configure the required policies and restrictions and deploy them to the concerned students and staff.
Integrating Apple School Manager with an MDM solution like Hexnode offers additional features and benefits for Apple devices, including simplified enrollments, enhanced device monitoring and easy content management.
Hexnode with Apple School Manager provides out-of-the-box enrollment of Apple devices to your institution. Using Apple DEP with Hexnode, you can enroll devices to your Hexnode portal without needing to touch or prepare them physically. Hexnode’s integration with ASM presents a fast, streamlined approach to deploy Apple devices to schools.
With the Hexnode and Apple School Manager integration, IT admins can pre-configure devices with Hexnode’s policies and restrictions for iOS, macOS, and tvOS platforms. Hexnode with ASM can empower your school to secure, manage and configure all Apple endpoints. Once a device enrolled in Apple School Manager is turned on, all the configurations, restrictions, and policies laid out by Hexnode are automatically activated.
With Apple School Manager, searching and managing apps and books becomes an easy process. Utilizing Apple’s Volume Purchase Program (VPP), licenses for iOS and macOS apps can be easily purchased in bulk and then allocated to multiple users or specific devices. It is also possible to revoke and reassign apps to other users or devices, thereby letting you retain complete ownership and power over all your purchased apps.
Apple’s VPP, when used in union with an MDM solution like Hexnode, makes content management smooth and straightforward, enabling schools to manage their licenses effectively.
Hexnode further simplifies the installation of apps and books to student and staff devices. With Hexnode, you can distribute app licenses in two ways.
Through device-based assignment: Here, the licenses are distributed to the devices, thereby permitting the specified app to remain on the device irrespective of Apple ID.
Through user-based assignment: Here, the app licenses are assigned to a user’s Apple ID. All devices that are signed in using the specific Apple ID can have access to the licensed app.
With Hexnode, content can be directly sent to iPads and Macs, eliminating the tiresome process of manual app installation.
With Hexnode, it becomes possible to ease the setup process for the devices enrolled in Apple School Manager by removing steps in the Setup Assistant. This enables students and teachers to get up and running with their tasks with as minimum downtime as possible.
Using Hexnode with Apple School Manager, IT admins can block the end-users from removing the MDM profile set up by your institution. This prevents any unnecessary actions from your students or staff and provides your school with a secure classroom environment.
For every update in Apple’s software, it is necessary to check whether your school’s workflow is compatible with the new update. This requires time and testing. With Hexnode’s Mobile Device Management solution, you can schedule software updates for your Apple School Manager enrolled devices.
Students and teachers may clutter up your shared devices’ home screen, creating issues identifying the device’s necessary apps. Hexnode MDM enables you to configure Home Screen layouts to determine precisely how your device will display managed apps on the screen.
It is quite natural for students to misplace their devices. But, as an institution, this can cause dire implications, including possibilities of data theft. With Hexnode MDM, you can use features including remote ring, device wipe, activation lock and MDM lost mode to secure your stolen device or find a device that has been misplaced.
Although IT admins can manually create classes, setting up the Classroom/Schoolwork app without an MDM solution can be time-consuming and demand extra effort from your school. With the help of Hexnode’s MDM solution, institutions can automatically configure the Classroom/Schoolwork app with student and class data retrieved from SIS/SFTP or Azure AD. All that needs to be done is to install the app on the teacher’s device and connect the student devices to the same Bluetooth/Wi-Fi network, and voila!
Apple School Manager facilitates the use of Shared iPads. Adding student profiles manually for these shared iPads can be a tedious task for your IT admins. Integrating Hexnode MDM to your Apple School Manager account enables you to automatically configure accounts using the student data received from SIS/SFTP or Azure AD. Students can log in to the device by clicking on their profile and pick up from where they left off.
Apple School Manager is an indispensable tool for automated enrollment and content management across classroom devices. Integrating Apple School Manager with an MDM solution like Hexnode simplifies the process of device enrollment and helps ease the deployment of managed content to classrooms.
Try out Hexnode FREE for 14 days, and make the most out of your classroom management strategies.TRY OUT HEXNODE