Do more with managed Apple IDs: https://developer.apple.com/wwdc23/10254 Managed Apple IDs now support: * iCloud Keychain: - Allows companies, schools or institutions to use passkeys with iCloud Keychain Note: For more information, please see the "Deploy passkeys at work" session: https://developer.apple.com/wwdc23/10263 * App data sync with iCloud: Supports Messages, Stocks, News and Siri * Wallet * Continuity To see what features are supported with Managed Apple IDs for business, please see the link below: https://support.apple.com/guide/apple-business-manager/use-managed-apple-ids-axm78b477c81/web To see what features are supported with Managed Apple IDs for schools, please see the link below: https://support.apple.com/HT205918 You can be signed in with both a personal Apple ID and a Managed Apple ID on the same device. Account-driven user enrollment: Managed Apple IDs are needed for account-driven user enrollement for BYOD devices. Note: Note: For more information, please see the "Discover account-driven User Enrollment" session from WWDC 21: https://developer.apple.com/wwdc21/10136 Note: Profile-based user enrollment for BYOD devices is now deprecated. Example configuration workflow for account-driven user enrollment shown in the session video from 4:00 - 5:12. Account-driven device enrollment: Devices enrolled through account-driven Device Enrollment get: * Most of the management capabilities of a profile-based Device Enrollment * On-device separation of personal and work data Example configuration workflow for account-driven device enrollment shown in the session video from 5:42 - 6:50. Managed Apple IDs can also be used for apps which use the "Sign in with Apple at Work and School" feature Works with apps on the following platforms: iOS iPadOS macOS Example workflow for "Sign in with Apple at Work and School" feature shown in the session video from 7:06 - 7:34. Signing in with managed Apple IDs on macOS: Example workflow for signing in with a Managed Apple ID on macOS shown in the session video from 7:39 - 8:25. New access management policies for managed Apple IDs in Apple Business Manager / Apple School Manager Policies are configured in ABM / ASM Control managed Apple ID sign-in based on level of management Default policy: Any Device (requires no management) Effect: Allows managed Apple ID to sign in on any device. Other policies available: Managed Devices Only Effect: Allows managed Apple ID to sign-in only on managed devices. Supervised Devices Only Effect: Allows managed Apple ID to sign-in only on supervised devices. New controls added for Messages and FaceTime - Can restrict Messages and FaceTime to accept messages and calls only from those in your organization - Can disable Messages and FaceTime entirely New controls added for Xcode and the Apple Developer Site - Note: No further details on these controls, so I'm going to investigate further on this topic. iCloud can be disabled for any of the supported apps and services for Managed Apple IDs. Example workflow for disabling iCloud services for Managed Apple IDs shown in the session video from 12:22 - 12:47. The new Access Management controls will be available later this summer as beta features in Apple Business Manager and Apple School Manager. Apple Business Manager / Apple School Manager federation with Identity Providers: Supports: Azure AD Google Workspace Adding support for: OpenID Connect - federated authentication System for Cross-domain Identity Management (SCIM) - directory sycn OpenID Shared Signals Framework - account security events If an Identity Provider supports all three standards, it should be able to federate. Okta is working on becoming a supported Identity Provider for federation.