Setup Apple Business Manager for automatic user provisioning

Microsoft Intune 2 Minutes

In this blog we will look at the steps required to setup automatic user provisioning.

You can refer to this blog on the steps required to setup Apple Business Manager: Setup Apple Business Manager in Intune – Azure Cloud & AI Domain Blog (azurecloudai.blog)

Prerequisites

Before we get started we need to make sure we have the below prerequisites in place.

  • An Azure AD tenant.
  • A user account in Azure AD with permission to configure provisioning
  • An Apple Business Manager account with the role of Administrator or People Manager.
  • Domain Verified in Apple Business Manager

Verify your domain in Apple Business manager

  1. Sign into Apple Business Manager with an account that has the role of Administrator or People Manager.
  2. In the left bottom click Your Account and select Preferences and Accounts, then click Edit next to Domains.
    Graphical user interface, application, Teams Description automatically generated
  3. Click Verify next to the domain.
  4. Add the TXT Record to your external DNS and click Check Now to verify the domain.
  5. Once verified click Edit in the Federate Authentication section.
    4
  6. Select Microsoft Azure AD and click Connect.
    4
  7. Sing in with your corporate account and click Accept the Apple Business Manager Permissions and the click Done.
    4

Setup Apple Business Manager to support provisioning with Azure AD

  1. Sign into Apple Business Manager with an account that has the role of Administrator or People Manager.
  2. In the left bottom click Your Account and select Preferences, then click Directory Sync.
  3. Click Enable next to Microsoft Azure AD Sync.
    1
  4. Keep the Token, we will use it in the next section.

Add Apple Business Manager from the Azure AD application gallery

  1. Sign into the Azure Portal and navigate to Enterprise Applications.
  2. In the applications list, select Apple Business Manager.
    Graphical user interface, text, application Description automatically generated
  3. Click on Provisioning and then click Get Started.
    4
  4. Set the Provisioning Mode to Automatic.Provisioning tab automatic
  5. Under the Admin Credentials enter the Tenant URL and Secret Token retrieved from Apple Business Manager. Click Test Connection to ensure Azure AD can connect to Apple Business Manager.
    Token
  6. Click Save.
  7. Start the Provisioning by clicking Start Provisioning.
    4
  8. You can monitor the Provisioning by looking at the Logs
    Graphical user interface, text, application, email Description automatically generated
  9. You will see the accounts provisioned in Apple Business Manager under Users
    Graphical user interface Description automatically generated

User Experience

Now that the user accounts have ben provisioned the end user can Sign in to their phone with their corporate email as an Apple ID.

  1. During the setup of the Apple ID on the device the user will enter their corporate email address as the Apple ID

Graphical user interface, text, application Description automatically generated

  1. The user will get a message to continue to the company authentication page

Text Description automatically generated

  1. The user will authenticate with their corporate password

Graphical user interface, text, application, chat or text message Description automatically generated

  1. Once the user has authenticated the Apple ID is setup and the user can access the Apple Services (App Store, iCloud etc.)

Graphical user interface, text, application Description automatically generated

Author

Published