Currently Apple federates only with Azure AD for Managed Apple IDs, and that is very limiting for our customers who use us as an IdP. In addition, Apple Business Manager requires manual creation of Managed AppleIDs one at a time.
This combination is very limiting, and I was wondering what we should be doing to help our customers create Managed AppleIDs at school for use of the new User Enrollment?
I would think that you'd just create a free AAD tenant, then federate it your preferred idP. Then federate ABM to AAD.
So when a user goes to log in with a managed Apple ID, they are prompted to log in to AAD, AAD says you need to go to this idP to log in, they sign in to the idP and then they're allowed access.
Creating an additional resource isn't a great way to solve this problem for our customers. Either offering an import function using SFTP (as Apple School Manager currently allows), or a more open SAML integration strike me as a way to encourage the adoption of User Enrollments powered by Managed Apple IDs.
Apple cannot comment on future product plans, the current situation is as described manual account creation in the UI or federating with Azure AD. Feature requests through Feedback Assistant are always welcome.