how to revert the attempted federation in ABM portal

svjs-0437 201 Reputation points

We tried enabling federation between Azure and ABM portal to automatically use UPN as appleid for ADE process, but had to discontinue because there were too many conflicting accounts because of which the client asked us to not enable this at last step.

However now when user tries to create an apple id with client email (same domain we were trying to enable federation with) it does not allows and says not recognised, this was working earlier. Can someone pls assist how to make this work again for users.

Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,241 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,305 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Aleksandr Kolesnikov 86 Reputation points

    This is the correct behavior when the Federation is in progress.
    You have a possibility to check how many accounts conflict after enabling Federation. It means that users, who created a personal Apple account using a corporate (federated) domain, should change it to their personal or after 60 days, the user’s personal Apple ID is automatically renamed to a temporary username.
    Link with more detailed information.

    Note: You cannot disconnect from a federated domain if Apple Business Manager is in the process of enabling federation or resolving conflicts with other Apple IDs.

    Disconnect federation from a domain

    Please let me know if answer was helpful for you :)

  2. Djordje Novakovic 626 Reputation points

    I will share my experience, we removed federation.

    When ABM federation is in progress there is no way to stop it.

    Resolve email conflicts.

    After 60 days - when conflicts are resolved you can complete ABM federation or just disconnect it(this was my case).

    Call Apple support, and they can check from their side when changes are propagated.

    Remove your domain from ABM.

    All existing accounts(admin accounts) will be automatically transferred to "" and you can log in to ABM with that account.

    After that Add your domain again in ABM and verify it.

    After verification your admin accounts will be able to log in again with "@yourDomain".

    Apple IDs can be created with "@yourDomain" again.

    0 comments No comments