This article is intended for network administrators.

Starting on May 26, 2021, Apple will require organizations to verify all existing unverified and new domains that are associated with Apple Business Manager and Apple School Manager.

After May 26, you’ll no longer be able to use unverified domains to create new Managed Apple IDs. Existing Managed Apple IDs in an unverified domain will continue to work during a provisional period, but will need to be migrated to a verified domain before December 2021. You’ll still be able to manage devices, update existing Managed Apple IDs, and create new Managed Apple IDs on verified domains and the reserved domain. The reserved domain is created automatically.

In December 2021, all unverified domains will be removed from Apple Business Manager and Apple School Manager organizations. Managed Apple IDs will be migrated to the reserved domain. End users won’t be notified of this change. All roles and privileges will remain intact, including the account password and associated email address. For example, if you’re using the domain example.com and don’t verify before December, managed Apple IDs will be renamed from person@example.com to person@examplecom.appleid.com automatically.

To prevent disruption, verify your domain now or move your Managed Apple IDs to a verified domain or the reserved domain.

To determine if you need to verify your domain, sign in to Apple Business Manager or Apple School Manager and navigate to Settings > Accounts. Domains with a green circle to the left of the name are verified. Domains with a yellow circle need to be verified.

Verify your domain in Apple Business Manager.

Verify your domain in Apple School Manager.

Certain features require verified domains, including integrating Apple School Manager with your Student Information System (SIS), importing users with Secure File Transfer Protocol (SFTP), or enabling federated authentication. If you want to use these features, you must use a verified domain.

Verifying a top-level domain doesn’t verify subdomains. For example, verifying example.com won’t verify appleid.example.com. You’ll need to verify appleid.example.com independently.

A reserved domain is a domain that Apple provides. You can use it without additional verification. It’s based on the website that you used when you enrolled in Apple Business Manager. For example, if you enrolled using the website www.example.com, the reserved domain name would be examplecom.appleid.com. If multiple organizations use the same domain, an incremental number is added to the name, such as examplecom2.appleid.com. The reserved domain is generated automatically and can’t be edited or removed.

Multiple organizations can all verify the same domain if the domain was associated with Apple Business Manager before March 2020. Each organization must verify the domain individually. Work with other Apple Business Manager administrators to make sure that one organization has verified the domain before the other organization starts the process. If multiple organizations try to verify at the same time, it could cause errors when validating the TXT record.

Verifying a domain doesn’t create conflicts with existing Apple IDs that use the domain. However, if the organization enables federated authentication, users will be required to choose a new name for conflicting Apple IDs.