Documentation Index
Fetch the complete documentation index at: https://docs.iru.com/llms.txt
Use this file to discover all available pages before exploring further.
Apple Business Manager is now Apple Business. Apple School Manager is unchanged. For more information, see Introducing Apple Business and Apple Business Manager is now Apple Business.
About Apple Business or Apple School Manager Domain Verification
Domain verification is a security requirement that ensures only legitimate domain owners can create Managed Apple IDs using their domains. This process prevents unauthorized use of domains and protects against ownership conflicts.How It Works
Apple Business or Apple School Manager domain verification requires you to prove ownership of your domain through DNS record verification. This process involves adding specific DNS records to your domain’s DNS settings, which Apple then verifies to confirm your organization’s ownership of the domain.Why Domain Verification is Required
Before this new requirement, anyone could add a domain to their Apple Business or Apple School Manager account and create Managed Apple IDs using this domain—even if they didn’t own it. This could lead to ownership conflicts and security concerns. However, now that Apple requires everyone to verify their Managed Apple ID domain names, you can be sure that your organization is the only one that can modify the DNS records for its domains. For more on domains in these services, see the user guide for Apple Business or Apple School Manager on Apple Support.Frequently Asked Questions
If I used the domain before the mandatory verification requirement, is it automatically verified?
No. Even if your Managed Apple ID domain name was in use well before the new verification requirement, it isn’t grandfathered in. You still need to complete the verification process.What if more than one organization is using the domain?
If your Managed Apple ID domain name is used by multiple organizations, this shouldn’t present any ownership conflicts; each organization can independently verify the domain. However, only one organization can federate that domain. In this case, other organizations must move their Managed Apple IDs to another verified domain. Otherwise, they may receive error messages such as “Managed Apple ID ending with this domain name is not allowed.”How soon do I have to verify the domain?
You must verify your Managed Apple ID domain name within 14 calendar days of clicking the Verify button in Apple Business or Apple School Manager.Why did I get an email asking me to verify ownership of my domain?
If you get an email asking you to verify your domain, then another organization has claimed a domain that’s currently used by your Managed Apple IDs. You’ll have to verify your domain ownership within 14 days of receiving this email.What if I can’t or don’t want to verify the domain?
In this case, you must move the Managed Apple IDs that you aren’t verifying to a reserved domain or a different verified domain; otherwise, you may receive error messages such as “Managed Apple ID ending with this domain name is not allowed.” By “reserved domain,” Apple is referring to the default domain that shows up under Accounts. It’s the name of the domain that your organization enrolled in Apple Business or Apple School Manager plus a number: Iru Endpoint1.appleid.com, for example.Verifying Domains Associated with Your Apple Business or Apple School Manager Account
Add, link, or verify domains
Follow Apple’s guide to add, link, or verify domains in the service you use: Add and verify a domain in Apple Business or Add and verify a domain in Apple School Manager.
Considerations
DNS access, timeline, and verification
DNS access, timeline, and verification
- DNS Access Requirements: Ensure you have administrative access to your domain’s DNS settings to add verification records
- Verification Timeline: Complete domain verification within 14 days of initiating the process to avoid service disruption
- DNS records and account security: Apple must be able to resolve your verification records on the public internet. Publish only the record types, names, and values Apple provides for verification—do not add unrelated sensitive data to those records. Restrict and monitor access to your DNS provider accounts (least privilege, MFA, and change alerts), because anyone who can edit your DNS can disrupt verification or compromise your domain.
Organizations, federation, and reserved domains
Organizations, federation, and reserved domains
- Multiple Organizations: Coordinate with other organizations using the same domain to prevent conflicts
- Reserved Domains: Understand that reserved domains (like Iru Endpoint1.appleid.com) are available as fallback options
- Federation Limitations: Only one organization can federate a domain, even if multiple organizations verify it
Planning, testing, and risk reduction
Planning, testing, and risk reduction
- Error Prevention: Verify domains before creating large numbers of Managed Apple IDs to avoid migration issues
- Testing: Test domain verification in a controlled environment before production deployment
- Backup Planning: Have alternative domain options ready in case primary domain verification fails
- Migration Planning: Plan for potential Managed Apple ID migrations if domain verification is not possible
Ongoing operations, compliance, and support
Ongoing operations, compliance, and support
- Documentation: Keep records of verification processes and DNS record configurations
- Monitoring: Regularly monitor domain verification status and renewal requirements
- Support: Contact Apple Support if you encounter issues with the verification process
- Compliance: Ensure domain verification aligns with your organization’s security and compliance requirements