MicrosoftDocs
diff --git a/‎articles/active-directory/saas-apps/apple-business-manager-provision-tutorial.md
Lines changed: 20 additions & 15 deletions b/‎articles/active-directory/saas-apps/apple-business-manager-provision-tutorial.md
Lines changed: 20 additions & 15 deletions
diff --git a/‎articles/active-directory/saas-apps/apple-school-manager-provision-tutorial.md
Lines changed: 20 additions & 15 deletions b/‎articles/active-directory/saas-apps/apple-school-manager-provision-tutorial.md
Lines changed: 20 additions & 15 deletions
diff --git a/‎articles/active-directory/saas-apps/media/apple-business-manager-provision-tutorial/scim-token.png
51.7 KB b/‎articles/active-directory/saas-apps/media/apple-business-manager-provision-tutorial/scim-token.png
51.7 KB
diff --git a/‎articles/active-directory/saas-apps/media/apple-school-manager-provision-tutorial/scim-token.png
51.7 KB b/‎articles/active-directory/saas-apps/media/apple-school-manager-provision-tutorial/scim-token.png
51.7 KB
diff --git a/‎articles/active-directory/saas-apps/media/applebusinessmanager-provisioning-tutorial/scim-token.png
-75.7 KB b/‎articles/active-directory/saas-apps/media/applebusinessmanager-provisioning-tutorial/scim-token.png
-75.7 KB
diff --git a/‎articles/active-directory/saas-apps/media/appleschoolmanager-provisioning-tutorial/scim-token.png
-75.7 KB b/‎articles/active-directory/saas-apps/media/appleschoolmanager-provisioning-tutorial/scim-token.png
-75.7 KB
diff --git a/‎articles/active-directory/saas-apps/toc.yml
Lines changed: 5 additions & 1 deletion b/‎articles/active-directory/saas-apps/toc.yml
Lines changed: 5 additions & 1 deletion
@@ -29,6 +29,7 @@ This tutorial describes the steps you need to perform in both Apple Business Man
 > * Create users in Apple Business Manager
 > * Remove users in Apple Business Manager when they do not require access anymore
 > * Keep user attributes synchronized between Azure AD and Apple Business Manager
+> * [Single sign-on](../manage-apps/add-application-portal-setup-oidc-sso.md) to Apple Business Manager (recommended).
 
 ## Prerequisites
 
@@ -52,17 +53,21 @@ The scenario outlined in this tutorial assumes that you already have the followi
 2. Click Settings at the bottom of the sidebar click Data Source below Organization Settings, then click Connect to Data Source.
 3. Click Connect next to SCIM, carefully read the warning, click Copy, then click Close.
 [The Connect to SCIM window, which provides a token and a Copy button under it.]
-Leave this window open to copy the Tenant URL from Apple Business Manager to Azure AD, which is: 'https://federation.apple.com/feeds/business/scim'
+Leave this window open to copy the Tenant URL from Apple Business Manager to Azure AD, which is: `https://federation.apple.com/feeds/business/scim`
 
-	![Apple Business Manager](media/applebusinessmanager-provisioning-tutorial/scim-token.png)
+	![Screenshot of Apple Business Manager token generation.](media/apple-business-manager-provision-tutorial/scim-token.png)
 
-> [!NOTE]
-> The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
+   > [!NOTE]
+   > The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
 
 ## Step 3. Add Apple Business Manager from the Azure AD application gallery
 
-Add Apple Business Manager from the Azure AD application gallery to start managing provisioning to Apple Business Manager. If you have previously setup Apple Business Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
+* Add Apple Business Manager from the Azure AD application gallery to start managing provisioning to Apple Business Manager. If you have previously setup Apple Business Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially.
+
+* To add the Apple Business Manager Azure AD app with Microsoft tenants, the administrator of the tenants must go through the federated authentication setup process, including testing authentication. When authentication has succeeded, the Apple Business Manager Azure AD app is populated in the tenant and the administrator can federate domains and configure Apple Business Manager to use SCIM (System for Cross-domain Identity Management) for directory sync.
 
+   [Use federated authentication with MS Azure AD in Apple Business Manager](https://support.apple.com/en-ke/guide/apple-business-manager/axmb02f73f18/web)
+   
 ## Step 4. Define who will be in scope for provisioning 
 
 The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md). 
@@ -75,30 +80,30 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
 
 1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
 
-	![Enterprise applications blade](common/enterprise-applications.png)
+	![Screenshot of Enterprise applications blade.](common/enterprise-applications.png)
 
 2. In the applications list, select **Apple Business Manager**.
 
-	![The Apple Business Manager in the Applications list](common/all-applications.png)
+	![Screenshot of the Apple Business Manager in the Applications list.](common/all-applications.png)
 
 3. Select the **Provisioning** tab.
 
-	![Provisioning tab](common/provisioning.png)
+	![Screenshot of Provisioning tab.](common/provisioning.png)
 
 4. Set the **Provisioning Mode** to **Automatic**.
 
-	![Provisioning tab automatic](common/provisioning-automatic.png)
+	![Screenshot of Provisioning tab automatic.](common/provisioning-automatic.png)
 
-5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple Business Manager in **Tenant URL** and **Secret Token** respectively.. Click **Test Connection** to ensure Azure AD can connect to Apple Business Manager. If the connection fails, ensure your Apple Business Manager account has Admin permissions and try again.
+5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple Business Manager in **Tenant URL** and **Secret Token** respectively. Click **Test Connection** to ensure Azure AD can connect to Apple Business Manager. If the connection fails, ensure your Apple Business Manager account has Admin permissions and try again.
 
-	![Token](common/provisioning-testconnection-tenanturltoken.png)
+	![Screenshot of Token.](common/provisioning-testconnection-tenanturltoken.png)
 
 > [!NOTE]
 >If the connection is successful, Apple Business Manager shows the SCIM connection as active. This process can take up to 60 seconds for Apple Business Manager to reflect the latest connection status.
 
 6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.
 
-	![Notification Email](common/provisioning-notification-email.png)
+	![Screenshot of Notification Email.](common/provisioning-notification-email.png)
 
 7. Click **Save**.
 
@@ -125,15 +130,15 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
 
 11. To enable the Azure AD provisioning service for Apple Business Manager, change the **Provisioning Status** to **On** in the Settings section.
 
-	![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+	![Screenshot of Provisioning Status Toggled On.](common/provisioning-toggle-on.png)
 
 12. Define the users and/or groups that you would like to provision to Apple Business Manager by choosing the desired values in **Scope** in the **Settings** section.
 
-	![Provisioning Scope](common/provisioning-scope.png)
+	![Screenshot of Provisioning Scope.](common/provisioning-scope.png)
 
 13. When you are ready to provision, click **Save**.
 
-	![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+	![Screenshot of Saving Provisioning Configuration.](common/provisioning-configuration-save.png)
 
 This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
 
 
@@ -29,6 +29,7 @@ This tutorial describes the steps you need to perform in both Apple School Manag
 > * Create users in Apple School Manager
 > * Remove users in Apple School Manager when they do not require access anymore
 > * Keep specific user attributes synchronized between Azure AD and Apple School Manager
+> * [Single sign-on](../manage-apps/add-application-portal-setup-oidc-sso.md) to Apple School Manager (recommended).
 
 ## Prerequisites
 
@@ -52,17 +53,21 @@ The scenario outlined in this tutorial assumes that you already have the followi
 2. Click Settings at the bottom of the sidebar click Data Source below Organization Settings, then click Connect to Data Source.
 3. Click Connect next to SCIM, carefully read the warning, click Copy, then click Close.
 [The Connect to SCIM window, which provides a token and a Copy button under it.]
-Leave this window open to copy the Tenant URL from Apple Business Manager to Azure AD, which is: 'https://federation.apple.com/feeds/school/scim'
+Leave this window open to copy the Tenant URL from Apple School Manager to Azure AD, which is: `https://federation.apple.com/feeds/school/scim`
 
-    ![Apple School Manager](media/appleschoolmanager-provisioning-tutorial/scim-token.png)
+    ![Screenshot of Apple School Manager token generation.](media/apple-school-manager-provision-tutorial/scim-token.png)
 
-> [!NOTE]
-> The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
+    > [!NOTE]
+    > The secret token shouldn’t be shared with anyone other than the Azure AD administrator.
 
 ## Step 3. Add Apple School Manager from the Azure AD application gallery
 
-Add Apple School Manager from the Azure AD application gallery to start managing provisioning to Apple School Manager. If you have previously setup Apple School Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially. Learn more about adding an application from the gallery [here](../manage-apps/add-application-portal.md).
+* Add Apple School Manager from the Azure AD application gallery to start managing provisioning to Apple School Manager. If you have previously setup Apple School Manager for SSO, you can use the same application. However it is recommended that you create a separate app when testing out the integration initially.
+
+* To add the Apple School Manager Azure AD app with Microsoft tenants, the administrator of the tenants must go through the federated authentication setup process, including testing authentication. When authentication has succeeded, the Apple School Manager Azure AD app is populated in the tenant and the administrator can federate domains and configure Apple School Manager to use SCIM (System for Cross-domain Identity Management) for directory sync.
 
+   [Use federated authentication with MS Azure AD in Apple School Manager](https://support.apple.com/en-ke/guide/apple-school-manager/axmb02f73f18/web)
+   
 ## Step 4. Define who will be in scope for provisioning 
 
 The Azure AD provisioning service allows you to scope who will be provisioned based on assignment to the application and or based on attributes of the user / group. If you choose to scope who will be provisioned to your app based on assignment, you can use the following [steps](../manage-apps/assign-user-or-group-access-portal.md) to assign users and groups to the application. If you choose to scope who will be provisioned based solely on attributes of the user or group, you can use a scoping filter as described [here](../app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md). 
@@ -75,30 +80,30 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
 
 1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**.
 
-    ![Enterprise applications blade](common/enterprise-applications.png)
+    ![Screenshot of Enterprise applications blade.](common/enterprise-applications.png)
 
 2. In the applications list, select **Apple School Manager**.
 
-    ![The Apple School Manager in the Applications list](common/all-applications.png)
+    ![Screenshot of Apple School Manager in the Applications list.](common/all-applications.png)
 
 3. Select the **Provisioning** tab.
 
-    ![Provisioning tab](common/provisioning.png)
+    ![Screenshot of Provisioning tab.](common/provisioning.png)
 
 4. Set the **Provisioning Mode** to **Automatic**.
 
-    ![Provisioning tab automatic](common/provisioning-automatic.png)
+    ![Screenshot of Provisioning tab automatic.](common/provisioning-automatic.png)
 
-5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple School Manager in **Tenant URL** and **Secret Token** respectively.. Click **Test Connection** to ensure Azure AD can connect to Apple School Manager. If the connection fails, ensure your Apple School Manager account has Admin permissions and try again.
+5. Under the **Admin Credentials** section, input the **SCIM 2.0 base URL and Access Token** values retrieved from Apple School Manager in **Tenant URL** and **Secret Token** respectively. Click **Test Connection** to ensure Azure AD can connect to Apple School Manager. If the connection fails, ensure your Apple School Manager account has Admin permissions and try again.
 
-    ![Token](common/provisioning-testconnection-tenanturltoken.png)
+    ![Screenshot of Token.](common/provisioning-testconnection-tenanturltoken.png)
 
 > [!NOTE]
 >If the connection is successful, Apple School Manager shows the SCIM connection as active. This process can take up to 60 seconds for Apple School Manager to reflect the latest connection status.
 
 6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**.
 
-    ![Notification Email](common/provisioning-notification-email.png)
+    ![Screenshot of Notification Email.](common/provisioning-notification-email.png)
 
 7. Click **Save**.
 
@@ -125,15 +130,15 @@ The Azure AD provisioning service allows you to scope who will be provisioned ba
 
 11. To enable the Azure AD provisioning service for Apple School Manager, change the **Provisioning Status** to **On** in the Settings section.
 
-    ![Provisioning Status Toggled On](common/provisioning-toggle-on.png)
+    ![Screenshot of Provisioning Status Toggled On.](common/provisioning-toggle-on.png)
 
 12. Define the users and/or groups that you would like to provision to Apple School Manager by choosing the desired values in **Scope** in the **Settings** section.
 
-    ![Provisioning Scope](common/provisioning-scope.png)
+    ![Screenshot of Provisioning Scope.](common/provisioning-scope.png)
 
 13. When you are ready to provision, click **Save**.
 
-    ![Saving Provisioning Configuration](common/provisioning-configuration-save.png)
+    ![Screenshot of Saving Provisioning Configuration.](common/provisioning-configuration-save.png)
 
 This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running.
 
 
@@ -2695,7 +2695,11 @@
       - name: Amazon Web Services (AWS) - Role Provisioning
         href: amazon-web-service-tutorial.md#configure-azure-ad-sso
       - name: Appaegis Isolation Access Cloud
-        href: appaegis-isolation-access-cloud-provisioning-tutorial.md  
+        href: appaegis-isolation-access-cloud-provisioning-tutorial.md
+      - name: Apple School Manager
+        href: apple-school-manager-provision-tutorial.md
+      - name: Apple Business Manager
+        href: apple-business-manager-provision-tutorial.md      
       - name: Asana
         href: asana-provisioning-tutorial.md
       - name: askSpoke