Apple’s Commitment to Student Privacy
Apple will never track, share, or sell student information for advertising or
marketing purposes. We don’t build profiles of students based on their email
content or web browsing habits. We also don’t collect, use, or disclose personal
student information other than to provide educational services. Apple will not
sell personal student information or disclose student information for targeting
of advertisements to students.
As a further demonstration of our commitment, Apple has created an Apple
Privacy Policy along with the Apple School Manager Agreement to cover how we
collect, use, disclose, transfer, and store user information. We have also signed
the Student Privacy Pledge.
Apple School Manager and Managed Apple IDs
Apple provides services for schools and educational institutions of all sizes to
easily deploy iPad and Mac. These services have been built with security and
privacy in mind to ensure your institution’s and students’ data is protected
before, during, and after your deployment.
Apple School Manager is a free web-based service that has everything IT
administrators need to deploy iPad and Mac in schools. Apple School Manager
lets you buy content, configure automatic device enrollment in your mobile
device management (MDM) solution, create accounts for your students and staff,
set up class rosters for the Schoolwork and Classroom apps, enable the Student
Progress feature, and manage apps and books for teaching and learning.
A central capability of Apple School Manager is the ability to create institutionally
controlled Managed Apple IDs. Managed Apple IDs give students access to
iCloud Drive, Photo Library, Backup, Schoolwork, and Shared iPad, while
maintaining the control schools need. Managed Apple IDs are designed for
educational purposes only.
To ensure that schools providing devices to students are only enabling use for
the purposes of education, we’ve disabled certain features and functions of
Managed Apple IDs. Students cannot make App Store, Apple Books, Apple TV,
Apple Podcasts, and Apple Music purchases. Also, Apple Pay, Find My, iCloud
Mail, HomeKit, and iCloud Keychain are all disabled. FaceTime and Messages are
also disabled by default, but can be enabled by the school’s IT administrator.
Apple School Manager lets you automatically create Managed Apple IDs for all
students and staff in the following ways:
You can use federated authentication to connect Apple School Manager with
your school’s Microsoft Azure Active Directory (AD) so users will be able to
sign in to Apple services with their Active Directory user name and password.
Microsoft Azure AD is the Identity Provider (IdP), which contains the user names
and passwords for the accounts you want to use with Apple School Manager.
Federated authentication uses Security Assertion Markup Language (SAML) to
connect Apple School Manager to Microsoft Azure AD. At no time is data written
back to Azure AD.