Apple School Manager - Entra federation keeps expiring
We have setup Entra federation with Apple School manager using a Global Administrator account that has MFA enabled (mine). The day after, it came up with a warning message
'Your Microsoft Entra connection is expired and federation will be turned off in 20 days. Reconnect your Microsoft Entra to continue using federation'
I reconnected (using my GA account again) and the day after, the message came back.
We'd tested with a second Entra tenant prior to going live, so I initially thought it was related to that - the connection had been removed before moving to production - so left it to expire, at which point managed accounts could no longer sign in.
I've reconnected yesterday (31st Apr) and the message is back today.
so two questions out of this.
- Why is it expiring 24 hours after connection?
- How do we stop this expiry?
All the guidance says is that it needs a Global Admin to create the connection, but nothing about constant expiry.
Any help from people out there that have experienced and fixed this would be appreciated. I've read the apple documentation and it makes reference to it expiring, but no timescales - I'd have thought 24 hours, with 20 days grace is far too short for production use.
Thanks