It’s unclear why the SCIM token–based link is no longer available under federation for Entra ID. In the past, I could exchange a SCIM token generated in Apple Business Manager, but this option is no longer present when setting up a federation. There is also no way to verify when the token will expire.
This change is due to a shift in how Apple Business Manager (ABM) integrates with Microsoft Entra ID (formerly Azure AD).
The option to generate a SCIM token is missing because your instance is likely configured to use OpenID Connect (OIDC) instead of the legacy SCIM protocol.
In recent updates, Apple has streamlined the Entra ID integration. When you select "Microsoft Entra ID" as your source, ABM now defaults to OIDC for Directory Sync. This method uses a direct, persistent API connection (OAuth) rather than a manually copied SCIM token.
This change is due to a shift in how Apple Business Manager (ABM) integrates with Microsoft Entra ID (formerly Azure AD).
The option to generate a SCIM token is missing because your instance is likely configured to use OpenID Connect (OIDC) instead of the legacy SCIM protocol.
In recent updates, Apple has streamlined the Entra ID integration. When you select "Microsoft Entra ID" as your source, ABM now defaults to OIDC for Directory Sync. This method uses a direct, persistent API connection (OAuth) rather than a manually copied SCIM token.
Apple Business Manager Entra ID federation token issue
