Issue Description
When a Managed Apple Account attempts to sign in manually on a device, it doesn't succeed and we may see an error such as "managed accounts can only be signed in by installing a profile on this Mac" or for iOS "This account must be signed in as a work account on this device."
Cause
This error appears when the Apple Account created in Apple Business Manager or Apple Business Essentials has a subscription plan attached to the account (for example, extra iCloud storage). Apple OSs require an enrollment profile to be installed in order to sign into a Managed Apple Account with a subscription plan; however, because the Jamf enrollment profile is already installed the OS will block installing a second enrollment profile.
Disabling the subscription plan will make the Managed Apple Account login the expected way.
Disabling the Subscription Plan for the Managed Apple Account
Sign into Apple Business Manager or Apple Business Essentials.
Select the user with impacted Apple Account.
Temporarily remove the Managed Apple Account's subscription plan (e.g. extra iCloud storage).
Once the plan is removed from the user in Apple Business Manager or Apple Business Essentials, sign the Managed Apple Account in on the device.
(Optional) Once the Managed Apple Account is signed in on the device, you can return to Apple Business Manager or Apple Business Essentials and re-apply the subscription to the user; however, this same issue would repeat if the Managed Apple Account is signed in again on a managed device.