or Connect
AppleInsider › Forums › Mobile › iPhone › Apple clears hurdles for large-scale iOS device deployment with updated IT tools
New Posts  All Forums:Forum Nav:

Apple clears hurdles for large-scale iOS device deployment with updated IT tools

post #1 of 29
Thread Starter 
Apple on Wednesday revealed a variety of changes and additions to its iOS device deployment and management tools for IT professionals in a bid to streamline mass deployments for large enterprise and education institutions.

Deployment


Earlier this month, AppleInsider reported that Apple looked to be prepping a mobile device management overhaul that included wireless supervision and configuration features. With an update to the company's IT website, it appears many of those tools have been activated.

According to an in-depth report from TechCrunch, the changes made to Apple's enterprise and education programs are wide-ranging and suggest the company is looking to make a major push in large-scale iOS deployments.

Many of the additions and tweaks to existing IT tools can be found through Apple's iPhone in Business webpage under the IT deployment category. A Device Enrollment Program Guide (PDF link) offers a brief overview at some of the changes, including updates to the Volume Purchase Program and Apple ID for Students Program.

Counted among the device rollout features is a "zero-touch configuration" tool that can automate the Mobile Device Management (MDM) system over wireless communications. This is a vast improvement over previous iterations of Apple's deployment method, which required physical access with each device to set up.

Supervision of deployed devices can also be accomplished wirelessly via the MDM server. Apple offers examples of turning off iMessage of Game Center on certain devices, Web content filtering and other system-level custom configurations. Wireless supervision can be enabled during the setup procedure.

Apple notes that while critical device information can be seen through the MDM server, personal account information remains hidden for user security. For example, personal email, SMS or iMessages, calendars, contacts, Safari browser history and other metrics are not available for viewing.

Enrollment for the program is also made easier with a new dedicated webpage called "Deployment Programs." Though the site's name has been updated from "Volume Services," a temporary title used during Apple's beta testing phase with select MDM vendors and institutional clients, its function of verifying qualifying businesses and educational institutions remains the same. Other services are also attached to the website to make new enrollments and management easier for the end user.

A more thorough rundown of the deployment program's new toolset and protocols can be found in Apple's iOS Deployment Technical Reference Guide (PDF link).
post #2 of 29

THIS is what will step Apple out ahead of Android and blunt anything Microsoft may have lined up. Only BB ever had anything close to this and they are toast. Apple never got their act together like this with the Macs, I'm so happy to see Apple on their toes and thinking on a big scale for support. I expect this is only a beginning to address large-scale deployment needs.

"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #3 of 29

This sounds great! As a person who works IT in education, I always wished there was a better way to roll out a bunch of iPads at once. Right now its a huge pain in the ass, even with a Bretford Powersync cart. Its very time consuming. I'm interested in seeing more like this. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #4 of 29
Quote:
Originally Posted by Macky the Macky View Post
 

THIS is what will step Apple out ahead of Android and blunt anything Microsoft may have lined up. Only BB ever had anything close to this and they are toast. Apple never got their act together like this with the Macs, I'm so happy to see Apple on their toes and thinking on a big scale for support. I expect this is only a beginning to address large-scale deployment needs.

 

I agree...I think this will help educational customers as well as businesses deploy mass quantities of iPads. This is something Android or even Windows doesn't have. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #5 of 29

As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

 

https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf

post #6 of 29
Quote:
Originally Posted by Macky the Macky View Post

THIS is what will step Apple out ahead of Android and blunt anything Microsoft may have lined up. Only BB ever had anything close to this and they are toast. Apple never got their act together like this with the Macs, I'm so happy to see Apple on their toes and thinking on a big scale for support. I expect this is only a beginning to address large-scale deployment needs.

I sincerely hope Apple continues to apply everything they are learning from mobile devices to their desktop, laptop and workstation class devices. Apple being the only company that can apply everything they learn from every product line to every other product line is an advantage that can't be underestimated.
post #7 of 29
Yeah it seems they're being proactive and trying to keep a strong hold on the enterprise portion. Aren't they leading by a lot? I always see stories regarding companies or schools moving to using iPads. It's really smart of them to implement this to make it easier for companies.
My blender/recipe blog: http://blenderinsider.com
Reply
My blender/recipe blog: http://blenderinsider.com
Reply
post #8 of 29
Quote:
Originally Posted by otterfish View Post
 

As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

 

https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf

 

I was looking forward to this until I read that "only devices purchased directly from Apple" were eligible. That totally rules me out as we don't always buy our products directly from Apple. Now my only hope is that they would truly beef-up Profile Manager or just simply relax the purchase directly from Apple requirement. Really, what difference does it matter if we get our devices directly from Apple or some reseller that's willing to give us a slight discount in exchange for us business. In the end, we bought some Apple products and we need a simple, easy way to manage those devices in our small enterprise.

post #9 of 29

Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.

post #10 of 29
Quote:
Originally Posted by GrangerFX View Post

Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.

Interesting idea but what happens if the WiFi simply loses the connection momentarily?

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #11 of 29
Quote:
Originally Posted by SolipsismX View Post

Interesting idea but what happens if the WiFi simply loses the connection momentarily?
Or you walk a corridor with no wifi. Wifi is probably not the answer. But gps...
post #12 of 29
Quote:
Originally Posted by zaba View Post

Or you walk a corridor with no wifi. Wifi is probably not the answer. But gps...

Unfortunately for GPS it can sometimes go all cattywampus for a moment, especially inside of buildings.

I wonder if a full coverage of iBeacons might be a solution, or even just a time limit for a lockout based on periodic network checks, like not checking in to a server within 20 minutes.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #13 of 29
Quote:
Originally Posted by GrangerFX View Post

Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.

Geofencing is already available in third party MDM that allows you to disable/wipe the device of it moves outside a desired location. You can also do the same thing in response to the SIM being removed.
post #14 of 29
Quote:
Originally Posted by otterfish View Post
 

As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

 

https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf

You can't expect the customers who pay far more for their Apple products to have the same high level of service as an American, don't be so silly!

iPad, Macbook Pro, iPhone, heck I even have iLife! :-)
Reply
iPad, Macbook Pro, iPhone, heck I even have iLife! :-)
Reply
post #15 of 29
Quote:
Originally Posted by otterfish View Post

As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf

In time, young grasshopper, in time.
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #16 of 29
And hopefully this is the "next big thing" from Apple -- finally taking the enterprise seriously. I trust it will deploy soon in other markets besides the US.
post #17 of 29
Quote:
Originally Posted by SolipsismX View Post


Unfortunately for GPS it can sometimes go all cattywampus for a moment, especially inside of buildings.

I wonder if a full coverage of iBeacons might be a solution, or even just a time limit for a lockout based on periodic network checks, like not checking in to a server within 20 minutes.

 

Also, not all iPads have GPS. My school still orders and uses iPad 2 WIFI models (until Apple stops offering them) because they're cheaper so we can get more for our money and they're more than adequate for students needs. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #18 of 29
Quote:
Originally Posted by GrangerFX View Post
 

Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.

 

 

Apple doesn't do this because it would cause more headaches than its worth. There's too many issues that could arise with a solution like this. For example, what if the network goes down and you're a school/business with 5,000-10,000 iPads. Now you have 5,000-10,000 iPads that automatically disabled themselves. Talk about an absolute mess and a bunch of long hours for IT. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #19 of 29
Quote:
Originally Posted by canardmince View Post

Geofencing is already available in third party MDM that allows you to disable/wipe the device of it moves outside a desired location. You can also do the same thing in response to the SIM being removed.

Nice. Do you have a link to how this is setup?

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #20 of 29
This is almost useless for most businesses. I contacted Apple and there is no way to participate in this program unless the devices you want to use are purchased directly from Apple which eliminates probably a great deal of those that can benefit from this program.

Very disappointing!
post #21 of 29
Quote:
Originally Posted by macxpress View Post
 

 

 

Apple doesn't do this because it would cause more headaches than its worth. There's too many issues that could arise with a solution like this. For example, what if the network goes down and you're a school/business with 5,000-10,000 iPads. Now you have 5,000-10,000 iPads that automatically disabled themselves. Talk about an absolute mess and a bunch of long hours for IT. 

 

They would re-enable themselves when the network goes back up again and they reconnect to it. WiFi networks do not go down very often in my experience. It is far more likely that the internet connection would be lost but that would not disable the devices if the scheme I suggested was implemented.

post #22 of 29

Can the "Setting" button be removed from the iPad using these tools. This would reduce the risk of light fingered tech savvy teenagers turning the iPad learning tool into yet another gaming consul ?

post #23 of 29
Quote:
Originally Posted by Banyan Bruce View Post

Can the "Setting" button be removed from the iPad using these tools. This would reduce the risk of light fingered tech savvy teenagers turning the iPad learning tool into yet another gaming consul ?

You can. You can play around with the options with this app…



edit: Oops! That's the old app. What macxpress states 2 posts below is correct. Here is the current app: https://itunes.apple.com/us/app/apple-configurator/id434433123?mt=12
Edited by SolipsismX - 2/27/14 at 2:29pm

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #24 of 29
Quote:
Originally Posted by GrangerFX View Post
 

 

They would re-enable themselves when the network goes back up again and they reconnect to it. WiFi networks do not go down very often in my experience. It is far more likely that the internet connection would be lost but that would not disable the devices if the scheme I suggested was implemented.

 

But why would you put yourself in a position as an IT person for this to happen in the first place? It makes absolutely no sense. Its stupid that iPads would disable themselves just because something out of your control happened such as the network going down or something like that. I realize what you're trying to get at with your idea but I just don't think it would work. 

 

Also, there are many many places that WANT you to take them off campus. This is why you get one, not so you can just use it within the company. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #25 of 29
Quote:
Originally Posted by Banyan Bruce View Post
 

Can the "Setting" button be removed from the iPad using these tools. This would reduce the risk of light fingered tech savvy teenagers turning the iPad learning tool into yet another gaming consul ?

 

You can do all kinds of things with Apple Configurator (and an MDM) such as disable the ability to modify some settings in the Settings section. You can also lock it to a specific app, disable installing of Apps, disable removing of apps, disable game center, disable removing the profile that does all of this stuff. You can even disable Safari if you wanted to disable the internet. 

 

The iPad mini's we have go home with students and everything is disabled and the iPad automatically launches a specific app which its locked too. The home button does nothing, waking it from sleep launches the app, restarting the device just relaunches the app once the OS starts up. 

 

You can lock the iOS device down very well with Apple Configurator, or any MDM (Mobile Device Management) software so these don't turn into toys. You can even use Apple Configurator to automatically update iOS if you have a syncing cart and a Mac running Apple Configurator (up to 30 iPads at once). Now, when schools and businesses start doing this bring your own device to work thing, this opens up a huge can of worms. 

 

Apple Configurator is a FREE app off the Mac app store (Notice Mac app store, not iOS app store). 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #26 of 29
Quote:
Originally Posted by macxpress View Post
 

 

But why would you put yourself in a position as an IT person for this to happen in the first place? It makes absolutely no sense. Its stupid that iPads would disable themselves just because something out of your control happened such as the network going down or something like that. I realize what you're trying to get at with your idea but I just don't think it would work. 

 

Also, there are many many places that WANT you to take them off campus. This is why you get one, not so you can just use it within the company. 


This is needed so that iPads can be interchangeable with each other within a company. If an iPads is not the responsibility of any particular employee and can instead drift around the company and used by whoever picks it up then it needs some kind of location based security to prevent it from wandering off home. That security needs to be tight. They can't simply wipe them to remove the security. You could still have personal smart devices as well but they would have a different use than the company provided ones. And if your network goes down constantly, then your IT department has much more important issues on their agenda than smart device management. Again from my experience it is the internet that goes down not the basic WiFi network.

post #27 of 29
Quote:
Originally Posted by GrangerFX View Post
 


This is needed so that iPads can be interchangeable with each other within a company. If an iPads is not the responsibility of any particular employee and can instead drift around the company and used by whoever picks it up then it needs some kind of location based security to prevent it from wandering off home. That security needs to be tight. They can't simply wipe them to remove the security. You could still have personal smart devices as well but they would have a different use than the company provided ones. And if your network goes down constantly, then your IT department has much more important issues on their agenda than smart device management. Again from my experience it is the internet that goes down not the basic WiFi network.

 

You could just set a PIN to make it so others can't use a particular iPad and it can be set to lock itself once the PIN has failed so many times. Why would you not want it go home, or off campus? Whats the point of having one then?

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #28 of 29
Quote:
Originally Posted by macxpress View Post

You could just set a PIN to make it so others can't use a particular iPad and it can be set to lock itself once the PIN has failed so many times. Why would you not want it go home, or off campus? Whats the point of having one then?

1) There are lots of reasons why a company wouldn't want their tech to be removed from their building. His idea is clearly regarding non-personal, corporate devices.

2) A PIN is a single access point. Giving everyone in a company the same PIN to work on any number of tablets is just as poor security as using a single login for every WinPC that are being used by all the employees.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #29 of 29
Quote:
Originally Posted by SolipsismX View Post


1) There are lots of reasons why a company wouldn't want their tech to be removed from their building. His idea is clearly regarding non-personal, corporate devices.

2) A PIN is a single access point. Giving everyone in a company the same PIN to work on any number of tablets is just as poor security as using a single login for every WinPC that are being used by all the employees.

 

Maybe so, but in the case of an iPad, I can't really see why you wouldn't. If you can't trust employees with it, then its not worth using it in the first place. 

 

I meant everyone has their own passcode on their own iPad, not everyone having the same passcode. I agree, that wouldn't do anything for security. 

 

I just think no matter what you do, there's ways a way to circumvent it. You can't outsmart some people no matter what you do or how hard you try. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Apple clears hurdles for large-scale iOS device deployment with updated IT tools
AppleInsider › Forums › Mobile › iPhone › Apple clears hurdles for large-scale iOS device deployment with updated IT tools