Apple clears hurdles for large-scale iOS device deployment with updated IT tools

Posted:
in iPhone edited March 2014
Apple on Wednesday revealed a variety of changes and additions to its iOS device deployment and management tools for IT professionals in a bid to streamline mass deployments for large enterprise and education institutions.

Deployment


Earlier this month, AppleInsider reported that Apple looked to be prepping a mobile device management overhaul that included wireless supervision and configuration features. With an update to the company's IT website, it appears many of those tools have been activated.

According to an in-depth report from TechCrunch, the changes made to Apple's enterprise and education programs are wide-ranging and suggest the company is looking to make a major push in large-scale iOS deployments.

Many of the additions and tweaks to existing IT tools can be found through Apple's iPhone in Business webpage under the IT deployment category. A Device Enrollment Program Guide (PDF link) offers a brief overview at some of the changes, including updates to the Volume Purchase Program and Apple ID for Students Program.

Counted among the device rollout features is a "zero-touch configuration" tool that can automate the Mobile Device Management (MDM) system over wireless communications. This is a vast improvement over previous iterations of Apple's deployment method, which required physical access with each device to set up.

Supervision of deployed devices can also be accomplished wirelessly via the MDM server. Apple offers examples of turning off iMessage of Game Center on certain devices, Web content filtering and other system-level custom configurations. Wireless supervision can be enabled during the setup procedure.

Apple notes that while critical device information can be seen through the MDM server, personal account information remains hidden for user security. For example, personal email, SMS or iMessages, calendars, contacts, Safari browser history and other metrics are not available for viewing.

Enrollment for the program is also made easier with a new dedicated webpage called "Deployment Programs." Though the site's name has been updated from "Volume Services," a temporary title used during Apple's beta testing phase with select MDM vendors and institutional clients, its function of verifying qualifying businesses and educational institutions remains the same. Other services are also attached to the website to make new enrollments and management easier for the end user.

A more thorough rundown of the deployment program's new toolset and protocols can be found in Apple's iOS Deployment Technical Reference Guide (PDF link).
«1

Comments

  • Reply 1 of 28

    THIS is what will step Apple out ahead of Android and blunt anything Microsoft may have lined up. Only BB ever had anything close to this and they are toast. Apple never got their act together like this with the Macs, I'm so happy to see Apple on their toes and thinking on a big scale for support. I expect this is only a beginning to address large-scale deployment needs.

  • Reply 2 of 28
    macxpressmacxpress Posts: 5,801member

    This sounds great! As a person who works IT in education, I always wished there was a better way to roll out a bunch of iPads at once. Right now its a huge pain in the ass, even with a Bretford Powersync cart. Its very time consuming. I'm interested in seeing more like this. 

  • Reply 3 of 28
    macxpressmacxpress Posts: 5,801member
    Quote:
    Originally Posted by Macky the Macky View Post

     

    THIS is what will step Apple out ahead of Android and blunt anything Microsoft may have lined up. Only BB ever had anything close to this and they are toast. Apple never got their act together like this with the Macs, I'm so happy to see Apple on their toes and thinking on a big scale for support. I expect this is only a beginning to address large-scale deployment needs.


     

    I agree...I think this will help educational customers as well as businesses deploy mass quantities of iPads. This is something Android or even Windows doesn't have. 

  • Reply 4 of 28

    As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

     

    https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf

  • Reply 5 of 28
    THIS is what will step Apple out ahead of Android and blunt anything Microsoft may have lined up. Only BB ever had anything close to this and they are toast. Apple never got their act together like this with the Macs, I'm so happy to see Apple on their toes and thinking on a big scale for support. I expect this is only a beginning to address large-scale deployment needs.

    I sincerely hope Apple continues to apply everything they are learning from mobile devices to their desktop, laptop and workstation class devices. Apple being the only company that can apply everything they learn from every product line to every other product line is an advantage that can't be underestimated.
  • Reply 6 of 28
    Yeah it seems they're being proactive and trying to keep a strong hold on the enterprise portion. Aren't they leading by a lot? I always see stories regarding companies or schools moving to using iPads. It's really smart of them to implement this to make it easier for companies.
  • Reply 7 of 28
    Quote:
    Originally Posted by otterfish View Post

     

    As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

     

    https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf


     

    I was looking forward to this until I read that "only devices purchased directly from Apple" were eligible. That totally rules me out as we don't always buy our products directly from Apple. Now my only hope is that they would truly beef-up Profile Manager or just simply relax the purchase directly from Apple requirement. Really, what difference does it matter if we get our devices directly from Apple or some reseller that's willing to give us a slight discount in exchange for us business. In the end, we bought some Apple products and we need a simple, easy way to manage those devices in our small enterprise.

  • Reply 8 of 28

    Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.

  • Reply 9 of 28
    GrangerFX wrote: »
    Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.

    Interesting idea but what happens if the WiFi simply loses the connection momentarily?
  • Reply 10 of 28
    zabazaba Posts: 226member
    solipsismx wrote: »
    Interesting idea but what happens if the WiFi simply loses the connection momentarily?
    Or you walk a corridor with no wifi. Wifi is probably not the answer. But gps...
  • Reply 11 of 28
    solipsismxsolipsismx Posts: 19,566member
    zaba wrote: »
    Or you walk a corridor with no wifi. Wifi is probably not the answer. But gps...

    Unfortunately for GPS it can sometimes go all cattywampus for a moment, especially inside of buildings.

    I wonder if a full coverage of iBeacons might be a solution, or even just a time limit for a lockout based on periodic network checks, like not checking in to a server within 20 minutes.
  • Reply 12 of 28
    GrangerFX wrote: »
    Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.

    Geofencing is already available in third party MDM that allows you to disable/wipe the device of it moves outside a desired location. You can also do the same thing in response to the SIM being removed.
  • Reply 13 of 28
    saareksaarek Posts: 1,520member
    Quote:

    Originally Posted by otterfish View Post

     

    As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

     

    https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf


    You can't expect the customers who pay far more for their Apple products to have the same high level of service as an American, don't be so silly!

  • Reply 14 of 28
    otterfish wrote: »
    As usual for those of us not in the States: Only devices purchased directly from Apple in the United States via your Apple Customer Number are eligible for use in the Device Enrollment Program. 

    https://ssl.apple.com/iphone/business/docs/iOS_Deployment_Technical_Reference_EN_Feb14.pdf

    In time, young grasshopper, in time.
  • Reply 15 of 28
    And hopefully this is the "next big thing" from Apple -- finally taking the enterprise seriously. I trust it will deploy soon in other markets besides the US.
  • Reply 16 of 28
    macxpressmacxpress Posts: 5,801member
    Quote:

    Originally Posted by SolipsismX View Post





    Unfortunately for GPS it can sometimes go all cattywampus for a moment, especially inside of buildings.



    I wonder if a full coverage of iBeacons might be a solution, or even just a time limit for a lockout based on periodic network checks, like not checking in to a server within 20 minutes.

     

    Also, not all iPads have GPS. My school still orders and uses iPad 2 WIFI models (until Apple stops offering them) because they're cheaper so we can get more for our money and they're more than adequate for students needs. 

  • Reply 17 of 28
    macxpressmacxpress Posts: 5,801member
    Quote:

    Originally Posted by GrangerFX View Post

     

    Apple did not implement my suggestion which was location based security and device sharing for enterprise users. The idea was that any device removed from the network and/or physical location would automatically brick themselves until they were reactivated by IT (or returning them to their proper location). It would also allow any person in the company to pick up any mobile device, log in with their credentials (or fingerprint) and then have the device immediately restore to the last state the user left the previous device in. This would make all devices interchangeable in the company. You could load up whatever you wanted to share on the screen, hand it to a co-worker and then pick up any other device, tap the home button and resume your work where you last left off. I did not invent this way of working with mobile devices. It actually comes from the Star Trek Enterprise and Voyager TV shows.


     

     

    Apple doesn't do this because it would cause more headaches than its worth. There's too many issues that could arise with a solution like this. For example, what if the network goes down and you're a school/business with 5,000-10,000 iPads. Now you have 5,000-10,000 iPads that automatically disabled themselves. Talk about an absolute mess and a bunch of long hours for IT. 

  • Reply 18 of 28
    solipsismxsolipsismx Posts: 19,566member
    Geofencing is already available in third party MDM that allows you to disable/wipe the device of it moves outside a desired location. You can also do the same thing in response to the SIM being removed.

    Nice. Do you have a link to how this is setup?
  • Reply 19 of 28
    This is almost useless for most businesses. I contacted Apple and there is no way to participate in this program unless the devices you want to use are purchased directly from Apple which eliminates probably a great deal of those that can benefit from this program.

    Very disappointing!
  • Reply 20 of 28
    Quote:

    Originally Posted by macxpress View Post

     

     

     

    Apple doesn't do this because it would cause more headaches than its worth. There's too many issues that could arise with a solution like this. For example, what if the network goes down and you're a school/business with 5,000-10,000 iPads. Now you have 5,000-10,000 iPads that automatically disabled themselves. Talk about an absolute mess and a bunch of long hours for IT. 


     

    They would re-enable themselves when the network goes back up again and they reconnect to it. WiFi networks do not go down very often in my experience. It is far more likely that the internet connection would be lost but that would not disable the devices if the scheme I suggested was implemented.

Sign In or Register to comment.