Ideas on Setup for Multiple Elementaries Schools on Jamf

mnewman
New Contributor

I'm looking to see how others have JAMF set up. I manage 5 elementaries in JAMF. I have static groups by grade and teacher. I also have static groups for specific "apps". I currently do not use smart groups.
When I get a new iPad I need to put it in the correct school, correct grade, correct apps and correct teacher groups- seems like there may be a more efficient way. How do you have it set up?
Much thanks!

5 REPLIES 5

mrmiller
New Contributor III

Use sites. And figure out an efficient way to manage smart groups. It will make your process much easier.

Assign sites in the pre-stage area.

jlockman
New Contributor II

I recently got JAMF and am trying to figure out the same thing for my deployment next year. We have mostly 'shared' carts (in the old sense, not using Apple Classroom shared iPad mode yet). In my current MDM AirWatch, I created generic users and assigned profiles/apps to the generic user. DEP iPads would ask for authentication during enrollment and techs would plug in generic user account, device would enroll at the proper site and get all the needed profiles and policies.

With JAMF I get the impression the best option is to just make a prestage for each group of student devices (one for each site?), and then group and assign profiles and apps from there. I don't have any suggestions but am also wondering what best practices people are following. Is generic user for authenticated DEP enrollment the way to go or is there a better way? I didn't particularly like keeping up with generic accounts but it helped me identify the ipads and group them immediately for policy/app assignment on enrollment. I don't have teachers enroll with their AD account unless it's a device assigned solely for their use.

mrmiller
New Contributor III

Use AD (or whatever you choose) to do user authentication. MUCH simpler. I have our system set up to the point of being “no touch”. We touch them to barcode, and retrieve the serial-number to pre-stage it, but that is it. Kids can log in and they are good to go.

m_donovan
Contributor III

We have a site per campus (52 currently) and use unauthenticated iOS DEP enrollment via a PreStage per campus. Each site then organizes using primarily static groups to distribute apps and configurations. We are cart based and use Apple Classroom without Apple school manager and/or student accounts.

hphan
New Contributor III

I'm second @mrmiller answer. We setup LDAP server in JAMF and then set up the Extension Attribute to map some Active Directory attributes. We have an Active Directory attribute called homeroom which we use to pull a set of iPads as a classroom set. This method depends on the students log in as themselves on the iPads.