We are preparing to roll-out 2200 iPads to our students. I am running into 2 issues:
1. During setup, we connect to an “Enroll” SSID. It has no password and access to only the sites needed for setup. Also relevant is that we have federated our ASM with Azure. All of our accounts authenticate against Azure to access iCloud. The issue I am having is that if I try to log into iCloud during setup (while on the Enroll SSID), I get a blank screen when normally asked for the password. The screen is titled login.microsoftonline.com, but there must be additional addresses that need to be whitelisted. Has anyone found a list of these sites?
2. Once setup is complete, I can complete it if I bypass iCloud set up, the iPad remains on the “Enroll” SSID. I do have a payload that installs the “Secure” SSID configuration but I have to manually switch to it and forget the “Enroll” network. Is there a way to set the default network and forget the other?
I greatly appreciate any input on these issues.
I cannot comment on your first issue as we do not currently federate our Managed Apple IDs. For your second problem though there is not an easy way to switch someone off the "Enroll" network. The only thing that we were able to do that use to be reliable but now isn't is push a WiFi profile down with the "Enroll" network and the option to auto connect as off. When it was working this forced the iPads to jump over to the "Secure" network as that one had auto connect enabled. I am not sure what changed but this only reliably works a small percentage of time now. We have all the users just move over to the "Secure" network once they are on boarded now.