iPads - Disable Apple iDs or best pratice

IpadguyNCSD
New Contributor

I am the Jamf Admin for a school district for about a year. Overall its not very complicated. We have over 1500 devices. My biggest issue I face on a somewhat regular basis is Apple iDs. I was not here when the district implemented Jamf and the use of iPads. It is still relatively new to me. I am seeking opinions on the best practice for how to handle apple iDs in environments like this. Right now the schools have designated "technology helpers" that keep track of the devices. They also create and manage apple iDs on them. This is where the problem happens. Often a teacher will use their personal ID and then move to a different job, quit, get fired, what have you. If the iPad is managed by Jamf its not difficult to reset it and override the activation issue. I am wondering what is the best practice to handle Apple IDs in our environment? I am sure there is a better way.

If this does not make sense or you need more info please let me know.

Thanks

2 REPLIES 2

tomhastings
Contributor II

What is your need to use an Apple ID in your environment? The last school I was at started out with Apple IDs that were created with any email. Students/parents had to submit paperwork with the Apple ID and password, we had tons of binders to keep track of their accounts. We sent App invitations to the users for assignment on their iPads. A good 40-50% of the students would forget their password or another family member changed the password, inappropriate apps would auto install, bricked iPads that we could not release from the application lock... It was a nightmare! Then we slowly converted over to Apple IDs based on school (Google) email. That solved the forgotten account/password problems and we could better control over releasing the activation lock.
Then we switched to Device Management and locked out the ability for students to enter an Apple ID. That solved all of our problems.
With Apple School Manager and the use of Managed Apple IDs, you may be open to yet another way to handle this. I did not use Managed IDs so hopefully someone else will chime in on that subject.
I know of some schools that use G-Suite and iCloud so that students have options for backing up their data so and Apple ID is needed.

rusty_adams
New Contributor III

Our story is similar to @tomhastings above.

Right now:

All Apps for student ipads are device-based and pushed out through Self-Service. Students are locked out of accounts. I cannot stress how much easier life is by rolling all apps through VPP and device-based assignment. We don't set many apps to auto-install. It has worked pretty well for us to have the teachers make sure the students go into Self-Service to get the apps they need.

Teacher iPads also get "school" apps via self-service and device-based, no AppleID required. We encourage them to use their school e-mail account to create an AppleID and use that to install apps they want to preview or just don't make sense for me to add via VPP.

Currently, one of my schools is piloting Apple Schoolwork, which requires a managed Apple ID. Apple School Manager talks to our SIS so most of that is pretty well automated for us. We pulled the student iPads in, lifted the account lock, signed them into their MAID, then reapplied the lock in that case. Since we are 1:1 and do not use the shared iPad capability, this has worked pretty well.

If for some reason you absolutely have to have an Apple ID for your students, ASM and MAID are the way to go. I've lived through the days where we manually created an AppleID for each student (and could only do 10 or so at a time or ask Apple to whitelist an IP address so would create more than that in one day, trips to the Apple Store to get a device unbricked because of account lock, etc.) Things are much much better now.