JAMF Pro question for those with knowledge - Re: iPads

upnyakhir
New Contributor

Hey guys. We're currently using Mosyle to manager a few (>100) iPads. But the way we're looking to use them is hitting serious snags with Mosyle.

So I'm hoping someone can inform me if this is a Mosyle limitation of an Apple limitation (ie - Can Jamf Pro do this?)

The simple scenario:

We want to be able to use a cart full of iPads and assign them all a single, generic Apple account. This way, we don't have to create an account for each device but we still retain the ability to manage and configure the device. Our users can just pick up the device and it's ready to go (no lock screen/PIN).

Mosyle seems to struggle with this when it comes to deploying Apps to the iPads. Here's how I understand it: I add/configure/push the app from Mosyle. It's assigned to a specific user (this way we get the app to all the iPads using the one account). Mosyle acknowledges this, and as soon as the User logs into an Ipad, the app is then pushed to that specific iPad. But this is where is gets sketchy. It seems Mosyle check basically says "welp, I did exactly what you asked, mission accomplished" and removes any further app pushes or checks. The problem is that this leaves us with a cart full of devices but only ONE with the proper app(s) on it.

Does JAMF have a better way of doing this? Am I just missing something "bigger picture"?

Sorry it's not full "MacAdmin" specific but I'm not sure where else to ask specifically if Jamf can handle it this way.

2 REPLIES 2

Tribruin
Valued Contributor II

You should not being using a single AppleID to install Apps on multiple iPads. In addition to being a pain, it is against Apple's TOS. Using the same AppleID and sharing Apps is only for Personal user, not education or commerical. 

 

You want to be looking at VPP (Volume Purchasing Program and Device Based App Assignemnt. You will need to purchase an app license for each iPad you want to install the App on to. Instead of assigning Apps to AppleIDs, you assign them to each iPad. 

 

JKingsnorth
Contributor

You shouldn't be using Apple ID's on managed iPads in that type of scenario to begin with, thats the point of having managed iPads. We actually use policies in Jamf to prevent the ability to even log into an Apple ID.

 

To do what you describe you'll need a couple things... 

  1. A School/Business Account w/ Apple
  2. A VPP account w/ Apple to use with #1
  3. An Admin account w/ Apple to use with #1
  4. Ability to obtain an Apple Push Notification cert

We use different AppleID's for all of the above but maybe thats antiquated information as we've had Jamf for 10 or years now. I would certainly recommend the VPP and Admin account being different AppleID's and NEVER logging into a device as either. That way if the Admin gets a new job you aren't bound to keep that account if it has money on it. Just a generic AppleID with your company for it.

 

This is just a short version of how we do it. It can take years to get everything settled in place but those are the basic things you will need to start, no matter what MDM you pick. 

Might seem biased because of where this reply is posted but I have tried several different MDM's and come back to Jamf every time... Use Jamf Pro.