- Jamf Nation Community
- Products
- Jamf Pro
- #K12 Deploying Shared iPad Carts Without Apple IDs...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
#K12 Deploying Shared iPad Carts Without Apple IDs using DEP and Apple Configurator 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-09-2015 03:34 PM
Hi All,
I thought I'd share the workflow I used this week to set up and deploy a few hundred new shared student iPads in carts using the new Apple Configurator 2, DEP, VPP MD, and the latest version of JSS (v9.81) without using Apple IDs. I couldn't find any step-by-step documentation online, so I typed up my own. I thought I'd summarize and share what I did in hopes that it helps some of you who are just getting started with the new Apple Configurator 2.
Here's the workflow I used this week.
Before you get started...
Be sure you are signed up for Apple's Deployment Programs at http://deploy.apple.com . Link up your JSS with DEP, and set up VPP in your JSS too. For help on Apple's Deployment Programs, visit http://help.apple.com/deployment/programs/ . For help setting up DEP and VPP in the JSS, see the Casper Suite Administrator's Guide 9.81 .
In the VPP Education Store...
I first determined what apps I wanted as my default set of apps and purchased (paid or free) that number of Managed Distribution licenses from the VPP Education Store. I have a group of a dozen or so free apps that get installed on all iPads so I "purchased" 3,000 free licenses of each. NOTE: If you don't see the app right away, follow these instructions. The issue is filed with JAMF support under D-009059.
In the JSS...
Make sure you allow for Apple Configurator enrollment at Management Settings -> Mobile Device Management -> Apple Configurator Enrollment and place a check mark in the box next to "Allow Apple Configurator enrollment." Under PreStage Enrollments, I added my new DEP iPads to a new shared student PreStage Enrollment under Scope. Here you can choose to Supervise devices, allow for pairing, disallow MDM profile removal, make MDM profile mandatory, and skip any/all the setup assistant steps. Created/updated a Student Customizations configuration profile with various restrictions. Scoped it to our "Shared Student iPads" Smart Group. Added my default set of apps as individual apps under "Apps" in the JSS and under the VPP tab of each selected "Assign VPP Content" and the VPP account that I used to "purchase" those free app licenses. Scoped to my new "Shared Student iPads" Smart Group. Set apps to auto install.
In Apple Configurator 2...
NOTE: From an earlier post here on JAMF Nation, use the following URL for enrollment in AC2 instead of the one listed in the JSS (this issue is filed with JAMF under D-009664): https://jss.organization.org:8443/mdm/ServerURL
- In AC2, click Blueprints -> Edit Blueprints -> New. Name your Blueprint. Then double-click the Blueprint.
- Click Prepare -> Automated Enrollment -> Next.
- Add a WiFi Profile (created by AC2 under File -> New Profile). Click Next.
- Skipped Username and Password and just click Prepare. Now "Automated Enrollment" shows up under "Setup."
- Click Add to add apps or profiles. In the Menu Bar, click Actions -> Modify to add wallpaper or set device names. For device names, click on the "+" sign in the lower left corner of the popup window and select Number. You can change the Number field by double clicking on the number that comes up in blue and edit the number. You can also add the cart name or other words before/after the number. When done, click Done.
- Plug all iPads in to the AC2 computer with a sync cart or USB hub.
- Select all iPads. Right click, choose Apply and select the new Blueprint. Click Apply.
Applying this Blueprint will activate, update, prepare, and enroll your iPads. Once the iPads update to iOS 9.0.2 and enroll into the JSS, the default apps set up in the steps above start installing automatically without any Apple ID or any user interaction.
Future app updates can be managed in the JSS too either automatically for all apps (Settings -> Mobile Device Management -> App Updates -> Automatically update all App Store Apps), automatically per app (Mobile Devices -> Apps, select the app -> Automatically update app), or manually (Mobile Devices -> Apps, select the app , Edit, click Force App Update). All of this can be done in the JSS and pushed out OTA to the iPads without Apple IDs.
With Apple Configurator 2, you can customize your initial setup by using Blueprints. When you are in Edit mode of a Blueprint, just add the setup actions you want and it will save to the Blueprint. For example, to have a Blueprint restore a backup be sure you are in Edit mode of a Blueprint and go to Actions -> Restore from Backup… Choose the backup you want to restore and you will see it save to the Blueprint.
The latest JSS release v9.81 offers many new iOS 9 features including some fantastic new configuration profile restrictions. I am most excited about the ability to uncheck the box next to "Allow modifying passcode (supervised only)." I can't tell you how often a student will maliciously set a passcode on a shared iPad… this restriction will keep that from happening again on any of our shared iPads.
Resources:
iOS 9 Deployment Referece: https://help.apple.com/deployment/ios/
Apple Configurator 2 Help: http://help.apple.com/configurator/mac/2.0/
Apple Deployment Programs Help: http://help.apple.com/deployment/programs/
I'm sure my shared cart workflow above will evolve over time but thought I'd post it as it is now. If anyone has anything to add or share (tips, tricks, triumphs or tragedies), please comment! I will continue to add to this post as well.
Thanks and see you at JNUC next week.
~Joe
PS. If anyone wants to discuss this workflow at JNUC, come to the K12 iPads in Education mini-event. Hope to see you there!
Labels:
- Labels:
-
VPP
44 REPLIES 44
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-18-2016 08:07 AM
@nsdjoe thanks for this writeup. Finally got everything set up here and really made it simpler to go through the process. Haven't seen you in the macadmin slack, you should pop over sometime.
@ypsadmin I'm also wishing there were location controls either in AC2 or available via config profile. My date/time on iPads is defaulting wrong b/c location services by default is off. Or allow us to set time zone at least.
@mattgreen10 did you figure out what you needed with the wallpapers? I'm using AC2 to set wallpaper to black with device name on lock screen which I think will allow us to no longer deal with labeling iPads and matching up names to labels. Still thinking that through though.
Beta of AC2 available to developers has some new edu 9.3 features worth checking out to anyone interested.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-01-2016 06:03 PM
Is there any tricks to get paid Apps onto the iPads using AC2 and VPP? I am not using an MDM, just AC2 and manual apply of blueprint. I can manually add the App and Profile, but not through Blueprint.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 11:54 AM
Anyone have tips on how they are implementing their naming convention? I'm testing our new DEP enabled shared device model with AC2.2 and really struggling on the naming. AC2.2 doesn't seem to increment properly, but teachers really like knowing student Timmy has #1 (versus just naming device by serial). For our own inventory purposes, it's helpful to have cart or room number as well in the name so I can see easily in JSS how many are in room X, etc.
Configurator does some weird things with their device names it seems not really tying them to blue prints, or maybe I'm doing it wrong.
I've had a ticket in with Apple for over a month for the incrementing issue and have gotten nowhere with them.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-05-2016 01:40 PM
@CasperSally In our K12 we create a spreadsheet of the serials of the iPads then the Campus Tech assigns the iPads numbers following a naming convention like [SITE]-[CARTName]-[Number/Identifier]. Then later, in the JSS, they assign the iPads Name by using the "Enforce Name" feature which renames the iPad remotely. This is not an efficient way of naming iPads by any means, but it gives the Campus Tech total control over the name and numbering of the iPads.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-12-2016 09:03 AM
@CasperSally Sorry for not answering until now. No we have not figured out how to add wallpapers during the AC2 process. To my knowledge, AC2 requires supervision of iPads in order to add the wallpaper, but as soon as the iPads are enrolled and supervised in JSS, this action must be undone by restoring the devices; therefore, deleting the wallpaper.
We just lifted the wallpaper restriction on some of our classrooms so that teachers and students could add their own wallpaper and then either locked the restrictions back, or trusted that the teachers and students will monitor the wallpapers so that nothing inappropriate is placed on their screens.
