Microsoft Authenticator, Azure SSO for iOS, and Jamf in K-12 Education (Any Advice, Please!)

New Contributor

New Jamf Tech here!
I am currently looking for a way to streamline our Summer refresh and deployments. Our acting Jamf admin is great, but stays busy with several things, so I really want to try to make things better for our students and also just teach myself something.

The short version: We use a 1-1 model that functions on a rotation using stock out of a warehouse. It's fine, but we face a lot of bottlenecks that slow down the process when thousands of devices need to be deployed or refreshed. Seeing as how I am new to all this, I may get confusing, so I apologize!!

Overall, I want our devices to be able to fall into any students hands at any grade level 95% configured then finish with a short checkout/single sign in process. 
After it's set up, it's used the entire school year or until it is ready to be wiped. 

I have heard that Jamf Reset & Setup in education works well and I think that could work towards my goal, but I also saw a session at JNUC where they spoke of using those two apps in the healthcare field and how it could be used alongside Microsoft Authenticator (SSO with Azure) and I believe (forgive my memory) they said something about using this in conjunction with Jamf to have the iPad name itself a role name given in Azure...? 
I don't quite know if I could make that work in the k-12 setting since I wouldn't want it to be named a role, but instead assign the students username (maybe I could use a Variable?), in the hope of populating their info. I have a general idea of what I hope and any feedback/help would be great.

Here's the general idea:
Once the iPads have gone through the pre-stage and downloaded all the common apps that will be used across all campuses,
We'd like to have the student select their campus in Jamf Setup and (if needed at their campus) have an app or two added to the device. Documentation show's this part is pretty simple.

Here's where I start falling off a bit,
I then want the student to be able to use the single sign on... This could hasten the process with the other apps they sign into, right?
Okay, so follow me, this is where I need to configure Authenticator into shared mode and link it to Azure...yes?
Also, this is also where I get a little confused about whether or not I can use Authenticator, Azure and/or Jamf in conjunction for naming/assigning in a k-12 environment.
I haven't really found specific info for Education and the Azure SSO using Authenticator. It all seems to be business based and discuss role assignments and that's essentially where my brain starts spinning and I lose confidence and start trying to understand all over again.  
I know I was sort of vague with how our environment works so if you have questions, I will do my best to answer.

Basically any advice, suggestions, or links for help with using Jamf Setup then Microsoft Authenticator, Azure SSO for iOS, and Jamf in K-12 Education for enrollment and user assignments is welcomed. 

Thanks for making it to the end!!



Contributor II

It sounds like you are looking to streamline your device deployment and refresh process for your 1-1 student program. You're considering using Jamf Reset & Setup and Microsoft Authenticator with Azure SSO for device configuration, user assignment, and single sign-on.

To achieve your goal of having the students be able to sign into the device with a single sign-on process, you can use Microsoft Authenticator and Azure Active Directory (AAD) to implement single sign-on (SSO) for your students. This way, students will only have to sign in once, and they will be automatically signed into all the apps that they have access to.

To use Azure SSO with Microsoft Authenticator in a K-12 education environment, you'll need to set up AAD and configure the Microsoft Authenticator app to use AAD as its identity provider. Then, you'll need to enroll your devices in Jamf, configure them with the Microsoft Authenticator app, and set up the app for shared mode, which will allow multiple users to sign in to the same device.

You can use Jamf Setup to pre-configure the devices with the common apps that will be used across all campuses. Then, you can use Jamf to add campus-specific apps to the devices based on the student's selection. You can also use Jamf to name the devices based on the student's username.

For more information on using Microsoft Authenticator and Azure SSO with Jamf in a K-12 education environment, you can check out the following resources:

I hope this information helps! Let me know if you have any other questions.