The following five guest posts are written by David Colville, with some light editing by me. I first met David online in 2015 when I was exploring Microsoft PowerBI and its suitability for educational analytics at St Andrew’s College. David connected me with Datacom New Zealand and their BI Team and the rest, as they say, is history. Since the initial introduction, our paths have crossed digitally many times, yet only once in person! Recently we chatted online about using Intune to manage iOS devices in educational contexts and from there the idea of a series of blog posts emerged. We have decided to split these reasonably technical and lengthy posts into the following five topics:
- Intune & iOS – Setting Up
- Intune & iOS – Adding iOS Devices Using Device Enrollment Program (DEP)
- Intune & iOS – Assign Applications To Devices
- Intune & iOS – Setting Up Profiles
- Intune & iOS – Building A Custom Profile
I am really thrilled to have David share his expertise in these posts and it highlights the value of building a Professional Learning Network (PLN) online, as without our initial virtual engagements, I would not have had access to his knowledge and skills. So I extend a huge thanks to David and strongly encourage you to connect with him on Twitter.
Adding Devices using Device Enrollment:
The best (and easiest) way is to use Apple’s “Device Enrollment Program” (which is part of the Apple School Manager program). This allows for a brand new iPad to be assigned automatically to the Mobile Device Management solution when they are activated – in this case, Intune.
What this means in practice is once the person receives their device they:
- Turn it on
- Join a wireless network
- The device activates, and they’re advised that the school or institution can automatically configure the device
- The device then guides them through a custom configuration including skipping steps during the setup process for quicker deployment.
If you’re thinking this all sounds quite familiar, then it’s probably because Microsoft recently released a similar program for deploying Windows 10 devices called AutoPilot.
To set all this up, it’s a similar process to the push notification setup from the previous blog. In this case you generate a certificate in the Intune portal, upload that into the Apple School Manager site, and then receive a certificate you can upload back into Intune to continue the communication.
Once this is configured, settings for all devices that are enrolled can easily be defined. Microsoft calls these ‘Enrollment Program Profiles’
Defining the Device Management Mode settings depends a little on the intended use of the device. Remember ‘Supervision’ provides you with a lot more control as an admin over the Device, including the ability to push apps to a device without needing the owner of the device to ‘accept’ the app push, consequently these are sensible defaults for most usage in schools.
The ‘Allow pairing’ if not set to ‘All’ stops teachers being able to get photos from an iPad and onto their own computers. Depending on how you’re planning on deploying the iPads then it could be a good idea to leave it on ‘Allow All’
When deploying iPads as student devices into schools using Intune I usually skip all the settings except the location, simply because by enabling the location services it will fix the clock and timezone setting on an iPad automatically. They usually come out of the box with their timezone set to Los Angeles and it’s nice to fix this upfront!
For staff devices, you will likely give them some additional control compared to students, fortunately Intune makes it easy to enable more features for them such as requiring them setup a Touch ID on their device. Remember most of the settings can be configured later – this only affects the initial setup experience.
Once you have defined the configuration, you need to choose which devices you wish to have these settings applied to them. To do this, use the ‘Assigned Devices’ on the left to select a particular device as having that workflow assigned to it.
Any iOS device that you have enrolled in this way will show up in the “Enrollment Program Devices” section.
Once the end user (either student or teacher) goes through the setup of the iOS device, they will be advised that their company/school can “Configure the Device Automatically.”
At this stage, any steps you left enabled in the Setup Assistant Settings section are prompted for completion by the user. When they complete these and get to the home screen the device will have completed the enrollment into Intune, and can’t be un-enrolled without erasing the Device (provided you selected to ‘supervise’ and ‘locked enrollment’ during the configuration).
In the next blog post in this series, we will look at how to assign an application to the device itself (and not just an individual with an Apple ID).
No Responses