The following five guest posts are written by David Colville, with some light editing by me. I first met David online in 2015 when I was exploring Microsoft PowerBI and its suitability for educational analytics at St Andrew’s College. David connected me with Datacom New Zealand and their BI Team and the rest, as they say, is history. Since the initial introduction, our paths have crossed digitally many times, yet only once in person! Recently we chatted online about using Intune to manage iOS devices in educational contexts and from there the idea of a series of blog posts emerged. We have decided to split these reasonably technical and lengthy posts into the following five topics:
- Intune & iOS – Setting Up
- Intune & iOS – Adding iOS Devices Using Device Enrollment Program (DEP)
- Intune & iOS – Assign Applications To Devices
- Intune & iOS – Setting Up Profiles
- Intune & iOS – Building A Custom Profile
I am really thrilled to have David share his expertise in these posts and it highlights the value of building a Professional Learning Network (PLN) online, as without our initial virtual engagements, I would not have had access to his knowledge and skills. So I extend a huge thanks to David and strongly encourage you to connect with him on Twitter.
Assigning Applications To Devices Overview:
Once you have the iPads enrolled into Intune for mobile device management (MDM), the first thing most ICT Admins want to do is push applications to them as quickly and uniformly as possible. In an educational context where students share devices, most teacher want the iPads to be as similar as possible so that all applications are identical.
At a high level, this process works as follows:
- Setup a Token that enables communication between Apple’s Volume Purchase Program store (VPP) and Intune. This only needs to be done once per year.
- “Buy” Apps through the Volume Purchase Program store (this includes free apps as well as paid).
- Configure Intune to perform a regular check with the VPP Store and through this process identify any apps that you may have purchased. Once they are visible within Intune, you can assign the Apps to the devices you have enrolled into Intune (as per the instructions here in the previous post).
Purchasing Apps Via Apple’s Volume Purchase Program:
The first place you need to go is Apple’s Volume Purchase Program store. This is available at:
https://volume.itunes.apple.com
Now, depending on whether you’re an Education or Business customer you may see some minor differences. The features are pretty much the same, except that in the Education store if you buy 20 or more Apps you get them at half price (for most Apps).
Customers get the choice when they first sign into the Volume Purchase Program to identify if they are an education customer.
Once you’ve selected Education, you can sign in and start searching for the app you wish to add to the devices:
Select the app from the list that you’re wanting to “buy” (even with free apps you need to go through the purchase process):
Once you’ve selected an app, in this example we are choosing a free one, you can purchase your desired number of licenses that you require. For free apps it’s often a good idea to “buy” a few more than you actually need in case you end up with some extra iPads at a later date:
You need to click “Place Order” in the bottom right to proceed, at which point you’ll likely be asked to log in again to authenticate the purchase and this process can take up to a few minutes to complete:
While here, you will want to obtain your “VPP Token” which can be uploaded into Intune. Go to the “Account Summary” section in the top-right of the window, and click “Download Token”. Save this file somewhere safe because you’ll need it shortly:
This completes the work required to purchase apps in Apple’s Volume Purchase Program and now you need to sign back into Intune through the Azure Portal to complete the final steps of assigning the applications to devices.
Configuring Intune To Distribute Apps To Devices:
Once you have signed back into Intune you need to move from the Intune Blade into the “Manage: Mobile Apps” blade. Reminder: in Intune groups of settings are known as “blades” and expand from left to right. You need to close each blade or scroll from right to left to go “back” in your settings selections.
Scroll down the Mobile Apps blade to the “Setup” section and look for iOS VPP Tokens:
Once in that blade, you want to select “Add an iOS VPP Token”
Upload the token you downloaded earlier (see above) into this section and then enter the Apple ID you used to login to the VPP Store.
Click “Upload” and after a “Sync” the Volume Purchase Program Store will sync all the Apps you’ve purchased into Intune, and allow them to be assigned to the devices you have in Intune:
Assigning Apps To Devices In Intune:
A quick recap of what we have achieved so far:
- We have “purchased” apps via Apple’s VPP setup. These could be either free or truly paid for commercial apps.
- We then set up Intune to connect to the VPP through the token and then synchronized Intune with VPP so that all purchased apps are now visible within Intune.
The next step is to assign that App (or Apps) to a single device or indeed, a group of devices.
Make sure you are still in Intune and in the “Mobile Apps / Apps” blade. You should be able to see the Apps that have been purchased earlier. In my example here, I filtered out a few others and just found the Adobe App I purchased earlier:
By clicking on the App that I want to Assign a third blade appears, where I can choose to Assign the App to a particular device or group of devices through the “Assignments” section. By clicking “Select Groups” we are provided with a choice of the Groups we want to assign it to:
You need to choose a group of devices and then select them to be “Required” with “Device Licensing” and this will then automatically assign the App out to the devices in that Group. If you use choose “User Licensing” the end user is prompted for an Apple ID when the App is pushed to their device. In a schooling context, this might be usable for older students or staff, but is frankly less commonly used these days.
Please Note: It can take around 10-15 minutes for the Apps to be pushed out to the devices, so you may want to plan ahead. If the device is “Supervised” (using Apple Configurator or Device Enrollment Program) then the App will be pushed without the user needing to interact with the device. Conversely, if the device is not Supervised, the user will be prompted to accept the App install at which point it will proceed without needing an Apple ID to be entered.
We’ve covered a lot of content in the first three blog posts of this series and by now you should be able to:
- Set up Intune through the Azure Portal to connect with Apple’s Device Enrollment Program (DEP)
- Enroll and configure devices with DEP into Intune
- Purchase and assign Apps to devices through the VPP store.
In the remaining two blog posts we will cover off:
- How to create and assign Profiles to the iPads – this will allow you to put further restrictions in place in terms of what students or teaching staff can do with the devices
- How to create custom Profiles in Intune – this is important for any additional features using Apple’s XML keys e.g. preventing students from removing apps on an iPad.
Stay tuned for the next posts!
Recently read about a blog regarding iOS supervised mode and found by doing that we can have more control over the iOS device.
Check Here : http://blog.mobilock.in/what-is-ios-supervised-mode-what-are-its-benefits/