In this fourth part of this series, I’d like to talk about the technical side of the deployment. You will not need to ben a system engineer to read the following; I’ll try to keep it as comprehensible as possible.
Planning is key
When managing several hundred iPad devices, planning thoroughly is essential. I have the advantage of having experience in managing a small number of iPad devices for 5 years now. We deployed 20 iPads in 2011 in our school and added 25 to that 2 years ago. I used several scenarios to manage these, from manually installing everything on every device separately to over the air Mobile Device Management.
So very early in this project I decided that a MDM server in combination with Apple School Manager was the way to go.
Apple School Manager
In the past, Apple had two programs to facilitate deployments of mobile devices: the Volume Purchase Program (VPP) and the Device Enrollment Program (DEP).
VPP for Education is a separate kind of App Store where schools can buy apps and iBooks in bulk. Most items get a 50% reduction when you purchase 20 units or more. Licenses bought through VPP can be distributed on a managed base: no Apple ID on the device side is required.
DEP facilitates the activation of iOS and macOS devices: when purchasing these devices, you can point them towards your MDM server. After the unboxing, the device will activate and automatically enroll itself into your MDM server and optionally will be supervised. This supervision mode is essential for schools.
Recently, Apple incorporated VPP and DEP into Apple School Manager: one online portal where you handle both programs. Besides these, you can also assign Managed Apple IDs, curate iTunes U content and organize your users in classes, rosters, locations, …
For now, we will not be using Managed Apple IDs, but normal Apple IDs. Managed IDs don’t have App Store abilities and we want this kind of personalization on the device without having to have two separate IDs.
Mobile Device Management Server
I have tried and used several MDM Servers. All have their pro’s and cons. Two years ago, we decided to use Zuludesk for our school owned devices: it is a MDM tailored for education, with a fairly simple interface, great abilities for teachers and affordable.
Zuludesk connects to our Active Directory. It gets its users and groups from it. Groups will convert to classes. We have three types of users: teachers, students and administrators. The administrators are the Zuludesk admins. Students and teachers are assigned to classes. This will facilitate an app called Zuludesk Teacher and Apple Classroom where teachers can do stuff with the iPads that are in their classrooms.
All our teaching staff received an iPad just before Christmas break. How did we roll out these devices?
Get a partner
When deploying iPad in a education or business environment, you want to use DEP. In Belgium you can only order DEP devices at an Apple Solutions Expert. The company we chose is very supportive in our complete deployment planning and execution.
So in november we placed our order. Be attentive for delivery dates: you can’t expect to order 200 devices and get them the next day!
As soon as I got an order confirmation, I heade to the Apple School Manager website and assigned the complete order to our Zuludesk MDM.
Notify the users
To ensure a smooth roll-out, we asked our teachers to do the following:
1 Create an Apple ID (if they didn’t have one yet)
2 Pick a slot in our roll-out scheme; we needed groups of 30. I used a Google Form to make the appointments.
Preconfiguration in Zuludesk
Any MDM needs a DEP profile to configure the iPad on enrollment. I created a DEP profile I n Zuludesk that does the following:
– supervise the device
– add it to a group ‘teachers devices’
– name the device ‘iPad of %FullName%’ The parameter in between the percentage signs is fetched from the Zuludesk user database.
– Skip some of the configuration steps (the white screens when you activate the iPad)
Zuludesk already contains our VPP-app collection and all teachers. There is also a profile that contains settings for our school WiFi and a profile with web clips.
All devices assigned to a teacher will get some apps installed, the WiFi password and web clips.
All teachers in a roll-out session receive a brand new iPad. They unbox the device and start it up. We created an open WiFi in the roll-out area.
The teachers can do all of the setup. They just unbox the iPad and do the following:
– Start the device
– Choose their preferred language
– Pick their geo region
– Choose the open WiFi network
– Log in with their Zuludesk credentials provided by the school
– Setup Touch ID and a passcode
– Log in with their Apple ID
– Enable or disable iCloud Drive and Keychain
The iPad is now ready. All required apps for school are installed automatically.
Students and their parents can choose from three scenarios:
1 They lease an iPad from school with a mandatory warranty
2 They buy a new iPad through a webshop from our reseller (with a discount and optional warranty)
3 They already own an iPad and use that device for school
In all scenarios, students need a personal Apple ID.
Lease and newly bought devices
These iPads follow the same scenario as the devices we provide for our teachers (with DEP enrolment procedure)
Personal existing devices
These devices are not part of DEP. As we require all student devices to be supervised, they need to be enrolled through Apple Configurator. These students get notified up front that they need to de the following before coming to school to complete the enrolment:
– Update to the most recent version of iOS
– Make an iCloud or iTunes backup
– Disable “Find my iPad”
– Disable their passcode
– Erase the device
The student comes to school on the roll-out day and we enrol the device in Zuludesk through Apple Configurator. The rest of the setup is similar to the other scenarios.