This post provides a summary of our school’s solution to managing our mobile devices and apps. It is appropriate for both school owned and students owned devices and deploying both free and paid apps. It is also a very simple way of easily maintaining a record (i.e. an asset register) of all your computers and devices including their serial number, model, OS’s etc and additionally being able to perform actions remotely to them.
In our situation we have school owned iPads, ASUS netbooks and iMacs in classes, a range of iPod Touches and iPads through BYOD, and MacBook teacher laptops. We wanted to monitor school owned devices and be able to deploy apps to school and BYOD iOS devices. This will outline what we do to achieve it. There are probably better ways, but when you are just a small school with no technician and the principal assumes the role network manager, service manager… you find something that saves time, you go for it. Is it perfect? No. Has it saved time and centralised control of devices and apps? Yes. Any advice is welcomed.
What you need:
- A unique school email address for each school owned iPad
- An additional ‘catch-all’ email address
- A unique Apple ID for each school owned iPad
- An Apple Store Apple VPP account
- A valid Apple Push Certificate
- A Meraki Systems Manager account
- Apple Configurator installed
- Not required, but makes life so easy, Google Apps for Education
What we did:
- Create your school Apple Store Apple VPP account. We created two school email addresses (and Apple IDs) for this purpose, one for the VPP Manager (e.g. firstname.lastname@example.org) and one for a VPP Facilitator (e.g. email@example.com). The VPP Manager gives the authority for Facilitators to purchase apps for the organisation. This could be an existing email/Apple ID but we created another specifically for this purpose. The Facilitator Apple ID is the one you used to make Apple VPP purchases and we also use it for our Apple Push Certificate registration.
- Tip: When setting your Apple IDs, make sure you uncheck the Apple News and Announcements, New on iTunes and Other iTunes Offers, always enter the same security questions and answers, DOB etc
- Create your free Meraki Systems Manager account. Just use your normal school email address (i.e. principal@…). When you have access to your Dashboard, navigate to the MDM (Mobile Device Management) section and to Add devices. Download the software installers for Windows and OS X and also note down your Network ID for enrolling your iOS devices.
- Tip: Don’t use a name based email address (i.e. nick@…) as these do not always have a life beyond the user who may not be around for ever.
- Create and set up your Apple Push Certificate. Step by step instructions are provided via the Meraki Dashboard (go to Organisation then MDM) and the Meraki Knowledge Base.
- Tip: Use your VPP Facilitator Apple ID for this purpose.
- Set up your OS X and Windows devices by installing the downloaded software from Step 2. Once installed, the devices will appear in your Meraki Dashboard under Monitor and then Clients. After a while all the machine’s details are visible in the list and you can then explore the additional functionality of Meraki. This is all you need to do for your OS X and Windows environments.
- Tip: For OS X machines, this software can be installed and deployed when you re-image a machine. Rather than plodding around and installing this one by one, just wait for the next re-imaging.
- Tip: Unfortunately, for Windows machines, it’s not so simple as it doesn’t work from an image and you need to remotely/manually install it.
- Use Apple Configurator to create and set up your school owned iOS devices. There is plenty of online support for this as well as the the built in Help. We have one profile for all devices which includes a range of free apps and settings etc that are common to all devices.
- Tip: One thing we do in Apple Configurator is to assign each device/iPad to a ‘user’. The user names are sequential (i.e. ODS iPad 1, ODS iPad 2 etc) and have a user profile picture (the school logo). What this means is that when you turn on/wake up your device, it displays the school logo with its unique name – a really simple way of labelling devices.
- Tip: To keep the iOS device management separate from other uses for our computers, we set up a new user/account on one of our laptops exclusively for using Apple Configurator. This keeps it clean and tidy and avoids clashes between personal Apple IDs etc.
- Tip: If you don’t have a syncing dock/cart for your devices, get yourself a decent USB hub that allows you to configure multiple devices at once. Being restricted to do only one or two at a time is not good!
- Create an email address for each of your iOS devices which will be used for their Apple ID. Super easy in GAFE by uploading the template .csv file with multiple user info.
- Tip: Keep your emails aligned to your device name e.g. if you named your devices iPad 01, iPad 02 etc then logically emails will be ipad01@…, ipad02@… etc.
- Tip: An extra step, not absolutely necessary but in the long term will save time, set these email accounts up so they forward all emails to a catch-all address. We use the VPP Facilitator email to receive all the forwarded emails.
- Once you have prepared, supervised and assigned your iOS devices we need to setup their unique Apple ID. The best way we have found to do this is by manually completing the process on each iPad. This way you can avoid the step of having to enter in any credit card details. Simply go to the App Store on the iPad and find a free app you want to download (or any free app as you don’t actually have to download it). When prompted for an Apple ID, follow the prompts to create one, using your email address created in the previous step. You need to authenticate the email address, so log in to your catch-all Apple ID email and complete the process.
- Tip: As already mentioned, when setting your Apple IDs, make sure you uncheck the Apple News and Announcements, New on iTunes and Other iTunes Offers, always enter the same security questions and answers, DOB etc.
- Now we need to enrol the devices in Meraki Systems Manager. Open up Safari on the device and navigate to m.meraki.com and follow the prompts to enter in your Network ID and install your Meraki profile (if you want to deploy apps to student owned devices you need to complete this step on those devices too). Once this process has completed, the device will appear in your Meraki Dashboard under Monitor and then Clients. You can then edit the device details by adding tags, owners etc.
- Tip: There is also a QR code in Meraki Systems Manager to enrol devices.
- Tip: Tags are really important as this is how you deploy apps out to devices. Take the time to think about how you will tag them. We tag them predominantly by room, as our iPads are based in rooms but also tag them individually for finer deployment as required.
- Now you are all set to go and manage your devices and deploy apps both paid and free.
- To deploy free apps, simply go to your Meraki Dashboard, MDM and then Apps followed by + Add new. Search for and then add apps and assign them to iPads using tags. Meraki will push these apps out to the assigned devices. The devices will automatically prompt for the Apple ID password and the download will commence.
- If the process doesn’t work for any reason, you can re-push out apps to the devices at any stage.
- To deploy paid apps, purchase them through the Apple VPP site. We exclusively use Managed Distribution which enables us to assign apps to individual Apple IDs/devices. That way we retain ownership of all apps, allowing us to revoke and reassign them as needed, even to BYODs. Once a VPP purchase is confirmed, it will appear in your Meraki Dashboard under MDM and then VPP. Then you can assign it to an Apple ID, add it to your apps list and push it out to the devices.
- Tip: On the devices you can also go to the App Store app and find your list of purchased apps (i.e. those assigned to you). They will be listed there and you can initiate the download manually.
That’s the basic outline of what we do. Hopefully you may find it useful. As mentioned, any advice as to how we can streamline the process further would be great!