Apple Configurator can create a profile that is used to enroll tens or thousands of devices into an MDM solution. Doing so provides centralized management en masse while minimizing the time it requires to configure devices. This is how most environments are going to mass deploy iOS devices that will be enrolled into an MDM service.
But it is worth noting that when using an automated enrolment profile as opposed to a web clip that points users at an enrolment web page, you will miss out on one thing: you will not know which device is in which user's hands. There are ways to obtain that information, such as the name of the device or the serial that's likely tracked along with which staff member has a device, but the MDM solution isn't likely to associate devices with users automatically without some link that tells users who has which device.
Apple Configurator is not a tool for over-the-air configurations of devices. But it can help to get devices enrolled provided that they can access an MDM solution, such as Apple's Profile Manager or third-party solutions such as AirWatch or Casper MDM. Each of the third-party solutions should have a unique way of enrolling devices. Therefore, make sure to check with your vendor prior to creating an enrolment profile, as this task is meant to showcase the ability.
Before getting started, make sure that devices can log into the wireless network (often done through the use of a profile) and make sure that once logged into a wireless network, devices can access a well functioning MDM server.
To download an enrollment profile from JAMF's Casper MDM, follow these steps:
First log in to the web interface of the JSS, seen in the following screenshot:
Click on the link for Mobile Device Enrollment on the Mobile Device Enrollment Invitations screen.
Click on the Enrollment Profiles tab. On the Enrollment Profiles screen, click on Download for the appropriate profile (for most environments there should only be one as shown in the following screenshot):
Once the profile is downloaded, it will automatically attempt to enroll the computer you are downloading it from in the Profiles System Preferences pane. Click on Cancel to keep the profile from installing. Click on the downloads link in Safari.
Click on the magnifying glass icon to see the
.mobileconfigfile.
You have now downloaded the
.mobileconfigfile that will enroll devices into Casper MDM. To deploy the profile through Apple Configurator, open Apple Configurator on the client computer. Click on Prepare in the row of icons along the top of the screen. Drag the profile (by default currently calledMDM-iOS5.mobileconfig) from the Finder into the list of Profiles. The profile then appears in Apple Configurator.Check the box for the newly added profile to add it to any workflow.
The subsequent screen shows when devices are being configured. Here, dock the device to receive the profile (note, all docked iOS devices are going to be configured with this profile).
Now from the device, once the profile is installing on the device, click on the Install button.
Click on Install on the device again to complete the installation.
Once the profile is installed, click on Done.
To unenroll from MDM, simply remove the profiles by clicking on Profiles and then clicking on the Remove button. According to the MDM API, a user can elect to remove their device from management at any point, so expect this will happen occasionally, even if only by accident.
Once the enrollment profile and corresponding trust profile is installed on each iOS device, the MDM server that the device is enrolled in will be able to manage that device remotely. Management starts with an Apple Push Notification Service each time a change is made as well as for regular check-ins. This push notification tells the device to check in with the server. When the device checks in, the server provides any payloads to the device.
Payloads can include any of the options we've covered that are otherwise configured with profiles. However, centralized management using an MDM solution allows for over-the-air changes to profiles, rather than waiting for devices to check back in. This allows for the most highly configurable and quickly changed solution available.
Even if using an MDM solution, though, installing profiles through Apple Configurator still plays an integral part in managing iOS devices. The most notable payloads being to set up a Wi-Fi network to establish a network connection to an MDM server and then to install the automatic enrolment profile.
Let's take a look at what we should do in case we don't have an MDM provider.
If you do not yet have an MDM provider, consider checking out the wiki at http://enterpriseios.com/wiki/Comparison_MDM_Providers, which contains a comparison of each of the vendors currently providing device management for iOS. Here, you can find out which solutions support the various options your organization considers important and maybe even find out about products you haven't yet heard of!
iOS 6 is a great device, out of the box. It can access e-mail, leverage iMessages to communicate with friends, get you anywhere in the world you need to go, share calendars, access contacts, keep up on scores with the web browser, and pretty much live the dream. But the real power in iOS is the wealth of games, business productivity, student learning, and personal productivity apps available on the App Store. Without these apps and the extent that the developer community has grown, it is arguable that while great devices, the iOS family would not be so entrenched in schools, enterprises, non-profits, and small businesses around the globe.
When dealing with apps on a small scale (for example, for my iPhone at home), little is needed; an Internet connection, a valid Apple ID, and a credit card. But when configuring a large number of iOS devices, more complex situations come up. For example, you can't give students credit card access to buy the apps they need on devices. Companies need to be able to centrally manage the distribution of apps and therefore the data within them and of course, you need users to know exactly which apps they should have.
In this section, we'll look at leveraging the Volume Purchasing Program from Apple in order to purchase apps en masse and then look at how to distribute those applications through Apple Configurator.