What's New in Version 1.5
Apple Configurator 1.5 contains improvements and bug fixes including:
- Enroll both unsupervised and supervised devices in MDM using enrollment URLs
- Integration with new Bretford PowerSync+ Carts and Stations to report progress and status and display physical port numbers
- Support for a new iOS setting to require a passcode for initial AirPlay connection
Apple has released iOS 7.1 for iPhone 4 and above, and iPad 2 and above. Release notes are below. For direct download links, see our database of iOS Devices (which should be getting an automatic update shortly).
- iOS experience designed for the car
- Simply connect your iPhone to a CarPlay enabled vehicle
- Supports Phone, Music, Maps, Messages, and 3rd-party audio apps
- Control with Siri and the car's touchscreen, knobs, and buttons
- Manually control when Siri listens by holding down the home button while you speak and releasing it when you're done as an alternative to letting Siri automatically notice when you stop talking
- New, more natural sounding male and female voices for Mandarin Chinese, UK English, Australian English, and Japanese
- iTunes Radio
- Search field above Featured Stations to easily create stations based on your favorite artist or song
- Buy albums with the tap of a button from Now Playing
- Subscribe to iTunes Match on your iPhone, iPad, or iPod touch to enjoy iTunes Radio ad-free
- Option to display events in month view
- Country specific holidays automatically added for many countries
- Bold font option now includes the keyboard, calculator, and many icon glyphs
- Reduce Motion option now includes Weather, Messages, and multitasking UI animations
- New options to display button shapes, darken app colors, and reduce white point
For information on the security content of this update, please visit this website:
I am thinking about using Apple Configurator to deploy some iPads. I was thinking of setting up one iPad how I like it. Then Backing up that one, and restore the backup to multiple iPads. Would the restore also restore the Apps? And any setting associated with that app?
Also how do the updates work on apps installed from configurator?. I know with regular apps, that password of the apple ID that was used to download app needs to be entered before update happens.
Thank you all.
[Hi folks! I'm honored to have been asked by the good people at Apple-ization of the Enterprise and Code42 to present a webinar next week. I hope you all from the Enterprise iOS community can join us. — Aaron]
As tablets become even more intuitive and convenient, information workers are demanding these devices as standard operating equipment necessary to do their jobs. And, they expect to have the same user experience as laptops or desktops. However, because tablets can be difficult to manage and deploy, and pose added security challenges, enterprise IT has been slow to deploy them on a grand scale. So, how can IT teams embrace tablets to enable employees to work how they want, while at the same time ensure a successful deployment and long-term management and security?
Join this live webinar as Tekserve CTO and iOS expert Aaron Freimark provides practical tips for successful enterprise iPad deployments, based on his real-life missteps and successes. Aaron will also share:
- How the use of tablets within the enterprise represents a tremendous shift from IT's traditional "command and control" approach
- The 7 common mistakes to avoid during an iPad deployment
- Real-world examples of successful deployments resulting in business efficiencies
- Tips and recommendations for a scalable tablet strategy
March 12, 2014 | 1:00 pm Central
Presented by Tekserve
Aaron Freimark has worked for the last 12 years at Tekserve, New York's largest independent Apple consultancy and retailer, and is the company's CTO. Over that time, Tekserve has architected and supported solutions for NBC Olympics, Cablevision, Al Jazeera America, New York and Minneapolis/St. Paul airports, and hundreds of other enterprises big and small. A believer in online collaboration, Aaron is the founder of EnterpriseiOS.com, a technical community of iOS administrators.
Apple has introduced VPP Credit, a way for businesses to purchase Apps and iBooks using purchase orders.
Businesses can buy apps and books with a purchase order for use in the Volume Purchase Program. Volume Purchase Program Credit (VPP Credit) can be procured for a specific dollar amount and is delivered electronically to account administrators. Business customers can buy VPP Credit through their Apple purchasing account or through Apple Authorized Resellers.
More info coming soon.
[Editors Note: Aaron is on vacation this week, so a huge thanks to Ben for providing this big news.]
Looks like Apple has unveiled its new deployment programs.
Fraser Speirs has a good write up on his blog.
It can be downloaded from here.
This guide is for IT administrators who want to support iOS devices on their networks. It provides information about deploying and supporting iPhone, iPad, and iPod touch in a large-scale organization such as an enterprise or education institution. It explains how iOS devices provide comprehensive security, integration with your existing infrastructure, and powerful tools for deployment.
Understanding the key technologies supported in iOS will help you implement a deployment strategy that provides an optimal experience for your users. The following chapters serve as a technical reference you can use when deploying iOS devices throughout your organisation.
Apple today released iOS 7.0.6 with an important security fix:
Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
Available, as always, via Software Update. Direct download links for each build are in our database of iOS Devices.
AppleInsider notices a new Apple web site, http://volume.apple.com.
Enable your organization to:
- Automate MDM Enrollment
- Buy Apps and Books in Volume
What could it be?
[Editor's note: This letter from a member of our community brings up some interesting points. But as noted in the comments, the MDM providers are simply using the APIs provided by the device manufacturers.]
You all have it wrong. All of your products are good don't get me wrong! You enable us to protect our networks, provide our users with ease of use and ease of setup. You allow us to block or allow anything we feel is harmful (separate opinion about that). The thing you have wrong is wiping the phone after failed attempts at the password!
Why is this wrong?
- Whoever steals the phone knows this so they just enter random passwords and then have a usable phone to sell. That is until you figure it out or it is reported to you.
- If the end user forgets a lot of times the phone will wipe and they will continue to use it. Then a couple weeks later they bring you the phone saying that it isn't working right.
- While the user is using the phone unprotected they install their personal email or just text company information leaving your company at risk.
What the is the "right" way?
- After 10 (or whatever your specified time would be) wrong password attempts you lock the device with an alternate password that only the administrator knows.
- Each phone could have a different admin password that auto populates when you register the device.
- The password is only viewable in the MDM console.
- The phone can be unlocked with this passcode or through the MDM provided the end user answers the appropriate questions correctly.
- Also there should be a notification on the MDM and an email sent to the MDM admin. This would allow them to be a bit more proactive and give the admin some visibility to what is happening in their world.
I think this method is more secure for our data and protects the assets we place in the field mischief better. What are your thoughts?
What's the best way to get an App Store app onto many iOS devices? If those devices are supervised, the best way is to use MDM and Apple's new Managed Distribution method. I'll demonstrate how to do that using AirWatch below. (Other MDM providers have similar capabilities. Check with your favorite.)
- Make sure you will meet the requirements: VPP, MDM, Supervision, and a common Apple ID.
- Link your MDM provider to your Apple VPP account
- Invite your MDM "users" to your VPP program
- Use VPP to "purchase" apps (even free ones)
- Use MDM to deploy the apps to your users.
Before we start, are you sure you want to do this? Apple Configurator may be a much better solution for the "getting apps onto iPads and iPhones" problem, at least when all the devices are in the same room. But if the devices will be scattered far from the iGeek, then keep reading.
The setup is quite important.
- Make sure your MDM provider your platform version supports iOS 7's new Managed Distribution system. ("New" means November 2013.)
- You'll need to create an MDM user who will own all those devices. You will want to make sure this user is in a new location group.
- You will need to set up an iTunes Volume Purchase Program account for your business or school. Note this requires a new Apple ID, a DUNS number, a pound of flesh, some eyes of newts and toe of dog, and a few days for processing. OK, it isn't that hard, I'm just having fun.
- You'll need an Apple ID to share among your devices. You will want to use the technique to credit an Apple ID without a credit card. (I'm assuming you will be distributing only free apps to your devices, which means you can share the same Apple ID.)
Got it? Good. Now for every iOS device, you'll need to do a few preparation steps. (Hint: If you play your cards right, you will be able to accomplish all of the below in a single stoke.)
- Supervise it using Configurator
- Sign in to the App Store using the common Apple ID (restore a backup image with the App Store user signed in)
- Enroll into MDM (you can do that automatically using Configurator during the supervision process, at least with Casper Suite, AirWatch, MobileIron, and others.)
- Associate the device with the common MDM user (that should be a setting in MDM prior to generating the enrollment profile)
Link your MDM provider to your Apple VPP account
Sign into your VPP Account. In the upper-right corner, click on your Apple ID and then "Account Summary".
In the "Managed Distribution" section, download the VPP token. This contains the credentials your MDM provider needs to link to VPP.
Now log into AirWatch. Navigate to Settings > Apps > Catalog > License Based VPP. Double check you are looking at the correct location group.
Enter a name to describe this connection (I called it "Tekserve VPP") and upload the token. I strongly recommend "Automatically Send Invites" is NOT checked.
Save this config, and you now have linkage!
Invite your MDM "users" to your VPP program
Next step is to invite your MDM users to participate in the program. There is no assumption that the Apple ID is the same as the MDM user's email. In fact, Apple is pretty clear they don't want MDM (or the employer) to ever know an employee's Apple ID. Therefore the MDM system needs to send an email to the users, who click a link to accept enrollment in the VPP program.
I haven't yet figured out how to invite one user at a time, so we're going to have to invite EVERY user in the MDM location group. Now if you have been following carefully, you are working in a location group with only a single MDM user. Cool. Send the invitations by clicking the "(Re)Invite Users" button. There won't be a confirmation, but email will be sent to all addresses the MDM has on file.
Using your iOS7 device's browser, please click on this https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/associateVPPUse... to register for Apple's License Based VPP Program. Registering for the program will enable you to download applications purchased by your organization on your behalf.
Please contact your IT helpdesk if you have any questions: firstname.lastname@example.org
Clicking the link will open the App Store (on an iOS device) or the Mac App Store (on a Mac) and ask for an Apple ID and password.
This organization can now assign apps and books to you.
Use VPP to "purchase" apps (even free ones)
Next step -- there are a lot of steps -- is to use Apple's VPP to purchase an app.
The iTunes VPP store used to have only paid apps. Now it has free apps as well. Today let's install Tiny Death Star, a popular enterprise productivity app. So log into the iTunes VPP store, search for "death star", and "purchase" several copies. You can purchase as many as you want, it's free!
A paid app presents a choice for either downloading old-style redemption codes or new-style managed distribution. Free apps don't get a choice; managed distribution for all.
After purchase, Apple takes a few minutes to prepare your order. Wait until you receive email confirmation before continuing to the next step.
Use MDM to deploy the apps to your users
Back in AirWatch, click on Apps & Books > Applications > Purchased. Now you ask AirWatch to check with Apple, so click the "Sync Licenses" button. This part may take a short time, but in my test I just needed to refresh the page.
Once AirWatch is aware of the app, you can assign it to users. Click the twisted-arrow button.
AirWatch assigns these apps via smart groups only. This article is already way too long, so I won't explain how to create these.
Now decide how many licenses you want allocated to the group.
Now save the assignment. The last step is to publish the app.
In my experience, the app isn't quite ready to publish immediately. So if it doesn't work immediately, wait 15 minutes and try to publish again.
On my test supervised iPod, I get the Tiny Death Star app, automatically downloaded and without any prompts. It works! Woo hoo!
My unsupervised iPhone also received the Tiny Death Star app, and it isn't even enrolled into AirWatch. Hmm.
I understand part of this. I used my personal Apple ID for the test; the same Apple ID I used on my iPhone. Managed distribution works by adding the assigned apps to my Apple ID purchase history. And my iPhone has automatic app downloads enabled. But does this imply that unsupervised devices can also receive silent installs?
Looks like more exploration is needed.
Apple ignores the enterprise! So says the conventional wisdom. But I thought I'd share this slide with you guys. It was part of a presentation I gave yesterday to some business leaders at an Apple event in New York.
Every year Apple releases a new version of iOS. Every version of iOS includes new features focused on the enterprise. Every new release includes more new features than the year before.
Apple may not market to the enterprise, but they most certainly engineer to the enterprise.
The company that I work for just started using AirWatch. We have upgraded to 22.214.171.124 which allows us to use the Apple VPP program. I have everything set up in the Apple VPP program and have copied the token over to the AirWatch server. I tried "buying" a free app to test out the push to devices, however I can't get it to show up on the test iPad.
Is this because I need to test with a "paid" app as opposed to a free app?
Thanks in advance for any help!
I was wondering if anybody has any information around how certificates are handled in iOS and what iCloud retains?
In our environment we have an MDM solution which deploys certificate based ActiveSync and VPN profiles as well as other policies. We also have to manually install our internal root/intermediate certificates on the device which are required for the in-house iOS web apps and the Active Directory chain of trust over the MDM automated VPN.
Two things -
1) We discovered that in some cases one or two of the profiles would fail to install and after much troubleshooting it appeared to be solved by doing the following workaround steps -
Installing the manual certificates, re-booting the device, removing them cleanly, rebooting again and re-enroll the device to successfully bring down the profiles.
It also seems to suggest that the iCloud backup retains remnants of the certificates even when they are not present which comes down to the device or a new device but not sure how? e.g. If it's a fresh new device it was always work 100%.
2) Are you aware of what tools can be used to deploy these certificates over the air automatically?
Any advice greatly appreciated.
About This Site
- Comparison of MDM Providers (436,161)
- Complete List of iOS User-Agent Strings (155,302)
- Apple Configurator vs. MDM (85,691)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (85,587)
- Mobile Device Management (58,264)
- Absolute Manage (48,293)
- AirWatch (48,187)
- Apple Profile Manager (42,901)
- Gartner Magic Quadrant for MDM (2012, 2011) (35,719)
- iOS Device Management Open Source Way (35,142)
Comparison of MDM Providers
Forum topic added by danny33c 3 hours ago
Forum topic added by danny33c 3 hours ago
Story added by Aaron Freimark 21 hours ago
Forum topic comment by Johan Gunverth 1 day ago
Story comment by Aaron Freimark 1 day ago
Story added by Aaron Freimark 1 day ago
Story added by Aaron Freimark 2 days ago
Forum topic comment by benhuckle 4 days ago
Mobile Management Provider changed by Tim Williams 5 days ago
Wiki Page changed by stevestaines 5 days ago
Wiki Page comment by bruce.fyfe 5 days ago
Wiki Page comment by Meetme24 6 days ago
Forum topic comment by adehart 1 week ago
Forum topic added by rodrigof 1 week ago
Story added by Aaron Freimark 1 week ago
Story added by Aaron Freimark 1 week ago
Story comment by Uroshnor 1 week ago
Forum topic comment by Joshua Elvey 1 week ago
Forum topic comment by Asha 1 week ago
Mobile Management Provider changed by tlippert 1 week ago