AirWatch and managed deployment? Anyone?

Aaron Freimark's picture
Your rating: None (1 vote)

Hopefully in the next day or two I'll be able to post a walkthrough of how VPP managed distribution works. But at this moment I'm stuck. On my AirWatch instance, everything works until the last step: I can get AirWatch to push the app to my iTunes purchase history. I've opened a ticket but no luck yet.

It is probably something peculiar about my configuration, but I figure I'd poll the group. Have any early adopters successfully used AirWatch & the new VPP?

Apple Launches "Managed Distribution" for App Store Volume Purchase Program (VPP) for Business and Education

Your rating: None (10 votes)

Apple tonight updated its app Volume Purchase Program with several long-anticipated and important additions. The updates introduce a new "managed distribution" of apps to iOS 7 devices, allowing assignment and revocation' through Mobile Device Management. Here are the highlights:

  • Works with most apps available in the public app store (both paid and free), custom B2B apps created for your organization by 3rd parties, and books from the iBooks store
  • Either download the legacy redeemable codes, or use managed distribution to link your MDM server to have reassignable apps
  • Managed distribution allows your institution to maintain ownership of the apps. Revoke apps from users when no longer needed, and reassign the licenses to different users.
  • Managed distribution requires iOS 7 and a suitable MDM.
  • MDM providers must be updated to work with the new system. Expect announcements over the next days and weeks.
  • App assignment does not reveal the individual's Apple ID to the institution.
  • Assigned apps are installed automatically on supervised devices. Unsupervised devices show a prompt to install.
  • Education customers will be able to purchase by Purchase Order "coming later this fall". The rest of us need a credit card.
  • Education customers are able to set up multiple administrators. The rest of us use a single login.
  • Available in Australia, Canada, France, Germany, Italy, Japan, New Zealand, Spain, United Kingdom, and United States.
  • Unused codes and codes redeemed by Apple Configurator may be migrated to managed distribution.

There are new web pages on VPP for both business and education. There is also a VPP Guide for Business and VPP Guide for Education.

We'll have more information coming soon.

Single-User/Multi-User iPads: Are we doing it right?

jlscott's picture
Your rating: None (2 votes)

There’s quite a lot of information around but no definitive setup and scenario guides, so I thought I’d run this past the community for your thoughts and tips.

We support an Acute hospital who’s thirst for iPads seems unending! To help us manage them we’ve bought Airwatch, in conjunction with using Apple Configurator. There are essentially two scenarios we’re challenged with: a dedicated user / individual and a team or shared device situation.

The dedicated user or individual is easy enough – we get them setup with an Apple ID using their work email (to keep it separate from any home accounts) and enrol them into Airwatch without touching Apple Configurator. Users buy their own apps, although we’re hoping through the enhanced VPP to be able to offer this centrally. We are starting to remove the App Store though, and only provide a route to purchasing and installing apps via the internal Airwatch App Catalog, allowing us to risk assess apps prior to making them available. With our current setup, we’re losing out on some of the management functionality available with supervision, so we’re considering putting that step into the process first – supervise the device then enrol as normal. We don’t install apps with Configurator because we want to avoid the situation where users cannot update an app because it’s tied to our Apple ID.

The second scenario is one or more iPads shared and used by a group of staff (team based). We believe these should be locked down more tightly than for dedicated users. Quite often there is a need for some additional apps to be installed, so we were considering loading this via Configurator at the time of deployment. But this means any updates or new apps require the device be returned to IT for a refresh. So we’re considering setting up a team / generic Apple ID, which the target group of users own and maintain, but which allows them to receive apps and updates over-the-air. This would give them freedom to configure their own payment method, or allow us to assign apps purchased through VPP. I guess the only problem we’d encounter is hitting the limit (10?) on the number of devices an Apple ID can be associated with.
So, that’s where we are currently.

Any thoughts, suggestions and comments would be greatly appreciated!

How IT can cope with Activation Lock: a step-by-step guide

Your rating: None (3 votes)

User clifhirtle has contributed an awesome post on how to deal with Activate Lock.

As far as I know this is not advertised anywhere but confirmed directly with Apple last week that if you have a corporate-owned device and no access to the iCloud account a past employee used, you can also call AppleCare enterprise support and prove ownership to have the device unlocked on Apple's side directly. Here's a standard Activation Lock process I put together for our IT support team...

Resolving iOS Activation Locks

Apple offers a FAQ for Activation Lock at the following page:
iCloud: Find My iPhone Activation Lock in iOS7 (

It is critical to understand that as of 10/13 there are only 3 means of preventing a NON-supervised iOS 7 device with Find My Phone enabled from locking activation:

1) Deactivate Find My Phone on device before erasing data (requiring access to device).
2) Remove device from the iCloud account has been activated with (requiring Apple ID credentials).
3) Remove Lock through Apple Enterprise Support (requiring proof of ownership).

To prevent activation lock out on company-owned devices that are returned/retired follow these steps:

Scenario 1: Device is Returned by Not Yet Wiped
Users/IT deactivates Find My Phone from Settings > iCloud > Find My Phone before erasing/wiping the device.

Scenario 2: Device is Returned by Already Wiped
User must follow Apple's deactivation directions, log into their iCloud account, and remove the device from their list of iCloud devices.

Scenario 3: Device is Returned, Already Wiped, Previous User Unknown/Unreachable
IT / Enterprise Mobile must call Apple Enterprise Support and put in a request to for activation lock reset (2-3 day expected turnaround)
Contact: 866-752-7753. Provide purchase date of device, invoice number of purchase, business name + postal address, and both IMEI and serial number of device (obtainable by tapping the "i" icon lower-right corner of initial iOS setup screen).

Please continue the discussion in our forum.

Apple Configurator for iPad Deployment — Language and WiFi Setup still asked?

Amy Wilson's picture
Your rating: None (1 vote)

I have setup deployment of supervised profiles using apple configurator. IPads are still prompting upon turning them on for Language preference and WIFI connection. Is there anyway to preset those settings so that these prompts do not occur? I had been able to do just that when IPADS were at IOS 6, but have not been able to do this in IOS 7. Perhaps I am missing a setting somewhere.

Apple Configurator 1.4.2 improves configuration and MDM enrollment of Apple TV

Your rating: None (1 vote)

The App Store is tonight listing an update to Apple Configurator, everyone's favorite iOS deployment tool. Today's update, 1.4.2, "improves configuration and MDM enrollment of Apple TV." The update to the free app is in the Mac App Store.

What? You didn't know that you can manage Apple TVs? Those little devices run iOS just like your trusted iPhones and iPads. And they accept many of the same configuration profile keys as their big brothers do.

To manage an Apple TV, you will need a micro USB cable. (Maybe you have one to charge that Android phone you never use.)

Launch Apple Configurator, then connect your Apple TV via USB. If you have a 2nd Generation Apple TV, USB is the only cable you need. If you have a 3rd Generation Apple TV (the one that does 1080p) you will need the power cable as well. Configurator will launch the "Apple TV Assistant."

(Now that said, I tried it and Configurator didn't see my Apple TV. Maybe it will work tomorrow?)

Are there any public app store MDM solutions?

studiobrain's picture
No votes yet

Are there any public MDM solutions (MDM providers that will provision profiles on an app store purchased app)? Once a user downloads, installs the app, and okays the provisioning, I need a service provider that will allow the .mobilconfig file to be created by user inputs and then returned from MDM for user to then install/download. I have looked into OSX profile manager but Im not sure how many devices / profiles it can support before crashing, and I dont like the ide of leaving the app in order to enroll via a url / browser.

Any direction and help is always appreciated.

iOS 7.0.3 porvides resolution to "Unsupervision" of upgraded devices!!!

mscheid13's picture
Your rating: None (1 vote)

Quote from Apple KB article found here:


Users with supervised iOS 6 devices

For devices that have not yet been updated to iOS 7, upgrade from iOS 6 to iOS 7.0.3 over the air. The devices will remain supervised.

Users with unsupervised iOS 7 devices

For devices that have already been upgraded to iOS 7 and lost supervision, AppleCare will create a profile to re-supervise your devices. This profile will require the serial numbers of the affected devices and verification of ownership. To verify that a device is supervised, see this article.

Collect the serial numbers of affected devices. To export the serial numbers of devices supervised by an Apple Configurator station:Optionally, if you want devices to be able to connect to a specific Apple Configurator station, export a Supervision Certificate. To export a certificate in Apple Configurator version 1.4.1 or later, hold down the Option key and choose File > Export > Supervision Certificate.
Go to the Supervise tab.
In the Supervised Devices list, select either All Devices or a Device Group which contains all the devices that have lost supervision. You can include a device even if you are not sure if it has lost supervision.
Choose Devices > Export Info....
Select Device Information and check the box for Serial Number.
Click Export and save the file.
Contact AppleCare and ask to speak to an Enterprise Support Advisor for instructions to submit your serial numbers and any necessary Supervision Certificates. AppleCare will require proof of purchase information if the devices were not purchased directly from Apple.
AppleCare will validate your proof of purchase information and create a customized Re-supervision Profile for your organization.
Update your devices to iOS 7.0.3.
When you receive the Re-supervision Profile, install it on your devices using the enclosed instructions.
After the necessary profiles are installed on your iOS devices, they will again be supervised.


Supervision Certificate A certificate that identifies your Apple Configurator station to an iOS device.
Supervision Profile A profile created by Apple Configurator used to supervise iOS 6 devices.
Re-supervision Profile A custom, Apple-signed profile used to re-supervise specific devices that lost supervision upon upgrading to iOS 7."

Today is a day that has been a long time coming! I will be testing and waiting a few days before I fully deploy!

About the security content of iOS 7.0.3

No votes yet

iOS 7.0.3 fixes three lock screen bugs. Get the details in this knowledge base article.

Apple Configurator 1.4.1 released… Bug fixes and new options to skip setup steps

No votes yet

So many updates, so little time!

Apple has updated its iOS mass-configuration tool Apple Configurator to version 1.4.1. The release notes:

What's New in Version 1.4.1
Apple Configurator 1.4.1 contains improvements and bug fixes including:

  • Configure which Setup Assistant steps will display during device setup

To get an idea of what that means, take a look at the "Setup" tab in the "Prepare" tab:

When you turn on a new iPhone or iPad for the first time, it runs through a series of (many) setup screens to configure initial options. But using Configurator and/or MDM, you've always been able to configure many of these options yourself. So those setup screens are often redundant. Well, in Configurator 1.4.1, they are redundant no more.

I'm looking forward to the unspecified "bug fixes". Personally, I had Configurator 1.4 whipped into submission for my needs. But there is always room for improvement.

Apple updates the Configuration Profile Key Reference to include iCloud Keychain

No votes yet

One of the canonical documents for iOS management is Apple's Configuration Profile Key Reference, available to all on Apple's developer site. In honor of OS X Mavericks and iOS 7.0.3 today, Apple has updated the document. The notable change? "Added information about the keychain syncing restriction."


iOS 7.0.3 released. Fixes a swarm of bugs including Supervision; adds iCloud Keychain

No votes yet

Along with all the products today, Apple has released iOS 7.0.3 for all iOS 7-capable devices. (For download links, see our database of iOS Devices.) From the release notes:

This update contains improvements and bug fixes, including:

  • Adds iCloud Keychain to keep track of your account names, passwords, and credit card numbers across all your approved devices
  • Adds Password Generator so Safari can suggest unique, hard-to-guess passwords for your online accounts
  • Updates lock screen to delay display of "slide to unlock" when Touch ID is in use
  • Adds back the ability to search the web and Wikipedia from Spotlight search
  • Fixes an issue where iMessage failed to send for some users
  • Fixes a bug that could prevent iMessage from activating
  • Improves system stability when using iWork apps
  • Fixes an accelerometer calibration issue
  • Addresses an issue that could cause Siri and VoiceOver to use a lower quality voice
  • Fixes a bug that could allow someone to bypass the Lock screen passcode
  • Enhances the Reduce Motion setting to minimize both motion and animation
  • Fixes an issue that could cause VoiceOver input to be too sensitive
  • Updates the Bold Text setting to also change dial pad text
  • Fixes an issue that could cause supervised devices to become un-supervised when updating software

For information on the security content of this update, please visit this website:

That last one about supervision could be very interesting. We've heard of several organizations bitten by that when they first upgraded.

Please post your iOS 7.0.3 experiences here.

The new iPad lineup: Our rundown of what is and will be available

Your rating: None (2 votes)

Apple announced plenty of product updates today — you can watch the presentation online if you want, or see the tech specs for both the iPad Air and the iPad mini. (Note for those with OCD: "Air" is capitalized, "mini" is not.)

Apple has a clear but lengthy comparison of models online. Here's our summary:

Spec iPad Air iPad mini retina display iPad 2 iPad mini
CPU A7+M7 motion A7+M7 motion A5 A5
Weight 1.0 lb 0.73 lb 1.33 lbs 0.69 lb
Dimentions 6.6 x 9.4 x 0.29 in 5.3 x 7.87 x 0.29 in 7.31 x 9.5 x 0.34 in 5.3 x 7.87 x 0.29 in
Display 9.7 in 7.9 in 9.7 in 7.9 in
Resolution 2048 x 1536 px 2048 x 1536 px 1024 x 768 px 1024 x 768 px
Battery 10 hours 10 hours 10 hours 10 hours
WiFi 802.11a/b/g/n + MIMO 802.11a/b/g/n + MIMO 802.11a/b/g/n 802.11a/b/g/n
GPS Cellular model only Cellular model only Cellular model only Cellular model only
Connector Lightning Lightning 30-pin Lightning
Colors Space Gray, Silver Space Gray, Silver Black, White Black, White
Availability November 1 Later in November Now Now
Models 16 GB WiFi: $499 16 GB WiFi: $399 16 GB WiFi: $399 16 GB WiFi: $299
  32 GB WiFi: $599 32 GB WiFi: $499 16 GB WiFi+3G: $529 16 GB WiFi+3G: $429
  64 GB WiFi: $699 64 GB WiFi: $599    
  128 GB WiFi: $799 128 GB WiFi: $699    
  16 GB WiFi+Cellular: $629 16 GB WiFi+Cellular: $529    
  32 GB WiFi+Cellular: $729 32 GB WiFi+Cellular: $629    
  64 GB WiFi+Cellular: $829 64 GB WiFi+Cellular: $729    
  128 GB WiFi+Cellular: $929 128 GB WiFi+Cellular: $829    

Note none of the iPads have Touch ID, the fingerprint reader. And none are available in gold. Get an iPhone.

Apple Announcement Day! New iPads today? Find out at 1 ET/10 PT

Your rating: None (1 vote)

It is Apple Announcement Day! It has been almost exactly 1 year since the iPad 4 and iPad mini. Time for a refresh? Thinner, lighter, faster, longer battery life, more pixely, more biometric... We will find out at 10 PT/1 ET. Apple is broadcasting this announcement live via Apple TV, and perhaps via web stream too. If you don't have the attention span for video I recommended live blogs at [ Ars Technica] or [ Engadget].

It won't all be iPads, since we expect the release of OS X Mavericks too. But even that give us a perk: iCloud Keychain syncing, saving and syncing passwords and credit cards to all your devices. Depending on your point of view, iCloud Keychain will be an convenient enabler of complex, unique passwords, or it will be a security nightmare. Let's see.

I'll try to tweet the highlights at @EnterpriseiOS — follow along for the fun.

Users Removing iPad Configuration Profiles

Karl Rivers's picture
No votes yet

Hi all,

Just to 100% confirm this before I inform my users. Can you confirm for me that there is currently no way to prevent users manually removing configuration profiles that have not been deployed by Apple Configurator?

One person I spoke to claimed he had managed to stop MDM profiles being removed by using a certificate, but I can't find any reference to this anywhere else.



Recent Activity