Mar 08 2017
Mobility

How Apple Configurator Can Streamline BYOD Device Deployment and Management

These five tips will help you manage iOS devices across the enterprise.
by

Jesus Vigo, a network administrator in Dade County, Fla., is a member of the CompTIA SME Technical Advisory Committee and owner of the Mac|Jesus, consultancy. 

A well-established workflow can simplify even the most daunting of iOS device deployments by efficiently leveraging the resources available.

Bring-your-own-device policies are bittersweet for the IT team since it doesn’t normally have full access to devices that will use valuable network resources. The trade-off, however, is that the IT team is not responsible for actively managing those devices. When IT is responsible for provisioning devices, such as Apple iPad devices and iPhones, things can quickly get hairy without a plan.

Luckily, Apple has developed Apple Configurator 2 (AC2) for the purpose of helping IT pros configure mobile devices so that they maintain a grasp on the core operating system while giving workers the highest level of usability on their company-owned devices.

Here are five ways to help standardize device preparation.

1. Use Profiles to Streamline Configurations

A user can customize many settings in iOS manually. But IT tends to keep settings regulated to ensure compatibility across devices. These standards typically include wireless network settings, passcode requirements for device security and mail settings so that users need only enter their username and password to connect to Exchange servers.

With AC2, the IT team can export profiles in the .mobileconfig format. That way, the IT team can maintain them for later use or save them to a company intranet page, for example, from which authorized users can download them directly to their devices.

2. Create Blueprints for All-In-One Device Provisioning

Just like blueprints are used by contractors to build homes, Apple’s digital version of blueprints will let IT staff pull together settings, profiles and applications into templates that can then be applied to iOS devices.

The beauty lies in the simplicity. By creating templates for each device type, all the necessary components can be stored locally and then pushed to a new device so that it contains all company-deemed essentials upon boot.

Blueprints can be granular in scope, with specific iOS devices targeted, or less restrictive templates may be used that apply to all iOS devices for greater compatibility.

3. Supervise Devices for Ultimate Control and Flexibility

Two modes are offered when provisioning devices: supervised and unsupervised. Both are effective in their own respects, but only supervised offers the maximum level of flexibility while securely locking down the device in a management capacity.

Supervised devices are upgraded to the latest version of iOS and, depending on the settings enabled, are prevented from being managed by unauthorized systems. The IT team can also use this mode to allow for remote management through mobile device management solutions. For iPads, the supervised mode can allow for multiple users.

4. Establish Company Branding on Devices

While not a management aspect for devices per se, AC2 allows a business to modify device names, wallpaper and home screen layouts to include specified images and naming schemes.

These are managed together so that the IT team can create virtually identical appearances across devices that incorporate company branding.

5. Tap the Advanced Actions for Special Circumstances

Apple has thought of just about all scenarios, including the rare times when a user gets locked out of a device, for example. With the ability to clear pass codes on supervised devices or save unlock tokens for highly secured devices, IT can circumvent security to regain access to a device without compromising the integrity of the data stored on it.

Speaking of secured devices, backups are — by default — not protected. Yet that can be changed by enabling encryption of backups, which forces a user to enter a password to encrypt backups made from the device; consequently, it requires the password for restoring the backup as well.

Lastly, there is a single-app mode that functions much like it sounds: enabling a single, pre-selected app to run on the device, effectively ignoring all others. This is helpful for devices used exclusively for presentations, in restaurants for mobile payment systems or as a kiosk-mode in specific use cases.

From a manageability viewpoint, AC2 offers multiple layers of security and customization in standardizing deployments. Best of all, the IT team can mix and match modes to provide the appropriate level of coverage for different groups of users across an organization’s company’s enterprise environment.

ctrlaplus/ThinkStock (icons); David Vogin (illustration)

More On

Related Stories

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now