MDM

Mobile Device Management

How to silently update enterprise app on supervised devices without VPP?

ryanwaggoner's picture
Your rating: None (2 votes)

We have a couple dozen iPads installed as kiosks at various locations, remotely managed via Meraki. We've used Apple Configuration to put the devices in supervised mode, however, we did setup a shared Apple ID that all the devices were logged into upon setup, and we also set passcodes on the device.

Our kiosk app is an enterprise app, and I'm pushing from Meraki by creating a managed app linking to our manifest.plist file.

However, as we push out updates, we're getting inconsistent behavior. What I'd like is to have the app silently update without any user intervention, which does sometimes happen. But sometimes it requires the user to accept the update. I don't believe we've been asked to re-enter the password, but I'm not sure, as I have to wait for the user reports to trickle in from the various locations.

Again, we're not using VPP, which is what all the silent update sources I can find seem to assume. Just a standard enterprise distribution app.

Would love any suggestions!

MDM Server Development

Dvelopin's picture
No votes yet

Good Day All,

So I have been investigating the world of MDM and trying to learn how it all works. I found an older guide online on how to host your own internal MDM server. I followed the guide until it got to the point of building your mobileconfig file which will be used to configure devices to talk to your MDM Server.

Everything I can find is always reference the old tool, iPhone Configuration Utility. This is no longer available.

I can't seem to find anything which talks specifically about using Apple Configurator 1 or 2 to generate this mobile config. Looking at Apple Configurator, there are no options available to specify an MDM Server. Is there something I need to do to "flip the switch" to turn on MDM in the profile I am trying to create? Or should one use something else for this?

I read about using OS X Server and Profile Manager to do this, but am having issues logging in to Profile Manager, for some reason. Not sure what password to use?

If anybody has a more up to date guide or instruction they can provide on this, that would be extremely helpful.

I have my enterprise iOS account setup, I have MDM enabled, I have my push certificate, and I have a domain on the web with SSL installed and ready to go...I just can't get my mobileconfig generated.

So if anybody has the way to do this, and I believe we need to also "sign" the mobileconfig file too, correct? If so, how?

Thank you so much!

Seeking EMM/MDM that can update, change, push apple id to ios devices

ScottBenson's picture
No votes yet

Hello

I'm currently working with 130ish ios devices across 34 locations. The devices are shared between users at the locations so I have an apple id for each location and configure the devices in that location with the apple id. I would really really like a way to be able to remotely assign apple ids to devices through EMM or MDM. Does anyone know of any solution that offers that capability?

Thanks,

Scott

Which MDM's support iOS Managed App Configuration?

Jan Melander's picture
Your rating: None (1 vote)

Hi,

We have a couple of apps functioning as lightweight clients to selected tasks in our Enterprise system, and to ease the deployment we are adding the option of pushing certain configurations using the technique Apple defined in iOS7.

But now I'd like to test this in the real world and thought I could find a MDM system that has a trial version were I could try this out on. But so far I haven't found many MDM's that actually say that they support this feature?

What are Your experiences?

Which MDM systems lets us manage App configurations?
(I'd to tell our customers which systems works and which don't)

And are there any that has a free tier/trial version?

Regards,
Janne

Bushel is now Generally Available!

Your rating: None (3 votes)

Bushel, an Apple device management solution, powered by JAMF Software, today announced general availability, expanding Apple device management to businesses of all sizes. Bushel is a cloud-based solution designed to make it simple and quick for regular people to complete their management tasks, including Apple device setup, security and usability. The software had been in beta for some time now, and users could use it on an invitation-only basis. Bushel has just today become generally available to the public to sign up for either a free or paid account. You can find out more and sign up on the Bushel website.

MDM invitation accepting

No iDea's picture
No votes yet

Thanks to all the people on this forum I've been able to create and verify 500 AppleIDs. I now have the task of enrolling them in our MDM. As I have used + addressing for the AppleIDs all the email invitations go to one mailbox. I've attempted to cannibalise the creation and verification scripts that already exist and can get it click on the link in the email, this opens the Mac App Store and prompts the user to log in. The script fills the email and password out and clicks OK. This is where I get a problem. The App Store then just loads a blank page with the message

Your request produced an error.
[newNullresponse]

but the account seems to be signed in. Has anyone seen this or can shed any light on why it's happening?

Removing apps that were not pushed out through MDM?

winkdtm's picture
No votes yet

So I have a few iPads that are out in the field now. They are supervised and enrolled under our MDM service. Additionally, we've pushed out a handful of apps to all the iPads. Originally they were setup without restrictions and we've since wanted to add some restrictions. So while they've been out in the field some people have downloaded games and other unnecessary apps. I'm wondering if there is a way to remove any apps that were installed though the App Store by the user but keep any apps that were pushed out through our MDM.

Thanks

Mdm deployment question

Sjday's picture
No votes yet

Hi

I have a newbie mdm question

I am currently investigating the best way to distribute iOS developed apps to customers who use
an mdm solution

Most of them provide two options

App wrapping

Build with their Sdk's and deploy via a marketplace

Whilst option of app wrapping seems a simpler option i don't believe this fits my use case
as we would need to provide the signing certificate ,including its private key ,which we don't
want to do as its a security issue

Therefore building the app with the mdm providers SDK and providing it to the potential
customer via the mdm providers marketplace seems the best and only solution

Can someone confirm my thinking ?

Many thanks

Simon

MDM tutorial

sathiskumar subramaniyan's picture
No votes yet

HI,
I'm ios developer and having exp in IOS MDM.

I need to learn Mobileiron and Airwatch MDM.Pls share any documents to learn.

can a sideloaded app with apple configurator be independantly updated by another apple id?

dvincent's picture
No votes yet

i have a question about the nature of app updates on iOS7 that are sideloaded using the apple configurator. Is there any technical reason why apps sideloaded on an iOS 7 device cannot be later updated with another signed in apple id?

i looking into sideloading the MobileIron MDM client using the apple configurator, but only if the mobileiron mdm client can be updated from the apple app store using the owner's own personal apple id?

Does anyone have any experience with sideloading MDM client ipa files using the apple configurator?

Regards,

Dave

Beyond the Keynote: Apple's Detailed Enterprise Presentation Videos from WWDC 2014

Your rating: None (4 votes)

WWDC has always been the one time each year when Apple peels back the curtain of secrecy and previews what is to come. That is if you were one of the lucky ones to score a ticket. But in 2014, in what I think is an unprecedented display of openness, Apple has released every video of every WWDC session online and to the public. Last year, you needed to be at least a member of the developer program to view these. This year everyone can see.

Here are the three most directly focused on Enterprise. I hope you take the time to watch and comment. They really are worth your time.

Managing Apple Devices


Learn about the latest developments in managing Apple devices in an enterprise environment. Learn how MDM can be used to wirelessly configure settings, monitor compliance with policies, install apps, and remotely wipe devices, and how these capabilities can be integrated with in-house or third-party server solutions.

Building Apps for Enterprise and Education


Learn about data security, enterprise authentication, integration with back-end systems, app configuration methods, and the latest technologies for interacting with documents, accessories, and more. Get helpful tips for constructing your apps to meet the needs of schools and educators, as well as key requirement from IT. Perfect for everyone looking to get their apps in the hands of business professionals, educators, and students worldwide.

Distributing Enterprise Apps


Learn how to provision and deploy apps across your enterprise. Leverage key Apple programs such as the Volume Purchase Program and the iOS Developer Enterprise Program to get the right apps in the hands of your employees, contractors, and partners. Learn how to manage certificates and provisioning profiles to deploy your apps, and take advantage of mobile device management (MDM) tools to provide a seamless experience for your users. Gain insight into the complete app management lifecycle; from signing your in-house apps in Xcode, to distributing, managing, and revoking apps across your workforce.

AppleTV Import Placeholders Profile Manager

Your rating: None (2 votes)

While importing a placeholder for some iPads I was peeking through profilemanager.log , when I found this gem.

[351] [2014/05/22 16:17:21.942] I: Imported placeholder device "MH-Gary Ho_iPad Mini45", SerialNumber=F7NMXXXXXX84, IMEI=, MEID=, UDID=, DeviceID=, AirplayPassword=

What I did next was add a new column AirplayPassword= to the placeholder CSV and put a password in.

Uploaded the placeholder for an AppleTV and it added the Airplay password to my AppleTV Device in ProfileManager.

Just yesterday I added 20 AppleTVs to Profile Manager, I could have saved a few steps.

MDM that works with DEP?? (May 22, 2014)

HCCSC John H's picture
Your rating: None (3 votes)

Anybody's MDM working in the real world with DEP to deploy units yet? Ours has not released their DEP version as of yet (May 22 2014) nor have I seen a real world demo of this method actually working. Getting a tad nervous as our summer IOS reloading plans and being set soon and yet to see this method actually work and what the ins and outs are of using this loading method on Student IOS devices. Shock

MobileIron and Good confirm invulnerability to "Heartbleed" OpenSSL attack (updated with more providers)

Your rating: None (3 votes)

We've been following the recent disclosure of a massive OpenSSL bug and its affect on MDM. This is a potentially major issue for device management. Due to the trust chain of Apple's APNS, an exposed MDM server may require all devices to be unenrolled and reenrolled by hand.

We've heard good news so far (excuse the pun) from two three four providers:

Good Technology says:

Good Technology has confirmed that the versions of OpenSSL used by all Good servers and applications are not subject to the Heartbleed vulnerability.

MobileIron says (courtesy of EnterpriseiOS user MaciekSA):

  • All released versions of VSP, Sentry, Connector, Atlas, Connected Cloud and cloud-hosted BYOD portal are NOT affected by the vulnerability and NO action is required by our customers.
  • The on-premise BYOD Portal MAY by affected by the vulnerability, depending on the version of OpenSSL that is packaged with your version of Linux currently installed on your BYOD Portal server.

Update 4/10 5:50p: Maas360 is also fine.

Update 4/10 10:43p: AirWatch is also unaffected. See this VMWare KB article.

Update 4/11 4:02a: TARMAC is also unaffected. See this notice in German.

Update 4/14 2:25p: SOTI is also unaffected. See this notice.

I've reached out to other vendors but have not yet heard a response. If you have any news please share below, and I will update the thread.

It is worth repeating that the vulnerability is not the fault of the MDM vendor and not the fault of Apple. It's in a library of cryptographic functions that is very commonly used within other applications.

Apps Supporting Managed Configuration

No votes yet

Managed Configuration is a feature introduced with iOS 7, and increasingly supported by MDM providers. It allows an iOS app to receive configuration from an MDM service. The MDM service sends a plist dictionary of keys and values to the app on installation. Some MDM services allow token substitution in the values. This enables a username, for example, to be automatically sent to the app so the user does not need to type it in manually.

In theory any app supporting the native preferences system will automatically support managed configuration. In practice some apps are designed with the feature in mind. Below is a list of apps we have found to support this feature.

Please feel free to edit this wiki page and add to the list.

App Instructions More Info
Acronis Access formerly GroupLogic mobilEcho    
Box for EMM    
Casper Focus instructions  
FileBrowser for Business instructions  
Wandera MDO   demo
WebDAV Nav+ instructions troubleshooting
Foldr Airwatch Instructions, JAMF Capser Instructions  

Recent Activity