Using MobileIron in a managed scenario (no self-service)

Clark Kent 1974's picture
No votes yet

Hi everybody !

I have a case to share with you.

The situation is the following. iPads are supposed to serve for kiosk activites. The users should not have to deal with an Apple ID, the App Store... They will only use in-house apps regularly pushed to the devices by the MDM (users only have to accept the installation).

I have two questions in such a situation.

As soon as no App Store apps should be installed on the devices, what about the MobileIron MyPhone@Work app ? Is it possible to bypass it (to not install it) and only use the Web portal to enroll the devices.

The idea is to deliver the iPads ready to use. So the iPads are supposed to be enrolled at the main location, then sent to the users locations. My problem is that if they opt-out, they will have to enroll them again. At the main location, it would be quicker to use the same account to do the enrollment... don't know if it's a bad idea. If the user opts-out, one solution would be for him to contact the support who would give back a "maintenance" username/password to re-enroll.

I'm ok with the idea that these problems would not exist in self-service situation.

Hoping that someone of the forum would like to share experience !

Best regards.

Android MDM Agent Administration Problem

bksnmz's picture
No votes yet

I'm working on an MDM project and comparing, nearly all of them, MDM softwares. I have a problem that couldn't be solved by any of MDMs. Is there any MDM which restricts force stop or uninstall the agent from android device. I want to learn if any of MDMs make this possible or not.

Is it possible to push appstore applications using the IPCU configuration profiles?

farhanible@gmail.com's picture
No votes yet

I know that it is possible to invoke appstore application installs on a remote device using any of the MDM providers. From what I understand, the MDM api just pushes a configuration profile to allow this remote app installation. So, the question is, is there any documentation of what that XML config looks like?

I want to be able create an XML mobileconfig file and e-mail it to iOS devices for app installation. We don't have an MDM solution yet, and just want to do this in the interim. I know it's possible to send out a link to the iTunes application but, it would be nice to bundle everything (wifi settings etc.)into one mobileconfig profile.

Open source MDM vs commercialized MDM

kenneth's picture
No votes yet

Hi All,

I noticed there is an open source MDM system named Funambol. Has anybody evaluated this system against other commercialized MDM system, or have experience in using it? Would appreciate any knowledge sharing on this here.

Best

Data-focused App Development for the iPad Best Practices: A Kaplan Case Study

No votes yet

How can textbooks on the iPad revolutionize learning? Kaplan provides study guides and tutoring for standardized tests such as the SAT, LSAT, and GRE. Kaplan set out to digitize their study guides and found out that data on how your students read can revolutionize your product development. Maureen McMahon and Jeff Olson from Kaplan presented a case study in mobile content delivery and data-focused product development at O'Reilly's Tools of Change Publishing Conference in New York City.

Start With Studying Your Users

Before digitizing their first book, the first step Kaplan took was to study their existing customers. They knew they were the leading publisher in the space but had to study if their customers wanted digital books. They surveyed their students on which tablet they owned or were planning to purchase. They also started an ethnographic study of how students were using Kaplan's paper books. In talking to students about their studying habits and taking photos of how students highlighted the print, they discovered what students did with their books.

 Why Students Liked Paper Books

  • Need for tangibility & token of ownership: If it is physically in my life, I'm more likely to study.
  • Make markings/highlights to sustain attention: Some students highlighted almost the entire book.
  • Make markings as proof to self of completion: Even if they didn't read it throughly, they liked to mark the sections they had read through.
  • Keep markings as future study aid: Occasionally students would reference sections they've highlighted but much less often than Kaplan thought.
  • Make visual memory of content on page: Some students with a visual memory needed the colored highlight to remember materials ("that section was in blue").

"Everything You Can Do On Paper And More"

Kaplan decided that their goal was to take everything students could do with the print edition and surpass it on mobile devices. This included:

  • Multi-colored highlighting
  • Take Quizzes With Instant Feedback on Answers
  • Add Written Notes
  • Record Audio Notes
  • Sophisticated Search
  • Video of Professors Teaching Sections

Kaplan's First iPhone App Release

Kaplan outsourced book conversion and licensed a reader from Bluefire, which was compatible with Adobe software. They learned that their books were incredibly complex to convert and are bringing that process in house. They used technology from MarkLogic for distribution and data collection.

The reaction to the original iPod touch/iPhone App (released before the iPad came out) was not overwhelmingly positive. By asking their users for feedback, they learned a lot about the strengths and weaknesses of their assumptions. They decided to scale back their goals to the competitive advantage of eBooks – paper books are heavy. Their MCAT book set weighs 10.5 pounds whereas the iPad weighs only 1.3 pounds.

Study Your Users Even More

Kaplan moved to an agile development method. They gave away the digital book with the print edition so they could collect a lot of usage data and quickly iterate development. As of today, Kaplan is iPad only and hasn't gone back to the iPhone App format since their first release.

According to Kaplan's survey, 70% of the students had not used electronic textbooks in their high school and college coursework. Of the ones who had used digital textbooks, only 15% of early adopters had an excellent experience. More students have taken an online course (46%) than used electronic textbooks. When you ask students if they want analog or digital study aids, about half say they want some digital and some paper materials.

Data Drives Better Learning Outcomes

Traditional print books aren't able to "phone home" and tell you how their being used. Kaplan is now able to quantify and analyze how often students do the following actions:

  • Opening book
  • Going to table of contents
  • Navigating to a chapter
  • Annotations (highlights) made
  • Flipping pages to find something you're looking for
  • Turning the page/how fast pages are read
  • Which pages are referenced most
  • Going to the glossary to see the definition of a word

In the same way that other businesses have used data analysis to improve business outcomes, Kaplan is using their studying statistics to improve their content and change learning outcomes. They are able to ponder the learning implications of informative metrics for eBooks (click graphic for larger view of slide).

Informative Metrics from eBooks

Are we heading to a future where professors can actually tell that you do the reading? 

Will they be able to tell you did it quickly in the fifteen minutes before class? Kaplan plans to share student reading data with their instructors. Instructors will be able to see which sections their students are spending more time on and perhaps need additional converge in the classroom.

If you are in the business of developing products and you have this information, "it'll change your life." They had to reorganize into agile development teams to respond to the data. "There is no point in collecting this data" if you're not ready to implement changes around it.

Challenges for Digital Learning Development

  • Data vs. intuition: What are the things data won't tell us? What can't you measure?
  • Managing the fire hours of data: What are the metrics that really matter? Otherwise you will overwhelm your team with data that doesn't help them develop better products.
  • How will this change the reading experience?

Evaluating iOS devices/releases

BrandonEdling's picture
No votes yet

Hello! We're wanting to put together a model where we have a standard approach to evaluating iOS releases (major and minor versions) as well as new iPhone and iPad models when they're released. We have three main "sections" that we're needing to expound on: usability, supportability, security.

What do the rest of you do when new software and/or devices are released? How do you judge them as being supportable or secure in your environment?

Any input and advice is appreciated. Also, if you happen to have a template or document that details your approach, that is helpful as well!

Cheers,
Brandon Edling

Can the redemption codes be reused for the applications purchased through volume purchase program

kiranadvent's picture
No votes yet

Hi all,

If an organization buy an apps through volume purchase program, will they be able to use redemption codes. For example i have given an application to a business user with a redemption code. If he leaves the organization can i use the same redemption code for the new user.

Help me to get this information and any more information on this.

Kiran..

How to get remote viewing/control of the IPAD screen via internet or preferably 3G?

kenneth's picture
Your rating: None (11 votes)

Hi All,
Is there a software tool available on either MAC or PC to get remote viewing/control of the IPAD screen via internet or preferably 3G?
Best
Kenneth

Implement Secure web browsing with Airwatch

George's picture
Your rating: None (1 vote)

Hi, we have airwatch as our mdm software, and we are looking to generate a white and a black list of sites where our mobile users cant or cant navigate, ithere is a feature called secure web browser on airwatch, that can help you to achieve this, but i havent found where to configure this on the mdm admin console, does anybody have done this? Can somebody help?

Thank you vey much

Multiple Inhouse applications in AirWatch

Michel's picture
No votes yet

Hi All,
We have both Mobile Iron and AirWatch to manage our mobile devices (mainly iOs).
We have several InHouse applications to deploy but these applications don't have to be published to the same population and AirWatch is not flexible for our need. Let me give you an exemple :

We would like to apply to our users all possible scenarios :

- E-mail only
- Application A only
- Application B only
- E-mail + Application A
- E-mail + Application B
- Application A + Application B
- E-mail + Application A + Application B
...
If we want to do that with Mobile Iron, no problem, we create what they call a "label" for E-mail, another one for Application A, and another one for Application B... and apply the needed labels to a user. The problem is with AirWatch where we have to create a location group per scenario and enroll the user in the right location group for the policy to apply. This is a problem because we have more applications coming which means much more possible scenarios and that will be a nightmare to manage if we have to create one location group by scenario (App. A + App. B + App.C ...)
Is there something we did not understand in the way AirWatch handles applications deployment or is it just the way it works with AirWatch ?

Thanks for your help

Michel

How IT Departments Can Approach Bring Your Own Device Environments

No votes yet

Bring Your Own Device (BYOD) is an acknowledgement that the tools you could give your users aren't any better than the ones they already have. If your users already have iPhones, they won't want to use an Android phone. Plus, your users will hate you for forcing them to carry two devices that perform the same functions.

John Welch, Director of IT at a 200-person creative firm (Zimmerman Agency), spoke at the Mac IT Conference in San Francisco on the benefits of Bring Your Own Device and how he supports it. John stood out among IT Directors at the conference by stating that his job is to say "yes" whenever possible. IT departments of the past have been about control and locking down devices whereas he comes from the perspective of enabling people to do their jobs however they wish. He is also the author of iOS in the Enterprise.

The Benefits of Bring Your Own Device (BYOD)

  • Saves your budget on buying devices. You'll need to buy the MDM solution either way but you can save some serious money on devices.
  • Makes your users happier because they don't have to carry two devices that do the same thing. Happier users are more likely to work cooperatively with you.
  • Saves your time on training users on how to use devices they don't already own. You'll have fewer support calls to answer.

The Disadvantages of BYOD

  • You can't really lock down someone's personal device.
  • If they decide to upgrade the device or change carriers, you don't have control over that.
  • Less device consistently, which means you may have to support Windows Phone, etc.

When Does BYOD Not Work

  • Sarbanes-Oxley and HIPPA environments may not allow for BYOD.
  • High-security areas, such as work places where you are not allowed to use a phone with a camera.
  • School environments may not work because your end-users may not be mature enough to mange their own devices.

The Compromise To Support Any Device

  • At the Zimmerman Agency, employees can bring in any device that supports IMAP & SMTP for email.
  • In exchange the user has to register their iOS device with the MDM solution. They also are asked to use Exchange ActiveSync instead of IMAP.
  • Devices are setup to allow remote wipes in case of loss. Users are educated that they don't have to freak out if their device goes missing because they can text or call IT to have it wiped.
  • Some users went from using 1-2 IP addresses on the corporate network to up to 5. You may have reconfigure your DHCP server, especially for wireless access points.

Many companies specify a limited range of devices for BYOD so that it's easier to deploy mobile device management solutions and support. What challenges and advantages have you seen with Bring Your Own Device environments?

Photograph by Miki Yoshihito.

Lessons Learned from Large-Scale iPad Deployments in Education

No votes yet

How does a Windows-centric schools district deploy over a 1,000 iPads to elementary students not old enough to legally have an Apple ID? How do you get high school students to come to IT voluntarily if they jail break their device? How do you prevent iPad damage in schools? All these questions and more were answered by Cecile Lelievre from Brandeis Hillel Day School Maribel Guizar-Maita from Alum Rock Union Elementary School District in Santa Clara. Both deployed over a 1,000 iPads in their schools and shared lessons learned during a panel moderated by JAMF software at Mac IT Conference 2012.

Apple ID Strategies for Large iPad Deployments
Cecile used a combination of personal Apple IDs and JAMF's Casper Suite to offer high school students a blend of choice. Each student had an Apple ID tied to their parent's credit card so they could buy content they wanted. Apps that the school district required the student to own were available via JAMF's self-service center. Once the App is gifted to the individual's Apple ID you can't get it back so they had to expense it similarly to buying paper for students that isn't returned.

Maribel's school creates Apple IDs per grade level. Only approved applications can be downloaded and all applications are pushed via JAMF. When working in a grade school environment you must keep in mind that students under 13 can not legally have an Apple ID. This is was an additional reason why they manage all the Apple IDs.

Backup Strategies for iPad Deployments
Maribel's school gives each classroom a Bretford iPad cart with a MacBook. The iPads are backed up to that MacBook when plugged in each night. Cecile ran into problems with students taking their iPad home and syncing it with their home computer, which blew away the institutional image. She prefers Apps that sync their data online because if students accidentally sync their device at home and erase it, they don't lose the data on the device.

Who Chooses Which Apps Are Used
The school chose an assortment of Apps that covered many areas. Then the teachers can suggest Apps for their classes that they can ask IT to push out to students. If the App is free and has some educational value, it is always approved.

Loss & Damage of iPads in Schools
Brandeis Hillel Day School offered a third-party insurance program to families for an additional $50 that would cover damage and loss, they also bundle in the cost of AppleCare. They keep a whole bunch of spares. If a student drops their device twice, they get downgraded to an iPad 1. Finally, they include a ballistic case with all iPads which prevents a lot of damage.

Alum Rock Union Elementary School District hasn't had as many problems with damage because the students love these devices and are very careful with them. They actually see more breakage from teachers who are less careful with the device. They include a clear case, protective film, and also tag each device with big ugly serial numbers.

Catching Jail Breakers
In the high school environment, Cecile would run a report using JAMF that would show the last time each device had been on-site. If the device hadn't registered lately, she would disable it from connecting to the network by blocking their MAC address. The student then comes to IT on their own because they can't connect to the network and then she "educates" them on why.

Pushing Non-App Content
Cecile used Dropbox or Box.net to allow teachers to push and sync content on the devices. She is now investigating a hybrid cloud using WebDav to provide a more secure place to store shared content for staff.

Maribel's school distributes content by syncing each iPad to the cart with a Macbook each night. They also configure email accounts for each student so that they can use Apps that require email addresses. Email accounts for the younger students are only allowed to email addresses within the school's domain.

You Have A Great Network But Do You Have Enough IP Addresses?
If you're considering an iOS device roll-out you need to examine your network infrastructure first. For example, Maribel's school had plenty of access points but ran out DHCP addresses during deployment.

Using Apple's Profile Manager for Mobile Device Management Overview & Best Practices

No votes yet
How does a school manage a few hundred iOS devices for only a few hundred dollars? During MacIT Conference, Derick Okihara demonstrated the pros and cons of using Apple's Profile Manager from his experience managing the Mid-Pacific Institute school. You can download the presentation slides here.

 

Why Use Apple's Profile Manager
  1. It's dirt cheap. Profile Manger is included in Lion Server which is $50-$80 flat. Contrasted with other MDM providers that charge an annual fee.
  2. It does MOST of what you want in an MDM solution.
  3. It's a First Party solution. You can call Apple for support.
Why NOT Use Apple's Profile Manager
  1. Large installs of devices - thousands of devices will require a more robust MDM solution.
  2. A required MDM element isn't available - see below and the complete comparison of MDM solutions.
How does Apple’s Profile Manager Measure Up?
  • App installs - You can push free Apps (getting conflicting reports on this) or in-house developed Apps to users. You can NOT push paid or volume purchased Apps to users.
  • Policy setting - Yes.
  • Security - Restrictions, VPN profiles, remote wipes.
  • Asset Tracking - Lion server will track the device.
  • Remote Control - Nope.
  • Backup - Nope. The only Apple way of doing backup is through iTunes right now.
  • Firmware / OS updates Control - Nope.
What Do You Need to Run Apple's Profile Manager?
  • Lion Server running on a Mac with Core 2 Duo or later, 2GB+ of RAM. A Mac mini for less than 1,000 devices is a very affordable solution.
  • Internet connection with certain ports open. You may need to troubleshoot push notifications.
  • Working DNS - Not just an IP address.
  • Open Directory Master - Server that holds user accounts.
  • Certificates - You'll need the following certificates: SSL/TLS Certificate (purchased from a registrar, StartCom offers the only free certificate for iOS devices), Apple Push Notification Service Certificate (free from Apple with an Apple ID), Code Signing Certificate (you can use the Lion server but a best practice is to purchase one from one of these authorities for around $300)
Lion Server Profile Manager Setup Tips and Best Practices
  • Change your Administrator account name to something besides the default of "diradmin" because someone could guess it.
  • Don't use a comma in your organization name, it'll cause the install to fail.
  • Don't use your personal Apple ID because your certificate will be tied to it. Create a new one for the institution. If the person whose Apple ID leaves you won't be able to manage it anymore.
  • If you use disable the App store your users won't be able to sync Apps via iTunes either.
  • If you use content restrictions, all Apps that allow web browsing are rated 17+.
  • You can run Profile Manager on an iPad because it's a web app.
Resources

Link itunes apps in in-house apps catalog

mcbinome's picture
No votes yet

Hello everyone,

I would like to create an in house catalog with a native app for my enterprise with the app enterprise program. My main issue is to know if it is possible to link itunes apps directly in this store with the possibility to use redeem code without to have to go in the App store application.

The main idea is to ease installation of recommended apps (free or with redeem code). I saw that it was possible with the casper suite to do push-like installation but I wonder if it is possible to do something close directly from an in-house app catalog ?

In the same way if the first part is possible, I wonder if it is possible to update apps the same way without to have to go to the app store and put a password. Should it be possible to use the same redeem code to update the app ?

Thank you very much in any case.

Mc.

BTW this website is really great

Muddying the Consumerization of IT

Aaron Freimark's picture
No votes yet

This week CIO.com published an interview with me on muddying the consumerization of IT. The story includes the following quote:

Interestingly, a lot of IT guys are rooting for Android. The reason, I think, is that there's some unexpressed hope that they can lock down the Android OS. They can put on what they want. They can do the monitoring. They can do the auditing. They can reconfigure and redeploy with their own image.

Of course, that's missing the point. It's no longer consumerization of IT, but goes back to the traditional models where IT has control all over again. If you think you have trouble supporting Android with its fragmentation now, just wait until businesses start getting a hold of the source code and recompiling it.

My point is to celebrate and embrace the tremendous innovations we've seen in the consumer space. Attempts by business to control these technologies only slow down innovation and make emoyees much less productive.

What do you think? Does this reflect the situation in your company? Please comment below.

Comparison of MDM Providers

Recent Activity

Who's New