I am new to this forum, but hoping that someone on here can give me some guidance.
I have about Foreman that are in the field with Toughbooks. They only use them for email and filling in forms (Adobe and Excel). I would like to implement Company owned iPads to replace the Toughbooks.
I need them to be able to store the blank forms on the iPad, open them up, fill out the various forms and email them back to the office.
I want to mirror that on the iPad and I am at a loss.
I have looked at Airwatch, NotifyMDM, DropBox, CloudOn, Apple Configurator, etc. and not sure what combination of apps will get me in the correct direction.
Apple Configurator, Apple's free utility for deploying and managing small fleets of iOS devices, has been updated to version 1.0.1. The update is available in the Mac App Store. The utility now has the ability to re-use codes for apps purchased through Apple's Volume Purchase Program. Other tricks, from the announcement, include:
- Enterprise apps packaged as .ipa files are imported and installed correctly.
- Redemption codes for apps that contain a comma in their title can now be imported.
- A redemption code may be reused to install an app on another device if the original device is unsupervised and erased by Apple Configurator, or if the app’s installation did not complete on the original device.
- The redemption code used to purchase an app in iTunes may also be used to install the app on one device with Apple Configurator.
- The number of redemption codes remaining for an app is now displayed correctly.
- Notes and bookmarks entered into iBooks and iTunes U are deleted when a backup is restored to a supervised device.
- The WPA2 password is saved when editing a Wi-Fi profile payload.
- The name of a stored backup is saved when edited.
- The storage capacity of an 8 GB iPod touch is now displayed correctly.
- The “Erase all contents and settings” checkbox on the Prepare pane has been relabeled “Erase before installing”.
Be sure to also see our updated guide to Apple Configurator vs. MDM, showing how the two technologies complement and contrast.
I just set up profile manager and deployed iPads to our managers. I would like to know if there is a best practice for how users connect to iTunes and their Apple ID accounts either using personal email for new or existing Apple ID accounts, or have the users create new Apple ID accounts with their company e-mail? I can see benefits of both. Also, is their a way to tie in their corporate email to an existing account?
The technique is straightforward. Configurator can install mobileconfig profiles as part of its deployment scripts. These are XML files that instruct iOS to set up particular network configurations, credentials, or restrictions. Automatic MDM enrollment is acomplished by creating two profiles:
- connect the initial WiFi network
- enroll to Casper MDM server address.
Casper helpfully includes a function to generate this second profile.
We've noted before that Configurator and MDM can coexist beautifully. Kudos to the folks ar JAMF Software for seeing things the same way.
We hope other leading MDM providers will follow with similar instructions. We also look forward to further improvements to come to Configurator, specifically a way to assign devices to MDM users.
Some notes: when we write "MDM", we are speaking about the combination of ActiveSync, MobileConfig Profiles, and Apple's interface for MDM commands that is used by most vendors in our Comparison of MDM Providers.
Apple Configurator is listed twice, since it can be used in two different ways. Devices can be unsupervised -- which means the are simply prepared for deployment -- or supervised, something altogether different.
This is a wiki page. Since we expect all these technologies to mature, we hope you help us keep this page accurate and up-to-date.
|MDM||Configurator (unsupervised)||Configurator (supervised)|
|Installation||web page or (sometimes) app||USB||USB|
|Delivery of Updates||OTA Push||USB from original computer||USB from original computer|
|Multi-user devices?||No||No||Yes, with short backup-and-restore cycle|
|Set up mobileconfig restrictions, web clips, email, VPN, etc.?||Yes, with push updates and changes||Yes, only during initial config||Yes, only during initial config|
|Set Lock Screen Image||No||Yes, with optional device name||Yes, with device and/or user name and/or user photo|
|Install free apps||Yes||Yes||Yes|
|Owner (Apple ID) of free apps||End User||Installer||Installer|
|Install Paid Apps with VPP Codes||Yes||Yes||Yes|
|Owner of Paid Apps||End-User||?||Device|
|Revokable and Reuse VPP Codes?||No||Yes (if device erased by ACfg)||Yes|
|Passwords entries needed for N app installs on a single device?||N (most implementations) or 1 (some implementations)||0||0|
|Can push documents?||Not through MDM (some have companion app)||Yes, as part of initial image||Yes, per-user docs backed up and saved|
|Query installed apps||Yes||No||No|
|Ideal for||BYOD and/or widely-dispersed users||Initial configuration and deployments, especially when paired with MDM||Classrooms, loaner units, trainings, kiosks|
Is there any way to distribute application (ipa) related custom settings on the time of IPA installation?
Our application should connect to the server what can have different IP addresses defined by admin,
We are looking for the way to send this as a parameter. As far i understand wireless plist manifest can not provide any values besides of ipa url, icons, md5 etc, we can not provide any additional plist files on the time of installation too.
Configuration profile installed same time can not set custom application parameters, is it right? It can only setup some predefined values, the only thing can be used (seems) is webclip as a shortcut (executing custom URL schema with the parameters appname://url=...). But we rather interested in a way our application can receive URL without webclip shortcut, if this is something we can get from configuration profile or any other source it would be nice to know..
We are seeing some strange results with a few of our iOS users and thought someone here would have an idea.
We have two AD domains and are trying both Afaria and Airwatch. Both domains are in the same forest; each has their own set of Exchange servers but are under the same GAL, etc.
With Afaria, users on either domain are able to get to EAS via the Afaria ISAPI filter.
With Airwatch, we've implemented the similar secure email gateway. Users on the domain where the CAS server is located can use EAS, however, users on the other domain cannot. In fact, after enrollment, the Exchange information on the iOS device changes to the external address of the Afaria mail gateway from the Airwatch gateway.
I'm guessing somewhere there is a hardcoded address in our Exchange configuration, but am at a loss as to where to look.
I am looking to deploy an MDM solution on IOS. One of the requirements is tracking of GPS. My research suggests that providers need to have an application on the device to collect this information. Does anyone know which vendors support customization of an MDM app with my companies logo and information?
Zach Christopoulos has published instructions to disable an iPad's home button. His method is very clean, and converts any app into a kiosk mode. The device does not need to be jailbroken.
The steps are very simple, using a custom mobile configuration plist.
- Install a special profile onto the iPad
- Launch any app
The iPad is now locked into the first app launched after reboot. To launch a new app, reboot first. To remove the profile, reboot, then launch Settings, then choose "Profiles", and remove the profile. Finally, reboot again.
[Update: Works on iPhones too, unsurprisingly.]
I was trying to develop a MDM solution for iOS and I would like to test MDM with both methods of distributing device identity via PKCS12 and SCEP. Currently I am doing it using PKCS12, so here is what I am doing:
1. Send a Profile Service profile to the device asking its device id, IMEI, Version etc.
2. Device responds with the requested attribute - signed using the Apple Provided Certificate.
3. I now issue a PKCS12 certificate to the device using the credentials payload.
4. Device responds again with its attributes - this time signed using the above certificate.
5. I deliver an MDM payload setting the IdentityCertificateUUID to the payload UUID of the certificate issued in step 3.
I get profile could not be installed. Upon examining the logs, I found out the error The identity certificate for mdm profile com.mdm.xyz could not be found.
If at Step 5, I issue the MDM profile with a new certificaate included in the payload everything works. I am not sure if this is the right way to issue another certificate. I was thinking to utilize the same certificate issued at Step 3.
I think I am doing something wrong here and this may not be the correct way. Any help would be much appreciated. Thanks.
We are predominantly a Microsoft house but we have just purchased 50 Ipad’s for our branches. We need to put new apps on the Ipad’s and currently this involved getting all 50 Ipad’s sent back to HO for us to update via a USB. This is a tiresome solution and hopefully this forum may be able to shed some light on how we can do this remotely. Therefore the question i have is this, can a Ipad’s be updated remotely via a 3G network?
Some things to consider when answering this:
The Ipad’s have not been made domain members
We do not have WIFI in the branches
We do not have any "fat client" machines in branch with iTunes installed
The Ipad’s is locked down for our branch users
Many thanks is advance
Have you ever get any troubles when you queried app installed in devices by MDM
because MDM get only app name and app bundle ID such as iBooks and com.apple.iBooks.
In fact what we really want to know is not app name and bundle ID but URL of the app in AppStore.
Therefore, I made search system for that.
MDM App Search
Please free to use it, and I'm welcome your feedback.
I'm making a PHP MDM server and I have a concern about the CSR signing process (Vendor Action).
I would like to know if I can sign a customer CSR with the APNS Certificate that I got with OSX Lion Server and return the encoded plist to the customer?
I tried but I got an "invalid signature" from identity.apple.com/pushcert/ .
I don't know if it's caused by my signing code or the Certificate itself.
Currently I'm not enrolled in the Enterprise Program. I'm enrolled as Individual so I can't create a MDM Certificate from the portal that's why I used the MDM Certificate created with OsX Lion Server.
Does anyone know if you can mix and match a best-of-breed MDM solution with a "container" product like Good? If, for example, you like the MDM features of Airwatch, but want to take advantage of the sandboxing features of Good, can you deploy those without using Good for MDM, and use Airwatch instead? I don't know if Good would require that you load an MDM profile on the IOS device, or if you can have more than one loaded.
Randy Saeks has posted his second installment on Apple Configurator. Here's the video (but his site is work visiting for his introduction).
- Comparison of MDM Providers (766,770)
- Complete List of iOS User-Agent Strings (390,950)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (251,582)
- Apple Configurator vs. MDM (155,626)
- iOS Devices (132,101)
- Mobile Device Management (99,248)
- Apple Profile Manager (96,683)
- Batch Apple ID Creator (90,012)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (87,005)
- AirWatch (80,806)
Mobile Management Provider changed by FrankGraziani 6 days ago
Mobile Management Provider changed by rachana 1 week ago
Forum topic added by taylor 1 week ago
Mobile Management Provider changed by taylor 6 weeks ago
Forum topic comment by Elizabeth Hale 8 weeks ago
Mobile Management Provider changed by Simo Kari 9 weeks ago
Forum topic comment by jpref 10 weeks ago
Forum topic comment by bugfrisch 11 weeks ago
Mobile Management Provider changed by krypted 11 weeks ago
Mobile Management Provider changed by JAMFSoftware 12 weeks ago
Forum topic comment by spurtipreetham 12 weeks ago
Forum topic added by okta 12 weeks ago
Forum topic added by am.imran.ahmed 12 weeks ago
Forum topic comment by Samuelbrown 12 weeks ago
Forum topic comment by Elizabeth Hale 13 weeks ago
Forum topic comment by taylor 13 weeks ago
Forum topic comment by bhaveshagrawal1014 13 weeks ago
Forum topic comment by Sabi 13 weeks ago
Wiki Page changed by Aaron Freimark 13 weeks ago
Forum topic comment by philback 13 weeks ago