apple configurator and free app

rodrigof's picture
No votes yet

Greetings Admins

I am thinking about using Apple Configurator to deploy some iPads. I was thinking of setting up one iPad how I like it. Then Backing up that one, and restore the backup to multiple iPads. Would the restore also restore the Apps? And any setting associated with that app?

Also how do the updates work on apps installed from configurator?. I know with regular apps, that password of the apple ID that was used to download app needs to be entered before update happens.

Thank you all.
Rodrigo

Enterprise vs. the iPad: 7 Steps to Avoid Deployment Disaster (Upcoming Webinar)

No votes yet

[Hi folks! I'm honored to have been asked by the good people at Apple-ization of the Enterprise and Code42 to present a webinar next week. I hope you all from the Enterprise iOS community can join us. — Aaron]

As tablets become even more intuitive and convenient, information workers are demanding these devices as standard operating equipment necessary to do their jobs. And, they expect to have the same user experience as laptops or desktops. However, because tablets can be difficult to manage and deploy, and pose added security challenges, enterprise IT has been slow to deploy them on a grand scale. So, how can IT teams embrace tablets to enable employees to work how they want, while at the same time ensure a successful deployment and long-term management and security?

Join this live webinar as Tekserve CTO and iOS expert Aaron Freimark provides practical tips for successful enterprise iPad deployments, based on his real-life missteps and successes. Aaron will also share:

  • How the use of tablets within the enterprise represents a tremendous shift from IT's traditional "command and control" approach
  • The 7 common mistakes to avoid during an iPad deployment
  • Real-world examples of successful deployments resulting in business efficiencies
  • Tips and recommendations for a scalable tablet strategy

Register for Free Webinar

March 12, 2014 | 1:00 pm Central
Presented by Tekserve

Aaron Freimark has worked for the last 12 years at Tekserve, New York's largest independent Apple consultancy and retailer, and is the company's CTO. Over that time, Tekserve has architected and supported solutions for NBC Olympics, Cablevision, Al Jazeera America, New York and Minneapolis/St. Paul airports, and hundreds of other enterprises big and small. A believer in online collaboration, Aaron is the founder of EnterpriseiOS.com, a technical community of iOS administrators.

Now Buy Apps using Purchase Orders

No votes yet

Apple has introduced VPP Credit, a way for businesses to purchase Apps and iBooks using purchase orders.

Quote:

Businesses can buy apps and books with a purchase order for use in the Volume Purchase Program. Volume Purchase Program Credit (VPP Credit) can be procured for a specific dollar amount and is delivered electronically to account administrators. Business customers can buy VPP Credit through their Apple purchasing account or through Apple Authorized Resellers.

More info coming soon.

Apple's New Deployment Programs

benhuckle's picture
Your rating: None (4 votes)

[Editors Note: Aaron is on vacation this week, so a huge thanks to Ben for providing this big news.]

Looks like Apple has unveiled its new deployment programs.

Device Enrolment Program (US only)
AppleID for Students Program
More enhancements to the Volume Purchase Program

Fraser Speirs has a good write up on his blog.

Apple Releases New iOS 7 Deployment Technical Reference Guide

benhuckle's picture
Your rating: None (2 votes)

It can be downloaded from here.

This guide is for IT administrators who want to support iOS devices on their networks. It provides information about deploying and supporting iPhone, iPad, and iPod touch in a large-scale organization such as an enterprise or education institution. It explains how iOS devices provide comprehensive security, integration with your existing infrastructure, and powerful tools for deployment.
Understanding the key technologies supported in iOS will help you implement a deployment strategy that provides an optimal experience for your users. The following chapters serve as a technical reference you can use when deploying iOS devices throughout your organisation.

iOS 7.0.6 released with important SSL security fix

No votes yet

Apple today released iOS 7.0.6 with an important security fix:

Quote:

iOS 7.0.6
Data Security

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID

CVE-2014-1266

Available, as always, via Software Update. Direct download links for each build are in our database of iOS Devices.

What is Apple Volume Services?

No votes yet

AppleInsider notices a new Apple web site, http://volume.apple.com.

Quote:

Enable your organization to:

  • Automate MDM Enrollment
  • Buy Apps and Books in Volume

What could it be?

Original post: http://appleinsider.com/articles/14/02/17/ios-71-rumored-to-arrive-march...

Open Letter to MDM Companies

Your rating: None (3 votes)

[Editor's note: This letter from a member of our community brings up some interesting points. But as noted in the comments, the MDM providers are simply using the APIs provided by the device manufacturers.]

You all have it wrong. All of your products are good don't get me wrong! You enable us to protect our networks, provide our users with ease of use and ease of setup. You allow us to block or allow anything we feel is harmful (separate opinion about that). The thing you have wrong is wiping the phone after failed attempts at the password!

Why is this wrong?

  • Whoever steals the phone knows this so they just enter random passwords and then have a usable phone to sell. That is until you figure it out or it is reported to you.
  • If the end user forgets a lot of times the phone will wipe and they will continue to use it. Then a couple weeks later they bring you the phone saying that it isn't working right.
  • While the user is using the phone unprotected they install their personal email or just text company information leaving your company at risk.

What the is the "right" way?

  • After 10 (or whatever your specified time would be) wrong password attempts you lock the device with an alternate password that only the administrator knows.
  • Each phone could have a different admin password that auto populates when you register the device.
  • The password is only viewable in the MDM console.
  • The phone can be unlocked with this passcode or through the MDM provided the end user answers the appropriate questions correctly.
  • Also there should be a notification on the MDM and an email sent to the MDM admin. This would allow them to be a bit more proactive and give the admin some visibility to what is happening in their world.

I think this method is more secure for our data and protects the assets we place in the field mischief better. What are your thoughts?
http://redd.it/1xzxd2

How to silently push free apps using VPP, Managed Distribution, Supervision and AirWatch

No votes yet

What's the best way to get an App Store app onto many iOS devices? If those devices are supervised, the best way is to use MDM and Apple's new Managed Distribution method. I'll demonstrate how to do that using AirWatch below. (Other MDM providers have similar capabilities. Check with your favorite.)

Steps

  1. Make sure you will meet the requirements: VPP, MDM, Supervision, and a common Apple ID.
  2. Link your MDM provider to your Apple VPP account
  3. Invite your MDM "users" to your VPP program
  4. Use VPP to "purchase" apps (even free ones)
  5. Use MDM to deploy the apps to your users.

Alternatives

Before we start, are you sure you want to do this? Apple Configurator may be a much better solution for the "getting apps onto iPads and iPhones" problem, at least when all the devices are in the same room. But if the devices will be scattered far from the iGeek, then keep reading.

Requirements

The setup is quite important.

  • Make sure your MDM provider your platform version supports iOS 7's new Managed Distribution system. ("New" means November 2013.)
  • You'll need to create an MDM user who will own all those devices. You will want to make sure this user is in a new location group.
  • You will need to set up an iTunes Volume Purchase Program account for your business or school. Note this requires a new Apple ID, a DUNS number, a pound of flesh, some eyes of newts and toe of dog, and a few days for processing. OK, it isn't that hard, I'm just having fun.
  • You'll need an Apple ID to share among your devices. You will want to use the technique to credit an Apple ID without a credit card. (I'm assuming you will be distributing only free apps to your devices, which means you can share the same Apple ID.)

Got it? Good. Now for every iOS device, you'll need to do a few preparation steps. (Hint: If you play your cards right, you will be able to accomplish all of the below in a single stoke.)

  • Supervise it using Configurator
  • Sign in to the App Store using the common Apple ID (restore a backup image with the App Store user signed in)
  • Enroll into MDM (you can do that automatically using Configurator during the supervision process, at least with Casper Suite, AirWatch, MobileIron, and others.)
  • Associate the device with the common MDM user (that should be a setting in MDM prior to generating the enrollment profile)

Link your MDM provider to your Apple VPP account

Sign into your VPP Account. In the upper-right corner, click on your Apple ID and then "Account Summary".

In the "Managed Distribution" section, download the VPP token. This contains the credentials your MDM provider needs to link to VPP.

Now log into AirWatch. Navigate to Settings > Apps > Catalog > License Based VPP. Double check you are looking at the correct location group.

Enter a name to describe this connection (I called it "Tekserve VPP") and upload the token. I strongly recommend "Automatically Send Invites" is NOT checked.

Save this config, and you now have linkage!

Invite your MDM "users" to your VPP program

Next step is to invite your MDM users to participate in the program. There is no assumption that the Apple ID is the same as the MDM user's email. In fact, Apple is pretty clear they don't want MDM (or the employer) to ever know an employee's Apple ID. Therefore the MDM system needs to send an email to the users, who click a link to accept enrollment in the VPP program.

I haven't yet figured out how to invite one user at a time, so we're going to have to invite EVERY user in the MDM location group. Now if you have been following carefully, you are working in a location group with only a single MDM user. Cool. Send the invitations by clicking the "(Re)Invite Users" button. There won't be a confirmation, but email will be sent to all addresses the MDM has on file.

Quote:

Aaron Freimark,

Using your iOS7 device's browser, please click on this https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/associateVPPUse... to register for Apple's License Based VPP Program. Registering for the program will enable you to download applications purchased by your organization on your behalf.

Please contact your IT helpdesk if you have any questions: noreply@air-watch.com

Regards,
AirWatch

Clicking the link will open the App Store (on an iOS device) or the Mac App Store (on a Mac) and ask for an Apple ID and password.

Quote:

This organization can now assign apps and books to you.

Use VPP to "purchase" apps (even free ones)

Next step -- there are a lot of steps -- is to use Apple's VPP to purchase an app.

The iTunes VPP store used to have only paid apps. Now it has free apps as well. Today let's install Tiny Death Star, a popular enterprise productivity app. So log into the iTunes VPP store, search for "death star", and "purchase" several copies. You can purchase as many as you want, it's free!

A paid app presents a choice for either downloading old-style redemption codes or new-style managed distribution. Free apps don't get a choice; managed distribution for all.

After purchase, Apple takes a few minutes to prepare your order. Wait until you receive email confirmation before continuing to the next step.

Use MDM to deploy the apps to your users

Back in AirWatch, click on Apps & Books > Applications > Purchased. Now you ask AirWatch to check with Apple, so click the "Sync Licenses" button. This part may take a short time, but in my test I just needed to refresh the page.

Once AirWatch is aware of the app, you can assign it to users. Click the twisted-arrow button.

AirWatch assigns these apps via smart groups only. This article is already way too long, so I won't explain how to create these.

Now decide how many licenses you want allocated to the group.

Now save the assignment. The last step is to publish the app.

In my experience, the app isn't quite ready to publish immediately. So if it doesn't work immediately, wait 15 minutes and try to publish again.

As expected...

On my test supervised iPod, I get the Tiny Death Star app, automatically downloaded and without any prompts. It works! Woo hoo!

As unexpected...

My unsupervised iPhone also received the Tiny Death Star app, and it isn't even enrolled into AirWatch. Hmm.

I understand part of this. I used my personal Apple ID for the test; the same Apple ID I used on my iPhone. Managed distribution works by adding the assigned apps to my Apple ID purchase history. And my iPhone has automatic app downloads enabled. But does this imply that unsupervised devices can also receive silent installs?

Looks like more exploration is needed.

Apple ignores the enterprise! Or not. A chart of new enterprise features by iOS release.

No votes yet

Apple ignores the enterprise! So says the conventional wisdom. But I thought I'd share this slide with you guys. It was part of a presentation I gave yesterday to some business leaders at an Apple event in New York.

Every year Apple releases a new version of iOS. Every version of iOS includes new features focused on the enterprise. Every new release includes more new features than the year before.

Apple may not market to the enterprise, but they most certainly engineer to the enterprise.

AirWatch VPP issues

m.lepich's picture
No votes yet

Hello,
The company that I work for just started using AirWatch. We have upgraded to 6.5.1.8 which allows us to use the Apple VPP program. I have everything set up in the Apple VPP program and have copied the token over to the AirWatch server. I tried "buying" a free app to test out the push to devices, however I can't get it to show up on the test iPad.

Is this because I need to test with a "paid" app as opposed to a free app?

Thanks in advance for any help!

Mark

iOS and Root/Intermediate Certficates + iCloud

SeanP1971's picture
Your rating: None (1 vote)

I was wondering if anybody has any information around how certificates are handled in iOS and what iCloud retains?

In our environment we have an MDM solution which deploys certificate based ActiveSync and VPN profiles as well as other policies. We also have to manually install our internal root/intermediate certificates on the device which are required for the in-house iOS web apps and the Active Directory chain of trust over the MDM automated VPN.

Two things -

1) We discovered that in some cases one or two of the profiles would fail to install and after much troubleshooting it appeared to be solved by doing the following workaround steps -
Installing the manual certificates, re-booting the device, removing them cleanly, rebooting again and re-enroll the device to successfully bring down the profiles.
It also seems to suggest that the iCloud backup retains remnants of the certificates even when they are not present which comes down to the device or a new device but not sure how? e.g. If it's a fresh new device it was always work 100%.

2) Are you aware of what tools can be used to deploy these certificates over the air automatically?

Any advice greatly appreciated.

Configurator 1.4.3 is out; improves VPP code redemption (updated with release notes)

Your rating: None (4 votes)

Apple today release Configurator 1.4.3, which "improves redemption of VPP codes when installing App Store apps.

Configuration is a very handy tool for setting up and deploying multiple iOS devices. It is free and available on the Mac App Store.

Update: Apple has released release notes:

Quote:

Apple Configurator 1.4.3 is a recommended update for all Apple Configurator users. This update is available from the Updates tab of the Mac App Store. It requires OS X Mountain Lion or later, and iTunes 11.1 or later.

What's new in Apple Configurator 1.4.3?

  • Improves redemption of VPP codes when installing App Store apps by fixing an issue in which valid codes were incorrectly reported as "already redeemed".
  • Fixes an issue with skipping Setup Assistant steps while preparing an unsupervised device.
  • Resolves an issue that could prevent quitting the Apple Configurator app.

Want to get together at NRF 2014? Let me know...

Your rating: None (1 vote)

The National Retail Federation "Big Show" is January 12-15 in my hometown, New York City. We have the opportunity to get together for an Enterprise iOS networking event. Sound interesting? Please drop me a line that you are interested.

strange error during mail synch - when a certificate is used to authenticate, sometimes certificate cannot be validate

bongio's picture
No votes yet

We have the following situation:
- native ios email client
- certificate for user authentication.
- ios 7.04 (this happen even with 6.x.x)

Usually it works fine, but sometimes for some users we have a strange behaviour:
- the error is "..certificate cannot authenticate.." or mail client requests a user password
- after a lot of log checking, it appears the device does not arrive to external firewall, then the exchange too

We checked the error is showed immidiatly and it appears the device does not try to connect to the external url

Debugging the ipad we see this type of error:
Nov 28 15:42:18 s-iPad MobileMail[174] : 0x17da9130|EAS|Error|Failed to get version string
Nov 28 15:42:18 s-iPad MobileMail[174] : 0x17da9130|EAS|Error|error syncing folder: Error Domain=MFMessageErrorDomain Code=1054 "The operation couldn’t be completed. (MFMessageErrorDomain error 1054.)"
Nov 28 15:42:18 s-iPad MobileMail[174] : 0x17da9130|EAS|Error|ASGetOptionsTask failed: Error Domain=DAErrorDomain Code=63 "The operation couldn’t be completed. (DAErrorDomain error 63.)"
Nov 28 15:42:18 s-iPad MobileMail[174] : 0x17da9130|EAS|Error|Failed to get version string
Nov 28 15:42:18 s-iPad MobileMail[174] : 0x17da9130|EAS|Error|error syncing folder: Error Domain=MFMessageErrorDomain Code=1054 "The operation couldn’t be completed. (MFMessageErrorDomain error 1054.)"
Nov 28 15:42:18 s-iPad MobileMail[174] : ERROR: MFMessageErrorDomain/Missing Password - No password provided for “Exchange ActiveSync”

If I enter in settings\mail,contact,calendar\email_configured and I turn off and turn on the "Mail", the mail client starts again to work. After some hours, it stop again...
It appears a device problem, but now we have 400 devices, the end use cannot access the email configuration and this error is becoming a big issue.

Thank you for your help

About This Site

  • Enterprise iOS is a community for administrators of the iPad, iPhone, and related devices. All content is available to browse. We encourage you to create an account to submit stories, edit wiki pages, and post to our forum.

Comparison of MDM Providers

Recent Activity

Who's New