[UPDATE: MAKE SURE THERE IS ENOUGH DISK SPACE ON THE DEVICE!! Configurator doesn't handle low disk space gracefully...the device will be forced into recovery and you will need to erase the device.]
Apple is releasing iOS 8 tomorrow, and you know what that means. Gigabytes of data streaming through your WAN connection, making real work next to impossible to get done.
But it doesn't need to be that way. You can use Apple Configurator to download once, and upgrade many devices quickly, safely and efficiently. Be the superhero of the day by getting your colleagues iPhones and iPads updated in the least amount of time possible.
Note: FOLLOW THESE INSTRUCTIONS CAREFULLY. You don't want to be the guy who asks, "Why didn't you have a backup?"
Step 1: Find a Mac. Any Mac will do. Connect it to the biggest USB hub as you can find.
Step 2: Download Apple Configurator from the Mac App Store.
Step 3: Launch Configurator.
Step 4: Make sure the "Prepare" tab is selected.
Step 5: Set up the options EXACTLY as they are here. Pay special attention to make sure "Supervision" is off and "Erase before installing" is UNCHECKED.
Step 6: Make sure you aren't installing any apps and aren't setting anything in setup, in their respective tabs.
Step 7: Double-check the settings. Make sure you have no iOS devices connected via USB.
Step 8: Click the "Prepare" button at the bottom of the screen.
Step 9: Connect the first iOS device. Configurator will download iOS 8 and install it.
Step 10: Connect the second iOS device. It is safe to do this while the first is downloading. It won't download the same file twice, but it will download the unique version for that model when needed.
Step 11: After download and install, disconnect the device.
Step 12: When you have upgraded all the devices you want, click the "Stop" button.
Good luck tomorrow, and let us know how it goes. Who among you will upgrade the most devices?
(Pro Tip: The cached firmware takes up a HUGE amount of space. To clear them out, look in the path /Users/USERNAME/Library/Containers/com.apple.configurator/Data/Library/Caches/com.apple.configurator/Firmware.)
That may seem like a vendor complaint but truly seeking answers to who else on other MDM platforms is experiencing this.
For the first month of school our MDM is truely struggling with pushing out paid VPP apps to devices and continually has major VPP licensing issues. As in it thinks that we do not have any licenses to distribute VPP apps normally and we need to go thru a long time consuming procedure per unit to get paid apps on devices involving 'retiring' the current VPP user in MDM, recreating that units VPP 'user' in our MDM and then doing a manual association of paid apps to that device, plus many other 'workarrounds'. So far our MDM provider has indicated issues with VPP syncing with their product and has issued 2 Server SW patches to address issues in the last month, both of which we have limited success with. Other K-12 Districts have similar VPP issues with this particular MDM product. Up to this point we have been extremely happy with our MDM providers support, but this month of basically silence while we suffer with this issue with very little communication has left a very bad taste in out mouth for their product and honestly looking other directions for a MDM solution.
Anyway, all of that to ask with your MDM have you had any issues where the VPP licenses under normal conditions about 60-70% of the time will not associate correctly with a iOS device and an Apple ID 'user' unless you do a long drawn out procedure per device to address? With over 3500 devices at this pace it will be past Christmas break before we get the paid apps issues addressed on units.
At a press event today, Apple announced that iOS 8 will be publicly available on Wednesday September 17. The update is free and compatible with:
- iPhone 5S
- iPhone 5C
- iPhone 5
- iPhone 4S
- iPad Air
- iPad with Retina Display
- iPad 2
- iPad mini with Retina Display
- iPad mini
- iPod touch 5th Generation
So test out those caching servers (and if inclined those DNS blocks).
[Editor's note: Folks, for the last nine months or so I've been working on a pretty big project, and today I'm happy to help reveal it to you. Much of what I've learned has come from this community. Thank you! And if you are in Atlanta at AirWatch Connect, please stop by the expo and say hi.]
GroundControl is a new system for streamlining iOS deployment, launching today. Plug in a USB cable, and GroundControl supervises, restores a base image, and installs configuration profiles, on out-of-the-box iPhones and iPads and without a screen touch. The multiple "Launchpad" base stations are managed by the cloud, helping ensure a consistent experience no matter how large your deployment is. If you like, think of it as "Configurator in the cloud".
Perhaps the best way to get a feel for the product is to take a look at the demo video below:
Visit the site http://www.groundctl.com for an FAQ and a signup for a trial. If you have questions please ask.
The press release follows.
I've been wondering this for quite some time and haven't been able to figure it out. Apple has touted the following as a new feature coming in iOS 8.
"In addition to Mail and third-party apps, the Calendar, Contacts, Reminders, Notes, and Messages apps as well as user credentials are protected with a passcode until after the device is unlocked following a reboot."
What does that actually mean? It seems incredibly vague. Does that mean those applications will be able to have their own passcode at the application level instead of the device level? If not, then what is actually different from how passcodes worked before? Hasn't "protected with a passcode until after the device is unlocked following a reboot," always been the case when a passcode is being used?
We have a program that is just getting off the ground that allows our franchised users to purchase an iPad from us with good financing terms and the company specific apps to be preloaded when they receive it.
The problem we are running into is, since we are using Configurator to setup the iPads (download Google Chrome and Podcasts among others). When the user receives the iPad, it is not tied to an Apple ID but when Google Chrome releases an update, then the update screen prompts for the password that was originally used to download the app.
Is there any way to avoid this?
Setup email, download apps, and download some content within the apps. Some of this is automated through Configurator and some is manual. If we move to a completely manual process we still get the same issue as an Apple ID is required to download the free stuff.
The devices will not be supervised nor will they be ever touched again by our IT staff. These are resold to the end user and setup as a value added service.
Apple has announced that its iTunes Volume Purchase Program is now available in 16 additional countries. The full list is now:
Australia, Belgium, Canada, Denmark, Finland, France, Germany, Greece, Hong Kong, Ireland, Italy, Japan, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Switzerland, Taiwan, Turkey, United Arab Emirates, United Kingdom, and United States.
In addition, Apple is now allowing VPP credits to be purchased through resellers (at least in the U.S.). Previously, credits were sold direct only. Support your favorite reseller and purchase locally!
i have a question about the nature of app updates on iOS7 that are sideloaded using the apple configurator. Is there any technical reason why apps sideloaded on an iOS 7 device cannot be later updated with another signed in apple id?
i looking into sideloading the MobileIron MDM client using the apple configurator, but only if the mobileiron mdm client can be updated from the apple app store using the owner's own personal apple id?
Does anyone have any experience with sideloading MDM client ipa files using the apple configurator?
About a week ago, security researcher Jonathan Zdziarski revealed what apparently is a number of "backdoors" to iOS. These allow access to data on even encrypted devices, as long as a pairing record is available from a trusted source (not trivial). Although Jonathan took pains to qualify the announcement, several reports have seemed to exaggerate the issue.
In response, Jonathan has compiled a list of more reputable tech articles on the topic. I've reprinted the list below.
iOS Lockdown “Backdoors” (TL;DR)
Dino Dai Zovi, Co-Author “iOS Hacker’s Handbook”
Surveillance Mechanisms in iOS Devices – Don’t Panic but… Do Read This
Elissa Shevinsky, CEO of Glimpse
Apple iPhones allow extraction of deep personal data, researcher finds
Reuters / Joseph Menn
Is Apple’s iOS Backdoor Not a Backdoor
Wall Street Cheat Sheet / Nathaniel Arnold
iOS slurp ware brouhaha: It’s for diagnostics, honest, says Apple
The Register / Iain Thomson
All, I have an oddity that hopefully someone has some ideas.
My infrastructure does not support traditional IP structures.
When we set up Apple Server to do Caching it instantly disables and errors out that we are using a public network. Which we are not, we just (as I said) don't use the traditional 10.*.* approach.
We need to upgrade multiple devices in multiple locations and don't / can't tie up the bandwidth needed to do them all over the air.
Here is an example:
One location may have 300 iPads.
iOS 8 is going to come in ~1.7 gb.
You don't have to be a network genius to see that 510gb of data, is going to drop traffic to a crawl!
Especially when other traffic gets the majority of the bandwidth and these device scavenge for what they get.
Has anyone tackled this, if so... please elaborate.
Are there other offerings Casper or SCCM come to mind in my quandry.
Any and all assistance is a boon at this point,
I have updated the script to work with versions 11.2.2 and 11.3
You can find the updated version here: https://github.com/brandonusher/Apple-ID-AppleScript
I have tested the creation process with the updated version while creating ~3,000 IDs and I only ran into one issue I couldn't fix, which is as follows:
- Sometimes AppleScript won't be able to find the iTunes window, so it breaks. To fix this, just edit the spreadsheet to remove the IDs it has already created and run the script again.
If you have any questions, feel free to ask and I can try to help you out
It seems Apple has made the prerelease Configuration Profile Key Reference available to the public. This the technical documentation for much of the iOS and Mac enterprise management capabilities Apple makes available via MDM vendors, Configurator, etc. (The other main document, the MDM Protocol Reference, remains behind the developer site authentication wall.)
I've done a diff with the documentation for iOS 7, and here are the highlights. Remember, this is prerelease and may change before release.
- SMIMEEnablePerMessageSwitch (Email Payload): Optional. If set to true, enable the per-message signing and encryption switch. Defaults to false.
- allowManagedAppsCloudSync (Restrictions Payload): Optional. If set to false, prevents managed applications from using cloud sync.
- allowEraseContentAndSettings (Restrictions Payload): Supervised only. If set to false, disables the “Erase All Content And Settings” option in the Reset UI.
- allowSpotlightInternetResults (Restrictions Payload): Supervised only. If set to false, Spotlight will not return Internet search results.
- allowEnablingRestrictions (Restrictions Payload): Supervised only. If set to false, disables the "Enable Restrictions" option in the Restrictions UI in Settings.
- allowActivityContinuation (Restrictions Payload): If set to false, Activity Continuation will be disabled. Defaults to true.
- allowEnterpriseBookBackup (Restrictions Payload): If set to false, Enterprise books will not be backed up. Defaults to true.
- allowEnterpriseBookMetadataSync (Restrictions Payload): If set to false, Enterprise books notes and highlights will not be synced. Defaults to true.
- EAPFASTUsePAC (WiFi Payload): Clearer fallback rules
- AlwaysOn VPN
- IKEv2 VPN
- Web Content Filter Plugins
- Managed Domains: New Email domains and Web domains. This payload defines web domains that are under an enterprise’s management.
Is anyone here using the new Apple Device Enrollment Program (DEP) for iPhones? I can see it being used for iPads since you can normally buy these direct from Apple however iPhones are a bit more challenging because I would think most enterprises buy the phones from their wireless provider. Can anyone please provide any insight they may have regarding DEP and iPhones? Thanks!
This has been said and heard over many times but I thought it will be good to reiterate since many enterprises will dive into creating their first mobile App and my goal is for them to avoid these pitfalls
1) Taking over 6 months from start to deploying the mobile App's first version: Everyone is very comfortable with traditional water flow implementation approach where you take 2 to 3 months to gather requirements and then go into design and build phases. You even extend the timeline to accommodate all the requirements. However this model is lethal for several reasons. First, mobile space is fast growing space where the OS sees a major version upgrade 3 to 4 minor upgrades every year. Second, you have plethora of new devices and accessories coming in everyday and current model become absolute in less than 2 years. So if your App is somewhat dependent on a particular device type then the device may become absolute even before you deploy the first version. At times, device compatibility becomes an issue if your App utilizes accessories to work
Solution: Take the traditional development approach and reverse it. Identify 1 to 2 must have requirements and reverse engineer the timeline. Identify and develop foundational elements such as logins, navigation, UI design items and create a template so that new view controllers and additional page can be easily developed later. Deploy that 1 functionality to the end users and get their feedback. 1st deployment should be within 10-12 weeks and after the first deployment go into 3-4 week update cycle where incremental functionality is introduced
2) Connecting the mobile App to existing backend systems sitting inside corporate data center: I have seen this scenario many times. The requirement goes like this...You have a desktop application that is connected to your On premise backend system such as SAP or Oracle or even mainframe. Now the requirement is to develop a mobile App that uses the integration web services to send and receive data directly to the backend system. The App is developed in xcode by instantiating the web service directly to send and receive data. In theory everything should work great because users can use either mobile App or desktop to access the backend system data and update them at the same time. However it screws up the user experience because the integration to the web service is not optimized for mobile traffic.
There are huge differences between how a desktop application sends data and mobile device send the data. In desktop application,
○ Bandwidth is not an issue so the payload size (actual data size) is always big.
○ Mostly they are request/reply interfaces where the data is sent and it waits for confirmation before "Success/failure" status is returned and the connection is closed
○ There are minimum of 2 to 3 hops before the data is handed off (it may hit gateway, application server and then the database)
Now this is opposite for mobile App… Mobile App requires small payload, multi-threaded, reduced connection time, and least no. of hops
When user open the App it takes at least 30 sec to get to the main screen because it is getting all the data in a single thread. During updates the user sees the loading spinner for more than 30 sec because it is waiting for the backend system to provide confirmation before the App can let the user go. Imagine a user trying to use the App while not on Wi-fi but with their wireless network. That might be the last time the user will ever use the App...
Solution: Do not connect your mobile App directly to your backend system but introduce a staging area where the data can be stored and retrieved by the App. The staging area can be even housed within a cloud provider outside of corporate network as long as there is VPN connectivity to the corporate network. This provides great user experience when the user opens the App and within seconds all the data is already loaded. Use background App refresh to preload the data where applicable. When saving the record, the data updates goes into this staging and then the sync occurs between staging and the backend system. The App will be really fast and the end users will love it.
3) Using existing business process with mobile App rather than creating a new one: it is hard to manage change and expensive to change the existing tried and tested business process. When creating mobile App the same business process is extended rather than changing it or introducing a new one. It is totally wrong if the goal is to create a mini me version of desktop so that the users can use mobile device.
Solution: Take advantage of new assets on the mobile device such as Camera, GPS, Bluetooth and add change time consuming business process. In this article American Airlines CIO talks consumerization, the CIO talks about how baggage mishandling was reduced by 65% by scanning the bags.
Overall, I think there is a lot of disruption to be made with enterprise mobility if the right solution is developed and implemented the way the employees can use them effectively. As always feel free to correct me and add your comments.
- Comparison of MDM Providers (722,418)
- Complete List of iOS User-Agent Strings (341,909)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (223,436)
- Apple Configurator vs. MDM (146,304)
- iOS Devices (108,725)
- Mobile Device Management (94,067)
- Apple Profile Manager (88,613)
- Batch Apple ID Creator (81,985)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (81,461)
- AirWatch (76,191)
Comparison of MDM Providers
Forum topic comment by AmeeliaJorden 8 hours ago
Forum topic comment by arjun 1 day ago
Forum topic comment by adrianatikins 4 days ago
Forum topic comment by jpref 6 days ago
Forum topic comment by taylor 1 week ago
Forum topic comment by Rakesh1 1 week ago
Story comment by taylor 1 week ago
Story added by Aaron Freimark 1 week ago
Forum topic comment by wchestnutt 1 week ago
Forum topic comment by ee_dub 2 weeks ago
Forum topic comment by jpref 2 weeks ago
Forum topic comment by wchestnutt 2 weeks ago
Mobile Management Provider changed by bugfrisch 2 weeks ago
Forum topic comment by wchestnutt 2 weeks ago
Mobile Management Provider changed by Tim Williams 2 weeks ago
Forum topic comment by arjun 2 weeks ago
Mobile Management Provider changed by SteJohGbg 3 weeks ago
Forum topic added by herna 3 weeks ago
Forum topic added by renika 3 weeks ago
Forum topic comment by jpref 3 weeks ago