When iPads were first introduced in 2010, they kicked up a storm. Apple sold a million iPads within a month of its release which was quite surprising since even the iPhones took nearly three months to reach the “one million” milestone. Eleven years and many evolutionary updates later, iPads still take up a significant share of the market. iPads and iPhones used to share the iOS operating system until Apple announced iPadOS 13 at its 2019 Worldwide Developers Conference. iPadOS is a variant of iOS that is specifically built for iPads. In this blog, we will discuss how you can tackle the new iPadOS management with ease.
Spoiler alert: It is not that much different from iOS management.
- Some terms you should know
- Importance of iPads in businesses and education
- Using UEM solution for iPadOS management
- Enrollment and deployment
- Security management for iPadOS
- iPadOS kiosk management
- Managing apps in iPads
- Other interesting features
- Next in iPadOS management: Declarative device management
- Wrapping it up
Some terms you should know
Before we dive into iPadOS management, there are some relevant terms that you should be aware of. Skip to the next section if you are familiar with these terms.
Supervision
Enrolling an Apple device as supervised means that the device is owned by the organization. Business-owned devices allow greater control over the device settings and configurations for the IT admin. Many management features require the iPads to be supervised. iPads can be supervised using two methods:
- Automated device enrollment (previously Apple DEP)
- Apple Configurator
Apple Configurator
Apple Configurator 2 is a free Mac application that helps you to deploy and configure iPads, iPhones and Apple TVs in your business or school. From Apple Configurator 2.13.3 onwards, it would also support macOS Big Sur and restoring macOS on Mac computers with Apple Silicon chip.
Apple Business/School Manager
For unlocking the complete management capabilities of iPadOS, it is a must to have an Apple Business or School Manager account. Apple Business Manager (ABM) and Apple School Manager (ASM) are web-based portals for businesses and schools, respectively. These are used to deploy and enroll Apple devices that are purchased directly from Apple or from an authorized reseller like Verizon. Automated device enrollment is possible only with either an ABM or an ASM account.
Managed Apple ID
What is a Managed Apple ID? It is very different from a typical user’s unique Apple ID. Just as the name suggests, Managed Apple IDs are managed and owned by the organization. The users can access different Apple services like iCloud, iWork and Notes by signing in with their Managed Apple IDs.
Importance of iPads in businesses and education
In the business and education sector, iPads play a pretty significant role. While iPads are more popular in classrooms, they are also handy in businesses.
Shared iPads are a very good example of when iPads can be useful for both businesses and schools. In an organization, the employees can use the shared iPad by logging in with their Managed Apple ID. Since all their data is stored in their iCloud, they can use the shared iPad as their own as long as they log in with their personal Managed Apple ID.
Shared iPads were initially a feature of Apple School Manager. It was introduced for businesses in 2020. In schools, by combining the Managed Apple ID and iCloud, iPads could be shared between multiple students.
Apart from shared iPads, there are different ways in which iPads can be used for businesses and schools. For example, with a management solution like Hexnode, you can lock down the iPads into a single app or a set of apps. This is known as kiosk mode. The kiosk mode opens up a whole range of possibilities – ordering from the displayed menu in restaurants, frontline workers using the iPad as a specific-purpose device and many more.
Using UEM solution for iPadOS management
A Unified Endpoint Management (UEM) solution is inarguably the best choice for managing devices in most organizations. UEM solutions manage all the endpoints in the organization. For instance, Hexnode UEM manages iPads, iPhones, Android devices, Windows machines and Mac computers. Choosing a UEM solution is a smarter choice in the long run since every organization has devices with multiple operating systems. Managing all of them under a single umbrella is easier and more secure.
Let’s have a look into how Hexnode helps you to manage iPads for your organization.
Enrollment and deployment
The first step in the order of managing your iPads is to get them enrolled and deployed to the end user. There are many ways you can do that with Hexnode UEM:
Automated device enrollment with ABM/ASM
This is an over-the-air enrollment method. ABM helps in deploying devices in bulk with pre-configured management profiles and configurations. Upon the initial device startup, the device is enrolled in Hexnode, and all the management profiles are automatically applied to the device. As mentioned above, the devices have to be directly purchased from Apple or an authorized reseller for using this enrollment method.
Automated enrollment with Apple Configurator
If you have some iPads that aren’t purchased from an authorized reseller, you can still add them to your ABM account. Apple Configurator 2 can be used to add any iPadOS devices into your ABM or ASM account for complete management.
Apple Configurator enrollment without an ABM/ASM account
Apple Configurator 2 can also be used to deploy devices without an ABM or ASM account. Hexnode allows you to directly enroll your iPadOS devices with Apple Configurator. All you need is a Mac device with Apple Configurator 2 installed in it and a USB connector connecting the Mac and the device to be deployed.
Enrolling with an enrollment URL
This is a manual enrollment method. Send the enrollment URL to the users. The users have to click the URL to enroll their iPads with Hexnode. It is to be noted that these devices are not supervised when enrolled this way. This results in lesser management capabilities as compared to supervised devices. Enrollment using the enrollment URL can be done both with or without authentication.
Enrollment with Google Workspace
Google Workspace (formerly G Suite) is a collection of productivity apps and tools from Google. Enrolling with Google Workspace means that the enrolled devices would be assigned to the respective Google Workspace users. Configure your Google Workspace account in Hexnode. Enroll the devices using enrollment URL or self-enrollment.
Security management for iPadOS
When managing a fleet of devices for the organization, security is one of the foremost concerns in our minds. Hexnode UEM takes that into consideration and provides a well-rounded solution for resolving the security concerns for your business.
Passcode policies
Configure passcode policies to set conditions and restrictions for passwords. The user would have to set a strong password in accordance with the passcode policy.
Limited app and website access
We would be lost without our apps and websites, but some of them can also be a source of malicious attacks or work distractions. Uncensored access is not needed in the workplace or in schools. Hexnode allows the admins to blacklist or whitelist the applications and websites as required for added security in iPads.
Network configurations
The managed devices connect to the internal Wi-Fi network automatically without prompting for the password. How good does that sound? Secure the network access by pushing the Wi-Fi to the managed iPads using Hexnode. You can also configure and push VPN connections to the devices. Hexnode’s new Per-App VPN feature allows you to send the data of specified applications through a private network.
OS update management
Some OS updates are crucial. Some aren’t. Hexnode allows you to forcefully delay the OS updates for iPads. This lets you check whether the new OS updates have any bugs or not before getting installed on the iPads.
SCEP
Simple Certificate Enrollment Protocol (SCEP) is a widely used protocol standard that allows you to securely issue certificates to a large number of devices using an automated enrollment technique. SCEP solves common security threats caused by accessing work emails, Wi-Fi, VPN, etc. from unauthorized devices by authenticating them with digital certificates.
Lost device management
Devices are an organization’s assets. When these are devices like iPads, they are also pretty pricey. When you take the potentially sensitive company data present in the device into account, it is a hefty loss to get the device lost or stolen. Hexnode has some features that could help you to manage or even find a misplaced device.
- If the location tracking is enabled, find the location of the device by using the “Scan device location” action from the Hexnode web portal.
- The “Lost Mode” from Hexnode allows you to lock down the device into a custom message which can include something like “Please return the iPad to [name].” with your phone number.
- If you think you lost the device somewhere in your vicinity, use the Remote Ring feature to find it.
- Activation Lock is a feature from Apple that prevents any illegitimate users from accessing your iPads if they ever get stolen or lost. Enforce Activation Lock with Hexnode on your iPad for added security. Sometimes, you may get the device back, but it may be locked with a personal Apple ID of an ex-employee. In that scenario, you can also bypass the Activation Lock with Hexnode.
- If all else fails and the device is still misplaced, wipe the iPad remotely to prevent data leakage.
All the security features mentioned here focuses on iPads owned by the organization. For personal devices, use Business Container to control the flow of personal and corporate data between apps. This allows for a logical separation between the work and personal data even on personal devices.
iPadOS kiosk management
iPads and kiosks have a very close bond. We have already mentioned in passing the many ways that kiosk mode could contribute towards using iPads for businesses and schools. Hexnode lets admins lock down the managed iPads into single app mode, multi app mode or even a web app mode. Let us look into the different kiosk modes in some detail.
Single App Mode
The name is self-explanatory. In single app kiosk mode, the iPads are locked into a single app. The users would not be able to access any other apps or device settings while in single app mode. The admins can lock down the device into an in-house app, a system app, a store app or a VPP app. The admin can also restrict certain device settings as per requirements. For example, if it is a digital signage display, then the users are not meant to interact with the iPad. You could disable device touch to prevent the users from doing anything to the device. You could also disable the sleep/wake button, volume buttons, auto-lock and more.
Single app mode can be used for specific-purpose iPads such as an interactive kiosk. For example, an iPad locked into an interactive kiosk where the user can order food in a restaurant or a student can watch educational videos from a study app.
Autonomous Single App Mode
This is a more advanced version of the single app mode. In autonomous single app mode, the app runs in the foreground till the user is finished working with it. The app exits on its own after it has performed its function. One use-case of autonomous single app mode is in classrooms while conducting a test on an iPad.
Multi App Mode
In multi app mode, Hexnode allows the admins to lock down the iPads into a set of required applications and blocks access to all others. The admin can add apps or app groups in multi app mode. The Hexnode admins can create custom app groups in the web portal for ease of deployment.
Custom layout for kiosk apps
You can customize the layout of the apps in kiosk mode for iPads. Arrange the apps on the screen and dock, create pages and more to customize the interface across the managed iPads locked in multi app kiosk mode.
Web App Mode
Hexnode’s web app kiosk lets you restrict user access to a few websites of your choice. The website URLs appear as web apps on the device screen. These web apps can be opened in either Safari or Hexnode Browser Lite. We would recommend you to choose Hexnode Browser Lite since it comes with more advanced kiosk settings such as customizations, cookie settings, scheduled refresh, hardware and software key restrictions and many more.
Managing apps in iPads
With Hexnode, you can do a good job in managing iPadOS apps for your organization.
Remotely installing or uninstalling apps
The admin can remotely install or uninstall applications silently in a supervised iPad. The mandatory apps policy allows you to push multiple app installations in bulk to the managed iPads. If the apps are not installed on the iPad, it would be shown as a non-compliant device in your Hexnode portal. If the devices are not supervised, the users would get a prompt to install the application.
App Catalogs
Create a custom app store for users by creating App Catalogs in the Hexnode web portal. Push these App Catalogs with a policy. The user can then install the approved business apps as needed.
Web Clips
Web clips are shortcuts to websites and appear as app icons on the device. Web clips and web apps are different since web clips can be configured even outside of kiosk mode. On tapping the web clip, it opens up the website in the Safari browser.
App Notification settings
Configure the individual app notification settings to determine how the corresponding notifications are displayed for the end-user on managed iPads.
Other interesting features
Data expense management
Configure network usage rules to determine how individual managed apps use cellular data and their network access while roaming. This helps the organization to curb unnecessary data expenses.
Remote monitoring
All the management features in the world would become useless if you cannot do it all remotely without physical access to the device. All features discussed so far can be configured on the enrolled devices remotely from the Hexnode web portal. In addition to those, the admins can also remotely view the managed iPads and use it for troubleshooting purposes. You can also execute other remote actions such as locking the device, turning on lost mode, track the device location, wipe the device and more.
Personalization and customization
When it comes to device interface, the look and ease of use are very important. For instance, the company may want to unify the look in all deployed iPads with custom wallpaper and the company logo. Use Hexnode to customize the wallpaper, configure the home screen layout, install fonts, or even set an inspiring lock screen message for the users.
Reports
In any organization, reporting is an important and time-consuming task. Hexnode seeks to make it easier for admins with a myriad of device reports, user reports, compliance reports and many more. The admins can either download these reports manually or schedule them to be delivered to their email addresses.
Next in iPadOS management: Declarative device management
Announced in WWDC 2021, declarative device management promises to change device management from iPadOS and iOS 15 onwards. Apple’s MDM protocol would be replaced by a more proactive declarative management. Declarative device management works on three pillars:
- Declarations
- Status Channel
- Extensibility
WWDC 2021 highlights: What is declarative device management?
Wrapping it up
The introduction of iPadOS marks the branching out of iPads from the shadow of iOS. It was a pretty cool move on Apple’s part and iPadOS shows promise as a developing OS. While there aren’t many differences in iPadOS and iOS device management today, it may change in the near future. When that happens, we will make sure to update you with all the latest device management features.
Share your thoughts