VMware Workspace ONE Community
michaelodonoghu
Contributor
Contributor
‎07-19-2019 05:08 AM

Best practice for deploying 150 ios devices (newbie)

We are deploying a number of mobile devices (iphones)) we are finding that it can take up to an hour per device when we do the following steps - add user to security group -sync user in airwatch - Create Apple id - Log onto company app store - Accept apple terms and conditions and enter iPhone settings - Install intelligent hub - sync device in airwatch - change security group to remove access to Apple app store - push profile out to user (this can take the longest) - remove icloud. Can this process be streamlined so we can deploy devices quicker. We are signed up to Apple DEP.

Labels (1)
Labels
0 Kudos
2 Replies
AbrahamSanchez
Contributor
Contributor
‎07-19-2019 06:42 AM

Michael, Not sure why it's taking that long, but we too are in DEP and the process is rather simple and does not take long to enroll.  Unfortunately, every admin manages their MDM solution differently.  I can only tell  you how it works for us.  For a shared device, we create auto logon accounts and enroll the device.  This takes all but a minutes. We manage apps the same way via security groups.  Once the account is in the group we sync and the device receives apps normally in less than a minute in most cases.  That's it.  The user receives password profile, restriction profile, apps, etc..  If the device is corporate owned, but user needs to receive email, because the device is DEP, the user just needs to enter their AD credentials, a passcode, and their password for accessing native Exchange or Boxer.  The process is same as enrolling their personal device. The only difference is that we lock down the device.  The entire enrollment process takes just under three minutes if that.   The process you explained above does not appear to be efficient and I am a little confused on your setup.  However, like I previously stated, every admin manages their MDM solution differently.  When we have a bulk deployment of that many devices, we use Powershell to create the accounts and have them added to the correct AD groups.  When the device comes in DEP, we just enroll the device, connect to wireless and in a few minutes it's done.  If we have a bulk device deployment for corporate owned not shared, and the user needs to receive email, The process is almost the same.  The device comes in DEP, the user enrolls the device with their credentials as if it's their personal device.  Users do not have access to ITunes or store because we managed that.  From a license perspective it's good practice.  However, there are admins out there that allow users to download apps as if it's their home device.  We do not allow this for reasons already mentioned as well as security, and copyright concerns.  Not sure if others have chimed in, but I would take a second look at your setup. It should not take that long to deploy so many devices.           
0 Kudos
AbrahamSanchez
Contributor
Contributor
‎07-19-2019 07:07 AM

Sorry, so back to your original question on best practice. Not sure why you need to create an apple ID or need to log onto the company apple store.  We pull down apps from Apple Business Manager, and those apps sync to the WorkSpace One catalog.  From there, we create assignment and user groups.  We keep the names consistent with the AD security group. We add the user to the group,, sync the group,  and the app comes down in under a minute.  We do not push any profiles. or remove icloud or any of that manually.  All done with profiles / restrictions.  I know there are other admins that have figured out other slick ways to reduce enrollment times, this is just how we do it here. I just add them to the AD groups I created, sync, and done.  After that, any user requesting access just gets added to the AD group, sync, done!  We don't have self service portal setup yet, but that's in the works.   Good luck!
0 Kudos