I know this may be a really broad question but I am going to pose it anyway.
We have been an android shop for the past 10 years. Management would like us to switch to iOS and use iPads because the field is complaining about it. There are a lot of "gotchas" with Android devices and you can paint yourself into a corner if you are not careful. What do I need to know about managing iOS devices? I haven't owned one since the Note 8 came out and I would really appreciate some input on what I need to know or be on the lookout for.
So much going on, what is the best way that you have learned to manage them?
There appears to be several different ways to enroll them...etc I need a crash course. Any suggestions on where to find those resources would also be appreciated.
We are wanting to use SSO via Access too. Pray for me!
We only use iOS / iPadOS devices and are working our way towards Android actually.
Regarding iOS, I think that here are the key takeaways :
- Engage in Apple Business Management Program as soon as you can, this will give you benefit to have any corporate purchased devices to be directly added to your MDM environment for OOB experience (ADE program = Automated Deployment Enrollment) as well as giving you the opportunity to use VPP (Volume Purchase Program) and deploy apps on device license based rather than user license based (through AppleID or managed Apple ID)
- Define properly your DEP for corporate devices and your restrictions / security policies for COPE or BYOD Devices
- Decide before proceeding if you want to exploit Managed Apple IDs, this will help you decide regarding the use of VPP and overall management of your users AppleID.
- Make sure that you have proper compliance policies and processes regarding 0 day updates and overall update management policies
With that already you should have a pretty neat experience, mobilejon has some great posts about this.
Thank you. One of the things I am scratching my head about is the part of do we want to even get into managing the apple ids. Sounds like a headache and a half. Is there any added benefit to doing so from an administrative perspective? Most of our T&E folks don't even have corporate email accounts provided to them so for that group, we couldn't.
I've spent a good 30+ hours reading about Managed Apple IDs, pros cons, setup, experiences etc but it seems more of an hassle that anything else. Also it is the kind of topic which I was more confused after researching than before.
We dropped the support for Apple IDs also and empowered our users to manage their owns : we tell users they can use whatever Apple ID they like, either personal to benefit from pre purchased apps and services or ask them to create a dedicated Apple ID for their corporate device, whatever feels good for them.
We also decided to opt for VPP apps so that even if user don't want to use any Apple IDs they'll still have the benefits of the app that we push onto their devices.
Hope it helps,
Oh yeah, same here, countless hours I think that would have been better spent on other topics. I think I have pretty much made up my mind, just because you can, doesn't mean you should. I read Jon's blog about it and walked away feeling like it is a neat feature but at the end of the day, not a direction I want to venture into. Thank you again for your feedback.