Hi All -
Does anyone have instructions on setting up shared devices, according to best practices? I have looked over numerous documents from AirWatch, but none show step by step instructions on how to setup shared devices. Throw DEP phones into the mix, and things get worse.
I opened a support case and the rep said there isn't any documentation!? For example... I setup a separate OU strictly for shared devices, then using the staging user with multi device setup, enrolled the phone. Based off previously built profiles, the iPhone then setup email for the staging user (not what I want), and a passcode. So the phone now has a passcode that a shared user wouldn't know. I know there is a shared password settings page which I need to look into more. After unlocking the phone and giving it to a new user, they enroll, but then the phone is still asking for the staging users email, not the newly enrolled user. So I excluded the staging user from all profiles....So with 4-5 workarounds, I have it somewhat working but this is a whole process. Manual work and not what AirWatch is built for.
To make a long story short.. If I setup a brand new DEP phone, it is set to go to a specific OU, but if it's shared, I need it to enroll in the shared devices OU. So many variables, overhead, and manual work that i figured there is a much easier way. Can anyone help? Thanks
Thanks, Chris.
I have 5 separate DEP profiles, one being ' Shared Devices' ... so that part is OK. My basic goal is to have what is shown in this video:
Problem is... AirWatch provides very little documentation on how to *correctly* set it up. I can get it to that point but I feel like I am setting up a bunch of workarounds instead of one seamless setup. And I am doing still has a bunch of manual steps and high potential for user error. Bobby
This approach works and we used to do it pre DEP on about 1000 devices but when DEP came along we moved away from using the Agent to authenticate on a device. Hassles involved:
- Not supported by Apple
- Sometimes profile assignment would just go out of sync so could never be sure whether the right profiles/apps were available on the device.
- Locally stored data was not wiped when logging out resulting in risk of data leakage
- Support couldn't log a user out remotely
As soon as DEP came available we moved to fully DEP enabled authentication through LDAP. So when people log out it's basically a device wipe which solves all the above issues and also makes for a very simple Airwatch configuration.
We have been waiting for Apple for proper profile support much like the Apple School Manager allows but its reliance on Apple IDs is a worry and not suitable for our environment.