JoeTingley's Posts

Hi Noordan, Unfortunately, the document doesn't help me beyond what I've already done. I'd like dynamic text added on top of a backround image assigned on the managed settings screen. For example, I need an generic business backround with the Device Host Name over the top of it for identification, assigned dynamically. The closest I've been able to get is to assign the Device Name onto a Lock Screen Profile under "If Lost Return To", which technically works, but it's tiny and my user base are a bunch of nurses who will struggle to see it. If you look at the JAMF options in the link, they specifically call out the ability to "Add additional text to the image by entering a variable or text in the Text to add to the image field." I'd really like to figure out a way to do THAT. Anyone else have any advice? Thanks!

I think you're right IF you add 'Enroll in DEP' into the workflow for Apple Configurator. My understanding is that functionality was designed to enroll devices into DEP that weren't purchased from a reseller attached to your ABM/DEP, not to enroll devices that were. My experience with Apple Configurator is admittedly limited as I use Ground Control instead. Can you try to make your configurator changes without the DEP enrollment and then just let ABM/DEP point to your AW server for management. I suspect that would allow ABM to assign ownership to the Airwatch server directly and not give the 30 day window for unenrollment.

Thanks for the reply! I am also a GroundControl customer and have an otherwise identical setup to you. However, we don't require authentication to that OG during the enrollment and I'm guessing that is the difference and why HUB shows enrollment information and credentials there for you while devices enrolled into HUB don't for us, and why HUB doesn't show up in my Find My Device app list dropdown even though it is on the device. I'll test that out. I see a drawback to authentication - We chose not to authenticate because if a device is lost or stolen, we want it to automatically re-enroll itself through DEP and into our system with location information so we know it's in the wind. If the OG requires authentication, this will not occur. 

What is your onboarding process for the device? You image/launch the device, it goes through DEP.  When you say you've 'configured them to make sound and provide last location', how did you accomplish this? For me, when I launch Hub, it starts an enrollment process prompting for group ID even if the device is already enrolled via DEP. 

Is the device signed into an iCloud account that is different than your VPP account? I received something similar when I preinstalled a device with apps through smart group/VPP, then the user went onto the device and tried to update the app using a separate iCloud account and App store.

Agreed on all points above. I used to get easy-to-read emails with all the major topics of the week formatted nicely as links. I could quickly read through and identify the ones that affected me, and click the link directly to get the information quickly. Also agree that the format of this forum creates a lot of blank space that requires you to scroll a lot. Between replies, between subjects.

Can you describe your workflow?   I use ABM, enrolled directly into an OG fully configured. When we onboard equipment, my desktop guys send me a serial number and the profile they need, and I just assign it for them. They never have the option to remove management, and they're forced into it without intervention during a device reset from Apple. If you're manually enrolling and the device is not supervised, users can always remove management.

I do this via different organizational groups. You assign applications to a smart group with membership rights to anything placed in certain OGs or sub OGs, and then applications and configurations automatically download based on it's OG membership. I've never done it via tags personally because you can't customize backrounds or specific privacy settings doing it via tags. I also work for a hospital doing Rover. We have about 700 devices deployed. Happy to help if you have any other questions.

Unfortunately, I don't think that will work: Store Apps Do Not Wrap You cannot wrap applications from app stores, even if the APK or IPA comes from the vendor directly. Contact vendors to see if they can incorporate the Workspace ONE SDK and AppConfig into their applications to address enterprise requirements  

This came up again today so I wanted to ask - I have a restriction profile that only allows some apps. This also seems to prevent the web link I've created from showing up as well. If I remove the restriction profile, it's there just fine. Anyone know how to make the system respect an assigned Web Link?