Saturday, December 7, 2013

iOS 7 Brings Changes to Configurator, the VPP & MDMs Managing iPads

The release of  iOS 7 and Mavericks brings some welcomed and unexpected changes to managing ipads with Configurator, the Volume Purchasing Program and Mobile Device Management (MDM) systems  like Meraki. After attending a session at the Christa McAuliffe Technology Conference (, I gained some more insight as to how the changes will work directly from the Apple team. To recap the original process, a school district setups an online account with the VPP to purchase redemption codes for paid apps. This is not an iTunes account, just a code purchasing account. (More info on VPP found at the St. Vrain Schools site.) The codes are then sent to individual iTunes accounts manually or through wireless MDMs, like Meraki. This wireless process provides your users with paid apps on their devices or it can be done manually via a spreadsheet that is later imported into Apple Configurator and then pushed locally to ipads in a set sharing the same account. Configurator is used to put the devices under something called Supervision that allows for device code licenses to be both distributed and pulled back for redistribution to different devices as well as apply policies for security, wifi and other settings. More info on working with Configurator and Meraki can be found at my site at

Configurator takes a bit of patience, however, as it has been a bit clunky at times in the process of supervising, iOS updating and app distributing. Especially time-consuming was the constant distribution and updating of apps as Configurator requires iPads to be physically connected to a specific Mac via USB. This means collecting iPads constantly from the users. A preferable option would be just to supervise in Configurator and then do all policy and app maintenance work wirelessly from an MDM without having to collect the ipads several times throughout the year... again and again and again. There is an issue of bandwidth, however, in wirelessly pushing apps and iOS updates from your server. Mavericks for servers features a caching server that will cache a local copy of the latest App or iOS update data ready for the next device requesting it on your network reducing the "bogdown" on your network device and app updates. Originally, when updating to iOS 7, I had to go through a ton of the white "welcome" screens on every ipad that I was just updating or restoring from a backup and in several carts of 30 devices, that is cumbersome. There is now a third tab in Configurator beyond Settings and Apps. This one lets you skip some of these welcome screens and come back to them later like password, notifications, etc. You can also lock a device to one app such as an app needed during standardized testing that you don't want users tapping out of. This can now be done with the MDM as well making it easier to remove this setting when no longer needed.

VPP now has a new program as well. Instead of sending out codes to everyone, an invite is now sent out to individual user accounts to join what might be called your "VPP family" so you can distribute apps wirelessly from your MDM to them without codes. For carts of iPads using the same iTunes account, this won't quite work. For cart situations, the codes will still be necessary for use through MDMs like Meraki or through Configurator to distribute the paid apps. In the VPP site, you will now see the following options related this change:

The above picture shows where you download your 1-year token needed for this process.

The second picture in VPP illustrates the difference between buying licenses for users in your "VPP Family" versus buying codes for devices using the same account like those in a cart of iPads. The top option is for carts or anyone you prefer to just give a code to. The second option is to send paid apps to those iTunes accounts with individual devices in your VPP family.

In your MDM, you should also see a change. Being most familiar with Meraki because its free to school districts to use even without Meraki network solutions, I'll use that in my examples. There will still be the option to paste in redemption codes, one per line, to send to devices (such as those in a cart) that can not really be part of the VPP family. You will also see options like in the picture below requesting you to get the token from your VPP and add your VPP account so you can send apps to users in your VPP family without the codes.

Do you still need those VPP codes? Well if you have carts or sets of devices using the same iTunes account or situations where a account is not joining the VPP family, or wireless and bandwidth issues, then Yes. If you are in a 1:1 or have more iPads associated with individual accounts, you do not need codes for them.

Depending on your comfort level with Configurator, you can decide which option works better for your situation. From my work managing iPads, I find it preferable to use Configurator for just supervising devices and then sending out apps through an MDM so they do not have to be collected from users constantly. For carts, Configurator is still preferable for app distribution. You can send apps and policies to carts or sets of devices still with the MDM but using codes and someone has to be there to put in the iTunes password and accept the app installation. Many of the changes I have found helpful in the management of iOS devices now that I understand them better and hope this article clears up some of it for others.

No comments:

Post a Comment