Ready to start enrolling devices? Our reseller ID is 2287450. Need a little more information? Here are seven things you need to know about Apple’s latest initiative…
1. It stands for Device Enrolment Programme.
It is, not surprisingly, a new programme that enrols new devices onto your system automatically, without your IT team having to get their hands dirty.
2. Enrolment is not the same as management.
The technology behind DEP doesn’t replace a Mobile Device Management system (MDM). You need to have a separate MDM solution to decide which apps should be on devices and what content students who’ll be using them should be able to access.
There’s no charge for using DEP but you do have to have an MDM solution in place for it to work, and alas, the good ones are not free. If you don’t have a device management solution in place, give our team a call to go through your options.
4. It applies to any kind of Apple device.
Desktops, notebooks, iPad, iPod touch and iPhone can all be enrolled in DEP, as long as they were purchased after March 2011 and from an Apple Authorised Reseller (like us). To enrol devices you already own into DEP, you need to associate them with the reseller ID of the company you bought them from – if that’s us, our ID is 2287450.
5. You can create multiple profiles.
So different profiles can be installed on desktops and iPad, or on devices intended for students and teachers – and they’ll all be applied automatically as soon as the device is turned on.
6. You can’t have devices on this and in Apple Configurator.
If you’re already using Apple Configurator to set up your devices, you can transition to DEP by wiping the devices and re-enrolling them. However, once a device is registered on DEP, you can no longer supervise it using Apple Configurator, as Apple don’t allow one device to be registered in both systems. If it’s easier for you, you can enrol only new devices via DEP, but still manage them through MDM. Just drop us a line to find out how.
7. It should not affect your Volume Purchase Programme (VPP) purchases.
Apple added a new managed distribution option to their Volume Purchasing Programme a while ago. With MDM you can now push apps out wirelessly without ever needing to type in a password on the iPad. Ask us to explain managed app distribution – the best way by far to deploy your apps.
Here’s our final discussion topic from BETT 2015: why we recommend Apple for education. Here’s a breakdown of our top five reasons why we think Apple in education is the way forward.
Yes, we’re an Apple Solution Expert for Education: so obviously we wear the Apple nerd hat with pride. But, when it comes to education, you really can’t get any better than Apple. Here’s a breakdown of our top five favourite Apple features that we think make them top of the class.
1. iTunes and the App Store
There are currently over 75,000 education apps on the App store, with a large proportion of these being available as free downloads. With the introduction of the new Computing curriculum seeing students learning about coding in lessons, what better resource to make use of than the App Store? Incidentally there’s a great range of apps both free and paid for to help children of all key stages learn and practice their coding skills. Its not all tech based though – there are apps to help with all subjects from maths and biology to music. Keep an eye on our education app of the week blog to see our pick of recommended apps.
2. iTunes U
iTunes U is a dedicated destination within iTunes solely dedicated to education content. It’s packed with resources like lectures, videos and books, all available for free for both teachers and pupils to take advantage of. Educational institutions including Stanford, Yale, MiT, Oxford and the New York Public Library all have material on iTunes U that is free to browse. As well as looking at existing content, you can also use iTunes U for free content hosting for lesson materials and creating your own course – a service which we can help you with. Teaching staff can assign students homework to do via iTunes U, with students being able to log time and complete tasks as they do them.
3. Volume Purchase Programme (VPP) for Education
VPP lets you purchase App Store apps and interactive books that are great for education, at educational institution special pricing. Buy apps in volume for both iOS and Mac through the VPP store and distribute them to individual users with redeemable codes or distribute to groups using a mobile device management (MDM) solution.
Schools can get a 50% discount when purchasing apps in quantities of 20 or more through VPP, with iBooks also being included in this.
4. Continuing professional development training (CPD)
When new technology is introduced into education, it’s important to make sure that your staff are clued up on how to use it. Through our e7 iPad scheme, we offer continuing professional development (CPD) training which focuses on giving SLT, teaching staff and technical team the chance to explore the potential of iPad in the classroom, and feel confident about using it in their subject areas.
5. iBooks Author
Available free on the App Store, iBooks Author allows anyone to create iBooks textbooks for iPad and Mac. iBooks Author provides teaching staff with the opportunity to create their own textbooks, which can easily be edited to keep up with the changing curriculum. Using iBooks Author can easily save your school money too – by eliminating the cost of buying new textbooks every year.
Apple’s Device Enrolment Programme or DEP is something you’re going to be hearing more and more about over the coming months. For those of you who don’t know what DEP is or want to find out how it will affect you, we’ve put together a simple guide to run you through the programme, and how it will affect you for any future or past purchases you’ve made with Jigsaw24.
What is it?
In as few words as possible the Device Enrolment Programme (DEP) is a new ‘zero touch’ service from Apple that helps businesses and education institutions easily deploy and manage iPad, iPhone and Mac devices that are purchased directly from Apple or an Apple Authorised Reseller (like us).
In a few more words, DEP makes your existing MDM solution even more hands-off, by allowing the institution to send its preferred settings straight to Apple, who then installs these on your devices as soon as users turn their new devices on. Ideally, you’ll already have an MDM solution in place, but if not, keep on reading for more information about our range of hosted and managed services.
The introduction of DEP with MDM makes deploying and delivering new devices across your institution a speedy process, and ensures that new devices are protected and restricted as soon as the user switches them on. It cuts out the lengthy process of having to manually add the right configurations to devices every time a new member of staff starts, or you purchase a new device.
How does DEP work?
DEP works by applying MDM settings to your devices automatically during setup when they’re first turned on, simplifying the process for IT and end-users. When you buy a new device for your business, you can enrol your devices into the DEP and they’ll automatically have the correct MDM profile and permissions installed when they are first switched on. This means your devices are ready for you to deploy and distribute straight away.
What devices does it cover?
Devices including iPad, iPhone and Mac can all be enrolled in the DEP. It’s worth noting that all new purchases are automatically enrolled in DEP, and any devices that were purchased after March 2011 can also be enrolled. If you enrol your existing devices in to the DEP you’ll need to make sure you’ve associated your devices with the reseller you purchased them from. Our Jigsaw24 Reseller ID is 2287450. To enrol your devices in the DEP click here.
How does it work with MDM?
To use DEP with your MDM solution you need to register your MDM server with Apple so that their servers will remember the configurations you like to deploy to your different types of users. You’ll then get sent a ‘token’ for your MDM server that identifies it to Apple. When you add new hardware to your institution or reload the operating system of your existing hardware, Apple will effectively see your organisation’s token and apply the setup you specified automatically through DEP when you turn the device on for the first time – meaning you wont have to apply the same settings and restrictions every time you get a new device or reload the operating system on an existing one.
What if I don’t have an MDM solution?
DEP will simplify your device deployments, but requires MDM to work. So although you may not yet be using an MDM solution, we would recommend it, as it will save your IT department and users time and stress.
We can provide you with an MDM solution to meet your needs, whether you want to manage it yourself or have it as managed service, host it on premise or in the cloud. Check out our managed supply services here.
What does this mean for education?
MDM is a way to control iPad and install apps on them in bulk without having to collect them all and plug them in. You gain wireless control of restrictions, apps, books, camera functions, the ability to reset forgotten passcodes, and force a class of iPad into a specific app for pupil focus. We recommend MDM as the best way to manage iPad.
All your institution-owned devices can now be enrolled in DEP and associated with an MDM solution. Meaning that whether you use iPad, Mac or iPhone your devices will be configured with your MDM solution as soon as you turn them on. Any existing devices your institution owns can be enrolled in DEP too, as long as they were purchased after March 2011.
So if you were to roll out iPad on a 1:1 basic school-wide with our e7 scheme, your new devices will be enrolled in the DEP and will arrive at your school ready to be configured with the permissions and access rights set up by your MDM solution as soon as you switch them on.
What does it mean for business?
DEP provides a fast and streamlined way to deploy your corporate-owned iOS devices, by automating enrolment in MDM and the supervision of devices during setup. To enrol your corporate-owned devices that were purchased after March 2011 into DEP you’ll need to create an Apple Deployment Programme account and provide Apple with some basic information about your business, including details about your hardware purchases made directly from Apple or an Apple Authorised Reseller (that’s us). You can do this here.
Once you’ve done this you can create and assign people as additional administrators, who are responsible for managing and configuring your corporate-owned devices.
What if I have Apple Configurator?
You have the option to transition to DEP. However, Apple does not allow supervision of devices with configurator if that device is registered to the DEP profile. So you can set up devices with DEP or Configurator, but not both on the same device. If you already have devices enrolled with Apple configurator or an MDM solution using Apple configurator, these can be wiped and re-enrolled to the DEP.
Enhancements to Volume Purchase Programme (VPP)
Volume Purchase Programme now allows for a ‘managed distribution’ model. This model assigns apps to AppleIDs instead of devices, so that apps can appear on the devices without anyone having to type in a password or agree to the installation. Apps can install silently and be ready to use without intervention. Your MDM solution needs to understand who the users are in your organisation and what their AppleIDs are. You can now upload a ‘token’ from the VPP programme that indicates the apps that you’ve purchased. In your MDM interface, you can now assign apps to groups of users, resulting in only specific AppleIDs getting access to apps.
Setting up your Mac (whether that be iMac, Mac mini, MacBook Pro or MacBook Air) as a server within your business makes it easier than ever for people in your organisation to collaborate, communicate and share information. Once your Mac is set up and running with the OS X Server app you can begin to use the Profile Manager tool for easy mobile management of you’re your employees’ devices.
The Profile Manager tool allows you to manage a whole host of mobile devices. From a business perspective, using your Mac as a server gives you control over what your devices have access to and what data your employees can share. Here’s a run down of what you can do in the Profile Manager tool:
Profile Manager simplifies deploying, configuring and managing your Mac computers and iOS devices in your business. It’s one place where you can control everything. In Profile Manager you can:
– Create profiles to set up user accounts for Mail, Calendar, Contacts and Messages.
– Configure system settings.
– Enforce restrictions.
– Set PIN and password policies.
– Simplify the distribution of apps and books purchased through the Volume Purchase Programme.
– Give users access to self-service web portals where they can download and install new configuration profiles.
– Clear passcodes and remotely lock or wipe Mac, iPhone or iPad if it’s been lost or stolen.
– Profile Manager also supports new Continuity features in Yosemite like Handoff.
Profile Manager can also be used in tandem with enterprise MDM solutions for better management of devices. We sell several solutions for this, including JAMF’s Casper Suite, which you can read about in more detail here.
We’ve got plenty of amazing partners here at Jigsaw24 – Adobe, Apple, HP and Cisco to name just a few (you can see a more comprehensive list here). But a few months ago we added a new accreditation to our IT belt and became an official AirWatch partner. Never heard of it? Here’s what you need to know…
What is AirWatch?
AirWatch is a mobile device management solution that can handle iOS, Android and Windows Phone devices – one of the few solutions that can cater to all three platforms, plus Symbian and several other smaller players. It’s a suite of solutions that allows your users to connect to your network and systems, edit documents and share files all with complete confidence that their work is secure.
While they’ve been in the news recently thanks to a buyout by VMware, the AirWatch team have been successfully securing devices since 2003, and are still very much in charge of their own ship.
What are the key benefits of AirWatch?
Secure access to email, WiFi and VPN networks User authentication using AD/LDAP is backed up by certificate based access to all your other services and networks, plus secure distribution of documents and apps. It even meets FIPS Publication 140-2 compliance standards for data protection.
Improved visibility AirWatch constantly monitors which devices are connected to your network and makes sure no unauthorised devices or blacklisted apps have found their way on. This is all reported back to your AirWatch admins, who can then block access to services, lock and wipe any lost or stolen devices and more.
Simple, secure document sharing AirWatch Secure Content Locker lets employees distribute sensitive documents using a 256-bit SSL connection. Your admin team can block certain types of user or device from viewing these documents, turn off functions like copying and pasting, and even automatically wipe documents from devices.
VPN on demand With AirWatch VPN On Demand, your team can specify that users must use a VPN to access certain networks or file systems. Every time a user tries to log in, AirWatch will generate a secure VPN tunnel in the background so that they can access the system seamlessly and securely.
Best of all, AirWatch does all this on a single, scalable platform that supports all kinds of devices running different operating systems. No matter how many mobile devices you have or how disparate they are, you’ll only ever have to manage one AirWatch system. This scalable, centralised management has made it popular with organisations like multi-site businesses and NHS Trusts.
iPad was the first tablet to introduce 256-bit encryption, and includes four levels of security. Protection at device, network, data and platform level mean that iOS is now one of the securest platforms available. Testament to its security, iPad and iPhone been given clearance for Impact level 3 work by CESG, meaning it can be used for restricted work.
iOS is designed to secure the contents of your iPad and iPhone from the moment you turn it on
As with the Mac, Apple make both the hardware and the software. On a hardware level, features such as app sandboxing, ASLR and the 256-bit encryption engine help protect against malware and viruses, whereas tools within iOS further secure data and personal information.
Within the operating system, apps requesting information or data from Calendar, Contacts, Reminders and Photos will ask for your permission in order for them to proceed. Support for a passcode means that you can prevent unauthorised access to the device, and it can even be set up so that too many failed attempts results in data on the device being deleted.
iOS is also completely compatible with a range of mobile device management solutions. While Apple Configurator will allow you to deploy profiles and the Find my iPhone functionality lets you locate and wipe lost devices, with MDM, you can ensure that all devices have encryption turned on, can monitor usage and restrict access to different apps. It’s also possible to partially wipe only information rather than the entire contents.
Steps for ensuring that data is encrypted
In light of a number of high profile cases where organisations have been fined for data being lost through device theft, it’s more important than ever to ensure that you can guarantee that all sensitive information on devices is secure and encrypted.
If devices are enrolled in a management solution, such as Casper Suite or Absolute Manage, then IT teams have complete control. Should the device go missing, it can be completely wiped of sensitive information. In addition, if the device is enrolled in a backup solution like Code42 CrashPlan PROe, the user can have profiles, preferences and data remotely reinstalled on a new device.
1. Get a management solution – whichever you choose, it’s important to enrol devices (computers, tablets and phones) into a solution that includes remote wipe functionality.
2. Within the management solution, IT can run a report on all devices in the environment that don’t have data encryption.
3. Remotely inform users that they should have disc encryption enabled.
The Casper Suite is all about making the life of system administrators easier by improving management and deployment of Apple Mac and iOS devices. And JAMF’s own accredited courses are designed to make it easier to learn and develop the skills necessary to get the most out of Casper Suite.
Whether you’re just about to get started with Casper Suite or want a refresh in best practice, these courses are essential if you want to manage OS X and iOS devices. Below, we’ve given you a breakdown of the three courses that JAMF are running in the new year in the UK. Take a look and give us a call on 03332 409 306 or drop us an email at services@Jigsaw24.com if you have any questions about pricing or availability.
Certified Suite Essentials (CSE) – To learn the basics of Casper
London on 15th-16th May
What is it? It’s a two-day course that’s perfect for anyone who is completely new to the Casper Suite or looking for a bit of a refresh. It’s focused around hands-on exercises that cover common management tasks for OS X and iOS devices, with the aim of building a solid foundation and providing core information for day-to-day management.
What’s covered? JAMF Software Server (JSS) administration basics, enrolment methods, inventory and reporting, building and managing packages, managing policies and profiles, imaging, Self Service, mobile device management, and app and eBook distribution.
Who’s it for? Anyone new to Casper or looking for a refresh, but has basic OS X and iOS familiarity.
Certified Casper Administrator (CCA) – To become a Casper expert
London on 15th-17th April
What is it? This is the original Casper Suite certification. It’s a three-day course that consists of hands-on exercises (not the strenuous kind) that challenge system administrators to demonstrate just how good they are at OS X management with the Casper Suite.
What’s covered? Inventory (including acquiring computers, generating inventory reports, tracking licensed software, application usage and extension attributes), Packaging (including fundamentals, creating OS and application packages and best practices), Management (including deploying software and updates, running scripts, Self Service, Managed Preferences and restricted software), and Imaging (configurations, autorun data, pre-stage images).
Who’s it for? System administrators with 3 months’ experience with Casper Suite, and who have received JumpStart or attended the Casper Suite (CSE) course.
Certified Mobile Administrator (CMA) – To become a mobile expert
London on 18th-19th April
What is it? This is a two-day, hands-on course designed for Casper Suite administrators managing iOS devices. It covers many aspects of provisioning, deployment and management required for iOS deployments. The course is focused on building complete iOS workflows that account for the entire lifecycle of the devices in your organisation. Both Casper Suite and Apple tools for managing iOS devices (such as iTunes, Xcode and iPhone Configuration Utility) are covered in depth.
What’s covered? iOS settings management, mobile device management framework configuration, app distribution, remote management functions, iOS device inventory collection, Sync Station (OS X) provisioning and management, common iOS distribution and management workflows.
Who’s it for? Casper Suite administrators with basic iOS and OS X familiarity.
When they decided to roll out 1700 company iPhones in a single day, all with their company app pre-installed, LNT Group knew they would need a formidable Mobile Device Management (MDM) solution. We set them up with the ideal solution for their deployment, and helped them get the best price for their ever- growing number of licences…
Making staff feel like ‘part of the family’
Comprised of five different companies and delivering everything from care homes to race cars, LNT Group have grown from a family company to a firm of almost 2000 employees. “We decided to roll out smartphones now because as our company grows across the UK, we’re finding it harder to make people feel like part of the core business, part of the family here at LNT,” explained Leigh Ellis, LNT Group’s communications and marketing developer. “One of the ways we thought we could do that was to give everyone in the company a mobile device, so that they could be involved in the company remotely.”
Leigh and his team chose iPhones because existing users in the company had fed back that “iPhone was really easy to use, people just seemed to be able to pick them up and use them straight away, without the need for much training.” There was also the feeling that a smartphone would “feel like a present” more than a standard device, and give employees the inclusive morale boost that LNT thought was needed.
Developing an in-house app
As well as handing out iPhones, the company decided to build their own in-house app, iLNT. “Although we could probably have found a solution of apps that worked together to create what we needed, we thought that if we created one app that had it all in one place, it’d be much easier for staff to use,” explained Leigh. “Some of the things that people can use our app to do include receiving the latest news and updates from the group, so that they know what’s going on here at head office and feel like part of the family. We also wanted them to be able to communicate with us, and again that’s another feature of the app. They can send us suggestions, they can send messages direct to the chairman as well.”
As well as keeping staff up to date with the latest company news and allowing them to send key messages to individuals or sectors within the group, iLNT allows staff to clock in and out, book holidays and perform other HR tasks – all of which helps to encourage staff to use their phones every day and therefore give LNT Group the best return on their investment.
Deploying 1700 devices
The LNT Group’s chairmen felt that making an event of the iPhone launch and giving everyone in the organisation their device on the same day was key to creating a buzz about the scheme and making sure staff were excited by it. However, it meant that LNT Group’s eight-strong IT team would have to roll out 1700 devices at once, register them to the company, install iLNT on each and handle any teething problems – all in a single day.
Leigh immediately began comparing MDM solutions to find one that would ensure the rollout went smoothly. “I compared about 20 different companies in the market. I managed to narrow it down to about five that had all the features that we’d need, and the one that came out on top from an ease of use point of view, as well as many other things, was Absolute Manage. It really seemed to do everything we needed, and not only that but it did everything we’d have liked it to do as well, and it did it in an easy to use package.”
For the initial rollout, the key thing about Absolute was that everything could be automated. The iPhones would be enrolled on the group’s system automatically, and LNT could create their own app store to push out iLNT updates to employees who didn’t have iTunes accounts. “Originally we thought there might be some problems with it taking too long on each individual enrolment,” explained Leigh, “but we went to Absolute support about this and they were very forthcoming in giving us a solution where we could speed it all up and automate the process.”
Since the rollout, Absolute Manage MDM has continued to shine. “We can track all the devices, we can make sure that they’re all safe, and we can make sure that everything that goes out to the phones is secure and restricted,” said Leigh. “And in fact, if anyone’s not using their phone we can see that [using Absolute Manage MDM’s use tracking tools] and go to them and say, ‘what do we need to do to get you using your phone?’ It might just be a case of training, or it might be the case that they need something else on the phone so they can use it better.”
Supporting and maintaining the deployment
“The great thing about Absolute MDM was that we really didn’t need any training – the software just worked exactly how we expected it to and everything was where we needed it to be,” said Leigh. “We have a team of eight IT support staff here, and it’s been so easy that we haven’t even needed all of those to run the support for the phones. It’s down to one person to do it, and they’re managing that very easily. On the couple of occasions when we have needed support, [Absolute’s team] have been very quick.”
The response from staff
“The staff response to the iPhones has been excellent – better than expected, actually,” said Leigh. “When we rolled out this many phones we thought we might get quite a few teething problems, but actually staff have taken to the phones really well, they’re all using them every day, and we can see that from the tracking reports.”
“When I first found out about the iPhone scheme I was quite sceptical to be honest, I didn’t think it would work,” said Matthew Crumpton, LNT Group’s resident videographer, who uses the iLNT app to push out training videos to staff phones. “But now that I’ve seen it happen, it’s really impressive. I thought all the stuff about the new app and the things it can do was quite groundbreaking. It’s kept me in touch with all my work colleagues as I was up and down the country travelling with Ginetta and Ideal Care Homes, and it’s allowed me to do HR tasks – booking holidays, clocking in and clocking out when I’m in different places, it’s revolutionised the way I do my job.
“We can send out messages as often as we want to particular parts of the company, so if you only want to send out a message to construction or people in Ideal Care Homes or people in a particular care home, say in Newark, we can send out a message, and it keeps it feeling like a family business. And as the company’s grown and got bigger and expanded its staff, that we can still keep in touch like that is fantastic.”
Most of the staff have found it easy to get to grips with their phones, and any support issues are usually resolved quickly. “Leigh does receive quite a few calls every day, but they’re usually quick fixes and it’s usually just people who aren’t familiar with using the phones,” says Matthew. “Some of them were quite sceptical about using iPhones at first, but I think as their confidence in the phones grows and they see other staff members benefitting from them, they do start to use them a lot more.”
Constantly expanding the scheme
“With every member of staff here at LNT receiving a new phone, and new care homes opening every month, we’re constantly rolling out new phones to staff, and every time we do we’re constantly learning a bit more about how to roll out and get the best out of these phones,” said Leigh, who also makes sure that the iLNT app is regularly updated with new features. “For anyone looking to roll out mobile devices at the minute, I really would suggest Absolute as the main product to use. It’s really taken away a lot of time from our workload, and because it’s invisible to the end user, they don’t even need to know how to use it, it just works.”
“I think the success of the scheme here at LNT proves that it can be such a success at any company,” agreed Matthew. “We were new to it when we started, we threw ourselves in at the deep end and we didn’t really know what we were getting ourselves into, but it’s proved an amazing success and I’d definitely recommend it to other companies.”