Apple Specific Considerations

Chapter Status: Very Rough Draft

ForFileWave loves Apple, and so do our customers.  If you happen to be one of the organizations that have chosen to incorporate Apple devices into their infrastructure, from iPads to MacBooks, here are some crucial considerations for a successful refresh and re-enrollment:

The Apple Program Considerations

You no doubt already know about the various Apple Programs, such as ABM/ASM/VPP/DEP/MDM and even APN.  Each of these programs, explained below, provide critical roles during device enrollment.  As with everything else (re)enrollment, pre-work is good work, and each program has it's own pre-requisites (and sometimes lead-time).  You'll want to review the specifics of each below:

Apple Push Notification (APN)

Apple Push Notifications are the method by which FileWave initiates communication with your devices through the Apple MDM framework.  Every FileWave server must have a valid APN token assigned, and it must be refreshed annually.  Before any major project, you should make sure your APN has plenty of life left (and you can renew early).

Apple School Manager/Apple Business Manager Integration (ASM/ABM)

Apple School Manager (for educational institutions) and Apple Business Manager (for businesses) are central to the administration of Apple devices. When integrated with FileWave, these platforms provide granular control and enhanced capabilities. They allow you to:

• Purchase and distribute apps and books in volume: Ensuring the right apps are available for the right users at the right time.
• Create Managed Apple IDs for students and staff: Managed Apple IDs provide a suite of services, including iCloud, collaboration with iWork, and Classroom for student-teacher interaction.
• Configure and update device settings: You can set up device configurations, restrictions, and more, ensuring the devices align with the organization's security policies and operational needs.

But, you can't use these programs if they aren't established and integrated with FileWave.  So, in particular if you are setting up a new environment, you'll want to give yourself plenty of time before your project to enroll.

Volume Purchase Program (VPP) and Device Enrollment Program (DEP)

The VPP and DEP play a critical role in managing applications and automating device enrollments. Their integration with FileWave allows for:

• Pre-installationassignment of essential apps:apps/licenses: Save time by pre-loadingassigning devices with required software before they land in the user's hands.
• Automatic device enrollment: With DEP, devices are automatically enrolled into your management system when activated, ensuring they are immediately ready for use.use, and remain under management
  
• Efficient

tracking

VPP and DEP also require initial setup, and shouldn't be left to the last minute.  DEP profiles control device configuration at setup time, and you'll want to make sure you procure all licenses through VPP well ahead of time to avoid last-minute congestion on Apple systems.  (Remember you aren't the only organization enrolling 5,000 devices today).

Using FileWave's DEP profile assignment wizard is a great way to pre-configure your devices automatically, even before they leave the box.

Apple MDM Framework (and known issues)

Apple were very innovative with the creation of the MDM framework, and it allows for controlled management of devices:endpoints Withthrough known, controlled mechanisms.  It is very structured, and means that MDM vendors provide support in very common and defined manners.  Knowing for instance that an MDM command to InstallApplication X won't be able to run until the push notification is able to be sent to the device plays into your capacity planning for (re)enrollment.  So, it is structured, but it (like any other system) isn't perfect and there are some additional recommendations we'd make to ensure success:

• Work ahead as much as possible, especially with application licenses...during times of very larger enrollments (particularly in schools in the early fall) there can be tremendous load on Apple services, slowing down throughput...but if you licensed 3 days before you need them, you have no worries
  
• Only purchase what you actually need
  • Many customers say "the license is free, so I'll buy 10,000 even though I need 100".  Don't do that.  Every license you purchase does create system load, even if you don't end up using it.  It can massively impact VPP sync time, so less is more here.
• Eliminate Antiquated applications
  • There have been reports of iPads, in particular, having an issue when applications are assigned to them that are no longer available in the App store.  In certain circumstances, attempted installation of these apps can make the mdm client stop responding on the device, and a centralizedreboot viewrequired.
  • For best results, try to keep your list of allapplications devices,in the environment as lean as you cancan...organization managestandards and monitorapproval processes here can be quite useful
  • Identify and remove "no longer available" applications from your entiredevice fleetassignments
  effectively.
• Keep a mindful eye
  • There have been reports (and we have witnessed it internally as well) of macOS mdm clients dying over time.  We believe Apple are working on addressing this issue, but in the meantime, please see <this> article on working around this particular issue

UpdatesUse andthe App ManagementKiosk

GivenWith Apple'sall consistentplatforms, OSbut updatesparticularly iOS/iPadOS, using the Kiosk to allow your customers to easily and aeffectively largeinstall varietypre-approved of apps on the App Store, effective strategies for updatesapplications and appprofiles managementwill are crucial. FileWave allowshelp you to:both:

• ScheduleMaintain updatesyour to occur outside of working hours to prevent disruption.sanity
• AutomateMean installation and update of necessary apps, keepingthat your fleetcustomers up-to-datecan andinstall secure.
any
• Trackneeded andapp, managewhenever appthey licenses,need ensuring compliance and efficient use of resources.it

By considering these manufacturer-specific aspects and leveraging FileWave's integrations and capabilities, you can ensure a smooth and efficient device refresh or re-enrollment process.