If you haven’t already started to support it in your own environment, there is a great deal of activity centered around applications on mobile devices in the enterprise. There are various tools and solutions to assist. Ranging from application development, Mobile Application Management (MAM), and Mobile Device Management (MDM) solutions.
Here is a quick link to an article that sums it up pretty well:
I think the main unknown at this time is how the new Microsoft Windows 8 platform will provide the ability to support an Enterprise App Store for private in-house coded applications, not provided on the public Windows App Store.
I have gathered up a good overview of the new features for both iOS 6 and iPhone 5 that may be helpful from the various news and announcements earlier today.
I have compressed the information in some brief tables to better organize the information and content.
iOS 6 Cheat Sheet
This latest iOS release provides a slew of new features. While mostly geared to the consumer market, here is a possible list of business related features known at this time that may be beneficial to have knowledge of or promote.
|Area ||Description |
General public availability on September 19th. Over-The-Air upgrades on support models running iOS 5 or above.
iPhone 4 (CDMA & GSM)
iPod Touch 4th Gen
iPad 2 (WiFi, WiFi + 3G - CDMA & GSM)
iPad 3rd Gen (WiFi + CDMA & GSM)
iPad 1st Gen – Last iOS supported will be 5.1.1.
The Golden Master (GM) image is available starting September 12th to all developers for application testing before public availability.
Pictures and overview: http://www.apple.com/ios/whats-new/
Detailed overview: http://en.wikipedia.org/wiki/IOS_version_history
Not all the new iOS 6 features will be available in all countries such as maps, local search information, and language dictation. Please see: http://www.apple.com/ios/feature-availability/
Features – Business
(in random order)
Hands free operation:
- Siri can read items from Notification Center.
- "Eyes Free", allowing car companies to build-in Siri integration
- New app that manages a user's boarding passes, movie tickets, retail coupons, loyalty cards, etc. in one app.
- Passes are updated in real time if changes are made (e.g. spending money on a store card, flight time, gate change, etc.).
- Passes are location and time-based, appearing on the lock screen when relevant.
- "Bluetooth" moved to top of Settings list.
- Added "Do Not Disturb" mode, allowing users to avoid calls and notifications unless calling parties are on the user's Favorites group.
- New Privacy Controls. Apps must now ask for permission to access the users photos, calendars, contacts and reminders.
- "Wi-Fi plus cellular" option added under "Cellular", to allow apps to use data over cellular if experiencing issues establishing connection through Wi-Fi.
- Adds phone icon on lock screen for additional ignoring options, similar to the camera sliding icon on the lock screen in iOS 5.1.
- When ignoring a call, the user can message the caller or set a Reminder to call them back later or send one of three customizable quick SMS response.
- VIP inbox stars important emails from user defined VIP group members.
- Flagged emails inbox.
- Attach photos and videos quickly with a long-press.
- Open password-protected Microsoft Office documents.
- Added Pull-to-Refresh gesture to update Mail accounts.
- Per account Signatures.
- Search All Fields.
- Custom Vibrations for Text Message Notifications
- Fullscreen landscape mode (for iPhone 3GS and newer; iPod Touch (4th generation) and newer).
- iCloud tab syncing across iOS devices and Macs.
- Offline reading list caches the user's reading list for later use, even when not connected to the Internet (not available for iPhone 3GS and iPod Touch (4th generation)).
- Support up to 25 open tabs on iPad.
- Removed as an integrated app due to an ended licensing deal with Google. Google created a stand-alone YouTube app for the App Store that was available for download on September 11, 2012.
- If iPhone is lost, Lost Mode triggers an attention grabbing sound, prompting the person who finds the iPhone to call a specific number set by the owner remotely.
- Global Network proxy for HTTP.
- IPv6 support for Wi-Fi and LTE.
- Kernel Address Space Layout Randomization added.
- Updating an app no longer requires the iTunes password to be entered.
- Install free apps without an Apple ID. (feature however appears to be removed since beta?)
Accessibility Guided Access:
- Allows user to lock exiting of the app in Single App Mode.
- Allows users to disable certain controls within a specific app.
- Locks the home button from being used to act like a kiosk.
iPhone 5 Cheat Sheet
All-in-all an impressive new device it appears. A quick run down of the technical details is below, although there are some gaps that I list afterwards.
For end-users that have already chosen iOS over Android in today’s market, the iPhone 5 brings a larger screen and the same ease of use if your end-users are comfortable with the iOS platform. The LTE connectivity and faster CPU will also assist the power and information hungry end-users. All is the lightest phone device Apple has created so far.
|Area ||Description |
Pre-orders start on Friday September 14th. Shipping on September 21st in the US, Canada, UK, Germany, France, Australia, Japan, Hong Kong and Singapore. 22 more countries starting on September 28th.
Same price as the 4S in the US. $199 for 16GB. $299 for 32GB, $399 for 64GB. iPhone 4 is now free on contract. iPhone 4S is now $99 on contract.
Audio - Mics
The audio system - there are three microphones. Front, bottom, and back. This is for voice recognition and noise cancelation.
Audio - Speaker
|Five magnets in the transducer, a new speaker design, and is smaller overall — 20% smaller than the iPhone 4S speaker. |
Audio - MO
"wideband audio" Your voice will sound more natural. It requires Mobile Operator (MO) partnership.
Camera - Back
8-megapixel, 3,264 x 2,448 backside-illuminated sensor, five-element lens and f/2.4 aperture. Same as the iPhone 4S but thinner.
Camera - Features
A new dynamic low light mode. It evaluates nearby pixels to give up to 2 f-stops greater low-light performance.
A new image processor in the A6 to reduce noise and includes a so-called "smart filter" to do better at color-matching. 40% faster image capture.
Camera - Panorama
Panorama pictures by sweeping your phone. A 28 megapixel resulting image.
(Also supported on iPhone 4S running iOS 6, I tested it!)
Camera - Front
The front-facing camera is now 720p, backside illuminated.
1080p still but with better video stabilization and facial recognition.
8 hours of 3G or LTE talk time or browsing. 10 hours on WiFi browsing.
New A6 chip. 2X faster CPU and 2x graphics compared to the A5. Running 1.2 or 1.6Ghz probably.
Radio - WiFi
802.11a/b/g/n. Now added 5Ghz support for 802.11n together with 2.4Ghz. Up to 150Mbps.
Radio - MO
GPRS, EDGE, EV-DO, HSPA, HSPA+, DC-HSDPA and LTE.
In the US: Sprint, AT&T and Verizion. All will support LTE.
Please see http://www.apple.com/iphone/LTE/ for the 3 models to choose from.
Radio - SIM
It will use a newer “nano-SIM” instead of the current micro-SIM card. So even a tad smaller and not compatible.
326ppi Retina display, 4-inches. 1136 x 640 resolution. Same width, but taller.
Weighs 112 grams. 20% lighter than the 4S at 146 grams. 7.6mm thick, 18% thinner than before. Made entirely of glass and aluminum.
The white version has a raw aluminum back. The black one has the black anodized backing.
Called “Lightning”. Adaptors will be available from the old 30-pin connector for $29 in October. Double sided, so you can plug it in either way.
Pictures and overview: http://www.apple.com/iphone/features/
Lacking features other devices on the market now have:
- NFC - Near Field Communications (many newer Android and Windows Phone devices)
- Wireless charging (Nokia Lumia 920)
Some brief statements from Apple:
On the Mobile Operator side:
- No China Mobile support it appears.
- No support for the 800Mhz and 2600mhz frequency bands for other countries in Europe.
Something that many global customers are asking for is VPP support outside of the United States for their end-users. It appears that day has finally arrived.
As of today the following countries have now been added:
No word if additional countries will be added later on, but it appears to be a similar approach as to any AppStore changes with the larger ones first. For the latest always hit up the main page here: http://www.apple.com/business/vpp/.
To access and purchase apps in each county necessary it appears, you must use your VPP Apple ID with the correct country store link with the 2-character country code. This table also provides the current link (could change in the future) of the local language VPP Guide if you need it:
You can also jump from one to another once you are logged in. PayPal payment is only accepted in the United States. Other local payment options may vary depending on the country.
I have not yet tried a full test with a MDM solution, so your MDM success may vary until each vendor comes out with clear support statements.
The Apple Configurator v1.1 fixes some problems using VPP vouchers, so if you are using that, make sure you update it. See http://support.apple.com/kb/HT5339 for more info.
For the developers out there, please see https://developer.apple.com/programs/volume/.
BTW, on the separated Apple Education side, it currently appears that the additional countries are not quite yet active, http://www.apple.com/education/volume-purchase-program/. I would assume they would follow rapidly if there are no hiccups on the business side.
Let me know how the new country work out for your deployment needs!
It’s a little late, but I’m first now catching up on some of the recent news. :-) With the BlackHat and DefCon conferences in Las Vegas recently completed, there was a flurry of security news happening last few months. Here is a brief run-down of some highlights I found as it possibly affects the mobile computing world.
Slow patching puts Android users at further risk:
Take away: Android Beam (via NFC or Bluetooth) vulnerabilities to execute files, down-level OS and apps still being used by mobile operators.
Tools released at Defcon can crack widely used PPTP encryption in under a day:
Take away: Stop using PPTP VPN and WPA2 Enterprise, use IPSec or OpenVPN and don’t use WPA2 for WiFi if using MS-CHAPv2 authentication..
Inside how Google scans for Malware:
Whitepaper of their findings: https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf
Take away: Google bouncer app verification holes, how to make your internal or public applications more secure.
BTW, Google has now updated their Developer policy per August 1st 2012 (unknown if Trustwave helped pushed this along): http://play.google.com/about/developer-content-policy.html.
Google now is combatting spam, malware, and SMS/email usage. Any app updates after 30 days of this new policy and don’t comply are subject to warning or removal from Google Play immediately. This is excellent news!
Devices scanned on Mobile Networks:
Takeaway: If deploying on a public mobile network, especially M2M devices, make sure the devices can be locked down in some fashion. Reminds me of the old modem war-dailing days. :-)
Advanced Android Exploitation with AFE (Android Framework for Exploitation):
Takeaway: The Android platform could quickly become infested with bot networks as the current Windows platform. Understand malware and secure against it.
Apple iOS SMS Security Vulnerability
Takeaway: Careful to take basic communications as granted, SMS spoofing exists on any platform. Apple states it’s iMessage verifies addresses.
A component that most Mobile Device Management (MDM) products use today is the Simple Certificate Enrollment Protocol (SCEP). This was propelled by the use from Apple for iOS 4 devices in 2010, and Cisco and VeriSign who designed it in early 2000. The protocol was designed to make the issuing and revocation of digital certificates as scalable as possible. Especially its usage in MDM solutions for the growing BYOD footprint could be of a concern.
US Computer Emergency Readiness Team (US-CERT) released this Vulnerability Note #971035 on June 27th: http://www.kb.cert.org/vuls/id/971035
It stated: “An attacker could elevate their permissions by requesting a certificate of a different, possibly higher privileged user that would allow them to access resources that they would not otherwise be able to access.”
Certified Security Solutions (CSS) is credited to report the vulnerability and more exact details are documented in their 8-page whitepaper here: http://www.css-security.com/wp-content/uploads/2012/05/SCEP-and-Untrusted-Devices.pdf
A 12 minute video demoing the vulnerability and security overview is available here: http://www.css-security.com/scep/
Mark Diodati from Gartner has pointed out that the following vendors have modified or proxied their SCEP enrollment process so better validation of the distinguished name is performed to better protect against this potential vulnerability:
AirWatch, Good Technology, Fiberlink, MobileIron, and Zenprise
The same can also be said about Silverback MDM, and probably several other vendors. If you are concerned you should ping your vendor and get more details.
But as Ted Shorter from CSS also points out his blog article, even if the various products in use might not be directly affected, it’s important to look at the full solution and what potential risks you may have and how it is implemented.
As the US-CERT posting highlights, the IETF Draft for SCEP has since March 2011 also mentioned other solutions such as Certificate Management Protocol (CMP) [RFC4210] and Certificate Management over CMS (CMC) [RFC5272] that have more comprehensive functionality. And “implementers are encouraged to support one of these comprehensive standards track certificate management protocols in addition to the protocol defined in this specification”.
As the market matures further with Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) I would suspect an increase in functionality and use of newer security standards and processes. With all the MDM products on the market, the top players continue to add features that they hope will differentiate themselves better.
The new folks over at Deloitte Digital have put together a nice infographic that even compares your new shiny mobile device to your toothbrush. And I know all of you out there are already using your devices while out shopping and just waiting to use NFC. :-)
Head over to my Pinterest page if you want to check out my collection of Infographics and let me know if you have some good ones!
More for the channel readers out there, but a quick plug for an article where I was quoted talking about the importance of MDM solutions, the changing business landscape of BYOD and also understanding all the infrastructure aspects surrounding mobile platforms today.
See the full article here:
A colleague of mine gave me a heads up on this new piece of documentation that Apple released without any public fanfare. But quietly slipped it into links on the http://www.apple.com/ipad/business/ and http://www.apple.com/iphone/business/ web sites.
iOS Security – May 2012:
It’s a 20 page light read that goes in some depth about the various security processes and features within the Apple operating system. Hopefully this indicates a change of documentation from Apple and who knows what iOS 6 could bring around the corner. :-)
Distracted Driving is something even I am guilty of. Various voice solutions on the main mobile platforms are starting to assist with hands free support in vehicles, but at times it still doesn’t appear to be perfect and very dangerous to do when driving down the street or highway in a half-ton moving object.
As the continued usage of mobile devices increase, a higher number of consumers use devices while driving. This carries directly over to corporate usage, as more companies deploy mobile devices to their workforce. In the United States, increased local, state and federal legislation ban some or all use of mobile devices while driving.
At this time no state bans all cellphone use — handheld and hands-free — for all drivers. But nine ban using handheld devices; 38 states and the District of Columbia prohibit text messaging for all drivers; and 30 states and D.C. ban all cellphone use by new drivers.
In the United States several high-profile lawsuits and settlements have recently occurred in the past 6 months against companies that have field service personal that were involved in driving fatalities. The position has previously been that if corporate policies were in place and acknowledged by employees, the companies could be perceived as exempt for direct liability.
Examples and references:
Jury Awards $21 million to Woman Struck by Coca Cola Truck in Distracted Driving Case
Companies weigh risks of distracted driving
Enbridge Energy Partners and its driving policy
US Department of Transportation - Federal Motor Carrier Safety Administration
A new trend appears to be emerging where policies and potential systems must be put in place to exempt liability.
Several solutions are now available on the market to assist corporations with various levels of distracted driving management. Examples include in no certain order or preference (ping me if you know of others):
- Zoom Safer - http://zoomsafer.com/products/fleetsafer/vision/
- Zoom Safer - http://zoomsafer.com/products/fleetsafer/mobile/
- CellControl - http://www.cellcontrol.com/
- LocationLabs - http://www.locationlabs.com/
- Illume Software - http://getizup.com/index.php/Enterprise
On the consumer side, I think it will just be a matter of time before insurance companies will fully embrace this type of technology (trails are already underway), and discounts or mandates will be commonplace.
The US government has been calling Distracted Driving an dangerous epidemic since 2009, and with good cause. http://www.distraction.gov/
Drive safe and not distracted!
Another cool infographic that I recently came across. This one gives an overview on some key aspects going on with tablets in the enterprise.
Right now this is heavily dominated by the Apple iPad and the question is if they can hold Microsoft Windows 8 tablets at bay later in the year. We shall see what Apple will announce next month at their developers conference (which this year was sold out in only 2 hours!), to keep their momentum going.
Please see http://www.vertic.com/blog/year_of_the_enterprise_tablet_infographic/ for more information.
BTW, they also have an older one from November 2011, called the “The Tablet Economy”, which gives some interesting stats on the demographics of a typical tablet owner: http://www.vertic.com/blog/the_tablet_economy_infographic/
As I wrote in a previous posting back on March 11th, Kyle Lagunas was doing a public survey to get more BYOD trending information. I’m a little tardy in posting this, but catching up. :-)
Employees using their own devices (smart phones, tablets, PCs) are able to use the technology they’re most comfortable with--which has a positive impact on productivity. But as anyone in IT can tell you, this has risks. To address those, some organizations are creating BYOD (Bring Your Own Device) policies that establish guidelines for proper use. Last month, Kyle Lagunas of Software Advice launched a survey to get a pulse on what companies are doing to manage employee-owned mobile devices.
Kyle’s share a few highlights with us here. You can find the full report of his findings on his Blog.
Fact: Employees Are Already Using Their Own Devices for Work
The question many business leaders are asking their HR partners is: “Do we need a formal policy for managing mobile devices?” This is not an easy question to address, as it requires perspective on what employees are doing with their mobile devices. To that end, we asked a couple of questions around usage.
Figure 1: Ownership of devices employees use for work-related purposes.
The most important question when discussing BYOD, of course, is whether or not people are even using their personal devices for work-related purposes. As shown in Figure 1, the majority of employees (77%) are using their own devices to some extent--either exclusively or in addition to company-issued devices--to do work. Of course, “work-related purposes” could be something as simple as checking their email. So we wanted to gauge what else they’re doing.
Figure 2: Employee uses of mobile devices.
According to our respondents, employees are using mobile devices at a roughly equivalent frequency for personal and business use. As shown in Figure 2 above, 67% of employees are using devices for business correspondence (email, phone calls, etc.), and 44% are using their device--company-owned or not--for professional networking.
Whenever employees are using mobile devices to access company data (48%), one would think a policy with guidelines for proper use is a must. However, another survey question revealed that only 30% of respondents’ companies had a policy for managing personal mobile devices in place. Is there a disconnect here? Survey says... Quite possibly.
Will BYOD Become a Higher Priority?
Considering the majority of employees are already using personal devices for work-related purposes, we were surprised that only 12% of organizations without a BYOD policy plan to adopt one in the near future (half of those are currently developing policies). 30% of participants without BYOD policies said that instituting one wasn’t a priority, 33% plan to modify their plans for managing use of personal mobile devices in 2012.
Security risks associated with BYOD policies continue to intimidate some--one respondent said he is “scared to death of security vulnerabilities”--but what would do more to minimize risks than to adopt an official policy? Are organizations better served by addressing issues as they arise? Or should leadership elevate mobile device policy as a priority for 2012?
As the cool new “infographics” way of displaying information is addictive, here is a nice one with some BYOD stats that could be of interest.. :-)
See http://www.xigo.com/byod/ for more info..
I first noticed this now, but there appears to have been an update to v1.0.1 on April 17th with some new fixes that I didn’t try in my own testing previously back in March. Details are posted here: http://support.apple.com/kb/HT5233
The redemption code reusability could be huge, and I’m wondering if other MDM/MAM solutions could work in the same fashion:
The Apple Configurator 1.0.1 update is available from the Mac App Store.
This update improves overall stability and performance and addresses a number of issues, including the following:
- Enterprise apps packaged as .ipa files are imported and installed correctly.
- Redemption codes for apps that contain a comma in their title can now be imported.
- A redemption code may be reused to install an app on another device if the original device is unsupervised and erased by Apple Configurator, or if the app's installation did not complete on the original device.
- The redemption code used to purchase an app in iTunes may also be used to install the app on one device with Apple Configurator.
- The number of redemption codes remaining for an app is now displayed correctly.
- Notes and bookmarks entered into iBooks and iTunes U are deleted when a backup is restored to a supervised device.
- The WPA2 password is saved when editing a Wi-Fi profile payload.
- The name of a stored backup is saved when edited.
- The storage capacity of an 8 GB iPod touch is now displayed correctly.
- The "Erase all contents and settings" checkbox on the Prepare pane has been relabeled "Erase before installing".
As I have made device upgrade lists in the past for Windows Mobile, I’m glad to see others are providing updated centralized information on this.
JR Raphael has posted a great listing here, with an easy to use device dropdown picker: http://blogs.computerworld.com/19341/android_40_upgrade_list
For the US side Samsung has posted a nice overview, here, for their devices that will receive ICS but no firm dates from each US mobile operator.
It would appear that most of the newer devices from last year will probably receive an 4.0 upgrade if I’m reading all the information correctly.. JR Raphael also made a article on the overall Q1 status from many of the OEM manufactures here: http://blogs.computerworld.com/19867/android_40_report_card
For the many markets, I think the co-branding and continued UI tweaks and changes done to the base models just continue to make it more difficult to support long term. We have seen this for years now, and now on various mobile OS platforms.
On top of all the other Apple news from the other week, there was also a “silent” release of a new tool called the “Apple Configurator”. Think of it as a mixture of the Apple Xcode, iTunes and iPCU applications all wrapped into one.
It appears it has been tightly under wraps and with a small number of beta testers since the Apple WWDC conference last year.
The current OS requirements are: Mac OS X 10.7.2 or later – thus it requires a Mac machine running Mac OS X, but not Mac OS X Server. There currently is no Windows OS support, unlike for iPCU and iTunes which do have Windows versions.
You can download Apple Configurator from the Mac App Store. It is a free application, but you will need an Apple ID.
Some of the functionality that I will document in this walkthrough:
· Configure up to 30 devices at a time
· Update devices to the latest version of iOS
· Create and restore a backup of settings and app data from one device to other devices
· Import apps into Apple Configurator and sync them to new devices
· Use the built-in editor to create and install iOS configuration profiles
· Organize supervised devices into custom groups
· Automatically apply common configurations to supervised devices
· Quickly reapply a configuration to a supervised device and remove the previous user’s data
· Import apps into Apple Configurator and sync them to supervised devices
· Define and apply common or sequential names to all devices
· Restrict supervised devices from syncing with other computers
· Add users and groups manually or auto populate via Open Directory or Active Directory
· Check out a device to a user and restore the user’s settings and data on that device
· Check in a device from a user and and back up the data for later use, possibly on a different device
· Apply custom text, wallpaper, or the user’s picture to a device’s Lock screen
· Import and export documents between your Mac and Apple Configurator
· Sync documents between assigned devices and Apple Configurator
The installation quick quick and painless. During the installation the product prompted to upgrade and install the latest iTunes 10.6 as well.
Once run after the installation a very nice welcome screen is show to educate you on the 3 main application functions:
I will now go in depth for each function or task.
Before we dive into each task in the application a quick review of the all important Preferences which can be important to configure. Access the Preferences in the application menu:
The preferences have two sections, “General” and “Lock Screen”. It is important to use the same Apple ID as configured and authorized in iTunes (Store->Authorize This Computer) on the same machine.
The “Lock Screen” settings provide some nifty features to streamline a custom lock screen wallpaper. Drag and drop a new picture, custom text, and automatic user images from the directory service connected. This can only be applied to Supervised devices.
Tip: Reclick on the “Lock Screen” tab to update the wallpaper rendering.
Click on the Prepare icon.
Tip: If you have any devices connected to the Mac, you will see a number indicator on the upper-right of the Prepare icon.
The Prepare screen has two sections, “Settings” and “Apps”. The Settings screen provides the following:
Name: Device name that will be set. Defaults to a “No change”. You have the option to start at any number, just enter one, and click on the Number sequentially tick box. Here I entered 5 for example and have 3 devices connected.
Supervision: Set this to OFF if you want to configure a device once. Set it to ON if you want to reapply a configuration repeatable, and also bring the device to a known state every time it is connected. We will go into more of this in the next section.
iOS: Defaults to Latest, so you can upgrade automatically. You can choose Other, and point to a .ipsw file. The application will download the latest .ipsw automatically for every device type connected if Supervision is used.
Tip: This could be handy if you want to install a new Beta iOS. If you selected Supervision OFF, you can also select No Change. This doesn’t appear to be possible with Supervision ON.
If you are not installing a fresh iOS release, you can select “Erase all contents and settings”.
Restore: To install a backup to multiple devices choose it from the list. Please note that the “Don’t Restore Backup” when Supervise is ON will still erase all content and settings.
Tip: Set Supervision to OFF, then you can select “Back Up”, if you want to back up a connected device with no Supervision features. Otherwise you need to configure a Supervised device first. iTunes backups can also be used for un-Supervised devices.
Tip: Make a “master” device with the iOS Setup Assistant already completed, and you can then use the Prepare function with Supervise OFF to setup multiple devices with the same backup and let it install the same profiles and application on each one.
Profiles: Here you can import an existing .mobileprofile file created previous with iPCU or “Create new Profile” right in the Apple Configurator. The v1.0 version has all the same iPCU settings as in the recent new v3.5 version. See my previous article on that here. You can also Export the profiles you have listed.
Apps: In the “Apps” section you can browse or drag’n’drop .ipa files (for example from Home->Music->iTunes->iTunes Media->Mobile Applications if you transferred purchases from a device or a in-house developed application from Xcode).
If you add an application that is not free of charge or in-house developed a prompt for the Apple Volume Purchase Program (VPP) voucher codes will appear:
Please note that the VPP program is still not available for all countries and requires enrollment (businesses must have a DUNS number).
Dismiss the prompt(s) and review the applications you may have added:
You can then click on the “0” icon and import your VPP vouchers purchased for the selected AppStore application. The spreadsheets can be downloaded with your VPP account at any time from http://vpp.itunes.apple.com.
Once you have imported your codes, the number will decrement as the codes are used on the devices and you can track on which device they have been used on.
Click on the Prepare apply icon at the bottom of the screen when you are ready to start!
After an “are you sure” prompt, all the connected devices connected through USB will be updated and you can visually see their progress status:
Any issues will be marked, and successfully completion shown:
After you have Prepared your devices and have set the Supervise setting to ON, you can further manage them within the Supervise icon:
You can create groups and drag the devices into these groups. You can also add additional apps to the devices/groups:
If you have installed paid-for Apps and uploaded the VPP .CSV spreadsheet with codes, you can track and see which devices are using which codes and how many you have left:
But the really-really cool thing is if you remove the checkmark in-front of an app, that is a paid app installed with a VPP code, that the redemption code count goes back UP, and you can reinstall the paid app on another Supervised device!
Last but at least of the 3 functions in the product, is the “Assign” function. Here you can facilitate a check in and check out process to your Supervised devices, where the users’ data is left intact – think Windows roaming profiles.
Here you can add users and groups (even from a connected directory service) and drag and drop users in those groups.
You can assign and install documents to be used be specific users or a group of users. Click on the “+” symbol at the bottom of the 3rd panel, and choose the appropriate application that is installed on the device: (mine has several options since I imported a large number of apps, only those that support iTunes file sharing are supported)
Then browse to the files you want to be placed on each device the users are assigned to and the document is now associated with the user and will be installed when a device is check out to that user.
When you are ready to assign and check out devices to users, click on the “Check Out” at the bottom and pair the users to the available devices. When complete click on “Check Out”:
When users return the devices, and you wish the check in the devices again, attach them to the machine running the Apple Configurator and click on the user and click on “Check In” at the bottom. It will now transfer the files and any changes to those files that the user had made into a backup, so upon the next check out the files can be restored:
Unless you specified a backup in the Prepare stage as part of the device’s Supervise configuration the user data will remain on the device until you check out the device to another user.
Using a Supervised Device
A quick verification on the Supervised device shows that the lock screen indeed has been set as configured:
It is clear that the Apple Configurator tool provides a self-signed certificate, and places a Profile on each device that is Supervised. Of more concern is perhaps that the machine running Apple Configurator and it’s Network MAC address is part of the certificate signature:
It is also clear that the disabled iTunes tethering does work, and here is the prompt I received when trying to tether the Supervised iPad to my iTunes 10.6 installation:
Another useful feature in the application when in the Supervise function is to provide detailed asset information from the Supervised devices into a .CSV file:
In the scenario where you have users checking in and our devices, you could lock the device with profile settings so the AppStore and other functions are disabled. You would maintain the apps and the VPP codes used on all the devices in a contained environment. There would also be no need for individual Apple IDs for each user, unless they are using iTunes, and other apps that require it.
As with most new v1 applications there may be some bugs and steps to hash out.
I got some of these prompts while importing apps:
There is no detailed logging to see exactly which iOS apps are at fault in various stages in the application. You may have to guess or perform a process of illumination.
If this example I added a document to Adobe Reader, which isn’t present on the selected device:
As with any device management system, the local database that the Apple Configurator uses is critical to your long term usage of the product. You should properly back up the Mac you use to manage all of your devices regularly.
Specifically this paragraph in the http://support.apple.com/kb/HT5188 support article stats this:
"If you lose the Apple Configurator database, your users will retain rights to use the apps already installed on devices, and you can reimport any spreadsheets to install additional apps on devices using unredeemed codes. But if an app is deleted from a device after you lose the database, Apple Configurator will be unable to determine the device’s rights to that app, and you will need to redeem another code in order to reinstall the app."
I’m also wondering about the self-signed certificates that the devices have been setup with and assume they would have to be re-Prepared if moved to another machine running Apple Configurator.
I think Apple definitely has up the ante on the management features they provide. Above the beyond the Profile Manager features released in Mac OS X Server, and those found in Xcode, iTunes and iPCU.
It still lacks some of the larger scale enterprise features found in the various Mobile Device Management (MDM) products on the market (such as self-service Enterprise App Store, active monitoring etc), or a Exchange ActiveSync remote wipe. So it really depends on your requirements (and money budget). It could easily make sense for a small to medium sized iOS device deployment and management within a single facility.
Also if you have an educational or training type setup with a secure cart (as found from Bretford, Parat, Tribeam, or Datamation, etc) with a USB hub and connected MacBook, you can easily manage a cart full of devices with the Apple Configurator and the basic features that it can currently provide.
But if you have a larger deployment, and more dispersed geographic area, with additional security requirements and processes around it, I would highly suggest looking at a more full fledged MDM solution. The majority can be found here in a nice public comparison: http://enterpriseios.com/wiki/Comparison_MDM_Providers, although several are still missing.
A hybrid use case could perhaps also work where non-Supervised or Supervised devices also are used with another MDM solution, but more testing is highly recommended.
Now if the special logic used to reuse VPP vouchers from one managed (Supervised) device to another could also be found in the MDM solutions on the market you could have some strong new features.. :-) Also the shared user aspects are a sore spot for many current MDM solutions. It will be interesting to see if some of these new features get carried over.
Here are some further reference points:
Apple Support articles:
HT5185: Apple Configurator: Coordinating device names with labels or slot numbers in carts and racks
HT5188: Apple Configurator: Using Volume Purchase Program (VPP) Redemption Codes
HT5194: Apple Configurator: Backing up and restoring data
Apple Configurator Help Online
Randy Saeks also posted a great 11 minute video walk through here:
- and a nice 17 minute video here that goes more in depth on the Supervision aspects:
More Posts « Previous page
- Next page »