First-Class Classroom Technology
Apple and Academia are here to help with your classroom technology
Apple and Academia are here to help with your classroom technology
With a myriad of options available today for classroom technology, it’s a tough decision as to what to choose. For IT, this could mean a huge amount of research, training and ultimately time and work. Fear not – Apple and Academia have you covered! A few years ago, managing devices and their environment, security and compliance as well as deployment, refreshes, updates, patching and more used to be a huge headache. Luckily, the back-end tech exists today to make all of this a breeze.
Zero-touch used to feel like an extremely distant dream, but it is now very much a reality. Done right, a new device deployment looks something like this (don’t worry, we’ll explain how shortly!):
User receives their device
User unwraps/unboxes device (or the device is handed out, your choice)
User chooses their language and keyboard preferences
The device is connected to the Internet via a cable or wifi
Everything else is automatic!
Preferences, profile settings, apps, shortcuts, printers, restrictions, user accounts and more all appear magically on the user’s device without them having to do a single thing, or involve IT in any way wherever they are in the world. Pretty neat, right? But how do you accomplish this?
APPLE SCHOOL MANAGER
Apple School Manager is the centrepiece of this utopian workflow – this is a free service from Apple, that brings together Device Enrolment, Apps and Books (formerly the Volume Purchase Programme), Managed Apple IDs (no more spreadsheets with usernames and passwords) and Apple Classroom.
Device Enrolment allows you to automatically assign device serial numbers to your organisation – before the device has even shipped to you! This means that the first time the Device is booted up, it will “phone home” to request a Mobile Device Management (MDM) profile if it’s part of the Device Enrolment programme. From here, MDM takes control of the entire process.
Apps and Books
Apps and Books not only allows you to take advantage of Volume Purchase Discounts in the Apple App store, but also to have full control over the app licences themselves. For example, when a user or device leaves your organisation, you can “recall” their app licences into your central pool for redistribution to other users. No more orphaned apps and wasted money!
Azure AD Federated Authentication and Managed Apple IDs
If you’re currently operating with spreadsheets of Apple IDs to ensure devices aren’t locked when a user leaves your organisation, using Managed Apple IDs can really help. You have full control over your entire organisation’s IDs, and can even federate them with Azure Active Directory if you have this in place. Depending on the Device Enrolment method, these can even co-exist with users’ personal Apple IDs.
Apple School Manager is hierarchically aware – meaning that it understands your organisation may not be a simple single-site structure. As a result, Devices and Users can be aligned to different sites, and these can even be aligned to different Mobile Device Management systems if you so wish. The granularity doesn’t stop there – Apps and Books licences can also be location-specific, too.
Classroom and Schoolwork
Apple Classroom and Apple schoolwork really make the classroom come to life – with educators being able to control students’ devices to focus them on what’s important, as well as being able to distribute content, devices in the classroom go far beyond simply replacing pen and paper.
MOBILE DEVICE MANAGEMENT (MDM)
So you have Apple School Manager set up and configured… you now need to get those devices enrolled and controlled – that’s where Mobile Device Management comes in. This allows you to control almost every aspect of your Apple estate, ensuring full safeguarding, compliance, availability and content is in place. Our MDM of choice is Jamf due to their sole focus on the Apple environment to ensure every single possible MDM benefit is accounted for, such as:
Jamf’s Zero Touch Provisioning not only allows you to automatically enrol devices, but also gives you the option to force users to read and accept your Acceptable Usage Policy, as well as read other governance-based messages prior to enrolling and logging in for the first time. In addition, if a device is wiped or reset, it simply picks up where it left off and re-enrols!
Wouldn’t it be great if users could be a little more self-sufficient? Well now they can be! Self Service gives you the ability to give users the option to install specific apps themselves (no admin access required), execute scripts that you define and other tasks such as adding printers themselves. Because everybody loves printers, right?
Make OS and Application update and patch worries a thing of the past – you can either allow users to apply these themselves via self-service (including giving them friendly nudges to via push notification) or force-apply these automatically. You can even use a combination of these approaches: politely suggest a user’s updates or upgrades within a given timeframe and if they don’t, force-apply… because everybody deserves a chance!
Ever used one of those remote support apps where the user has to read a code, or download a specific agent to run? Not needed with Jamf… not only can you do remote screen control, but also execute terminal commands remotely or simply change settings within the web-based UI. This means no more users physically coming to the helpdesk, or needing to call to get remote support – many problems can be solved on the first (remote) touch, making the initial ticket response “this is now fixed”. Bliss!
Don’t know how many devices you have in your estate? Well you’re not alone! However, once you have MDM installed, you’ll be able to run full inventory reports for the entirety of your Apple estate in hugely granular detail. Gone are the days of replying “don’t know” when you’re asked how many macs you have!
Active Directory Integration
This is a big one – Jamf understands Active Directory and can be synchronised with it… not only users but also security groups so your MDM groups can match your AD. In addition, Jamf Connect allows users to log in to macs using their Azure Active Directory details and Microsoft’s “Modern Auth”, so elements such as MFA can be enforced when off-site. Further to that, Jamf can be integrated with InTune to allow Security and Compliance settings to be applied to macs via Jamf… pretty seamless!
NEED SOME HELP?
Does all of this sound great, but at the same time, a little daunting? Don’t worry… we’re here to help. Whether it’s via Planning Essentials to get your project on track, or project support, or even our Mobile Device Management Installation, Support and Management offering, Academia’s team of accredited experts is here to help. Don’t be afraid to ask!
But don’t just take our word for it…