A month after its introduction, IT professionals and vendors are still sifting through the changes presented in...
Apple's bulk MDM enrollment program and the potential benefits it could provide.
Apple Inc. rolled out the Device Enrollment Program (DEP) in February to help both enterprises and schools with bulk enrollment of Apple devices into existing mobile device management (MDM) environments.
One significant change that should be music to the ears of IT administrators is "zero-touch configuration." Enrollment in MDM can be automated and account settings can be configured over the air instead of physically accessing each individual device.
Previously, the only way to supervise a device was through Apple Configurator, which required a physical connection to a Mac computer via USB. For organizationally-owned iOS devices, wireless supervision now allows for restrictions including turning off iMessage or Game Center.
About a month after its release, Apple customers and MDM companies are beginning to get a grasp on how the DEP will integrate into the software they use for managing bulk iOS and OSX devices.
Damien Barrett, system technician at Montclair Kimberley Academy, expects DEP to come in handy this summer. The private K-12 school in New Jersey has approximately 1,400 Apple devices including MacBook Air, iPads and iPad Minis.
"I like the idea of being able to do a mass over-the-air enrollment," he said. "Last summer when I deployed all these iPads, sure enough, I had to hook every one of them up to a laptop with the sync cabling, and it was tedious."
In addition, MDM profiles can be permanently installed on devices without the ability for end users to remove them, a potentially significant move for organizations that implement a corporate-owned, personally-enabled device environment.
Apple set up a new deployment page for administrators to choose between the DEP, the Volume Purchase Program (VPP) and Apple ID for Students. Changes to the VPP will allow IT to buy applications in bulk and apply them to devices simultaneously.
The IT community has clamored for management and deployment capabilities and Apple has warmed up to that community out of necessity, Barrett believes.
Now, mobility management vendors must adapt and find ways to integrate the DEP capabilities into their MDM software.
More on MDM and Apple in the Enterprise
MDM tools and policies won't work the same on all devices
MDM tools may not be as secure as you think
Apple iOS features for managing the enterprise
"[Apple's moves] will force a lot of EMM guys to embrace it and ultimately it could get increasingly competitive with them," said Eric Klein, senior mobility analyst at VDC Research, Inc. in Natick, Mass.
That movement has already started, with VMware Inc.'s AirWatch releasing a video how to use the DEP with its products and a Citrix spokesman recently said the DEP should make enrollment "simpler" for Apple-based organizations.
The DEP itself is of no cost to Apple customers, who must be qualifying businesses or schools that purchase devices directly from Apple, according to the DEP guide.
JAMF aids in Apple product enrollment, management
Companies like JAMF Software, LLC in Minneapolis, Minn. are trying to figure out how best to incorporate the changes into their products.
JAMF works to provide support for companies deploying Apple devices and this week's update to its management software, Casper Suite 9.3, aids institutions with touch-free enrollment of Apple hardware through the DEP, according to Jason Wudi, JAMF's chief technology officer.
Apple has worked on "under-the-hood" technologies to improve IT's ability to manage their devices, but much of that work hasn't been marketable, according to Wudi.
"[Apple is] looking to people in the enterprise ecosystem to leverage these technologies to tell that story back out to the IT organization or to the end users trying to be productive," said Wudi.
Whether Apple was outwardly messaging it or not, the company needed a better story for the enterprise with its services, according to Klein.
"Now, [Apple] can see that, 'Wow, we can really continue to dominate here if we add the right features and functions,'" he said.
Montclair Kimberley Academy has used Casper Suite for the last four years to manage the school's Apple devices. The school considered several vendors aside from JAMF including Absolute Software Corp.'s Absolute Manage and FileWave Inc. once they decided on a full Apple deployment.
All of the school's devices get refreshed after every three years, so the option of utilizing the Casper Suite to enroll the new devices through the DEP is a promising one for Barrett although he hasn't used it yet.
"We are vetting [the DEP] right now and will almost certainly deploy over the summer," he said.
While still evaluating how Casper Suite 9.3 will help the school this summer with bulk enrollment through the DEP, the school has started a pilot program for Casper Focus with several iPads, which allows teachers to control exactly what content and applications are allowed on screen at a given time, Barrett said.
In the new version of Casper Suite, users can take their new Apple device out of the box and be automatically enrolled in institutional or enterprise settings by leveraging Apple's DEP. Through the VPP, institutional applications can be reassigned by IT through Casper Suite so the applications stay with the organization and not the user.
That feature can be utilized when a user changes roles within an organization, so their applications can be reassigned elsewhere to a new user.
Casper Suite 9.3 is available as a free update to current customers. Perpetual licensing for commercial customers starts at $90 per device plus 20% annual support and maintenance for OSX and $45 per device plus 20% annual support and maintenance for iOS. JAMF offers volume discount pricing tiers where discounts increase as license volumes rise. Education customers receive a 100% discount for per-device licensing and only pay $18 annually for service and maintenance on OSX devices and $9 for iOS devices with volume discount prices.
Apple declined to comment for this story.
A comprehensive definition of Microsoft's Network Device Enrollment Service