7 Replies
      Latest reply on Jun 17, 2015 1:14 PM by bruienne
      rtrouton Level 1 Level 1 (0 points)

        Expanded DEP now available in 26 countries

        Four-hour turnaround for replacement devices



        New features of DEP



        Enrollment optimization - Keeps the device in Setup Assistant until MDM enrollment completes.

        DEP will send a DeviceConfigured command to the device, to let it know it can now exit Setup Assistant

        Available for 10.11 / iOS 9





        Account creation:

        Prevent user account creation

        Set passcode policy

        Create standard user account

        Setup Assistant will also create admin account in the background.

        - optionally hidden

        Standard user is created by Setup Assistant, (possibly hidden) admin user is available for remote administration.





        Additional panes can be removed from Setup Assistant


        Touch ID

        Apple Pay


        Android Migration <- new option to remove





        Equivalent to Storebag from iTunes Store

        Informs tools what info they can obtain from your server


        Three different ways of purchasing apps

        App Store

        VPP Redemption Codes

        VPP Managed Distribution



        VPP expanded to 26 countries (matches DEP)


        Multinational app assignment


        Purchase app in any of the 26 covered countries, can distribute them across other covered countries as long as app is available in that nation's app store. Buy in France, distribute to users in the US and Britain.



        Device app assignment


        No Apple ID required on the device

        No invitation process



        For App developers


        Support device assignments


        - Opt in

        - Update recipt checking


        Store app data in the cloud


        - iCloud

        - Your own cloud solution



        Change to Caching Server in El Capitan


        Preheat cache of iCloud data on local network

        Data will be encrypted



        iCloud Drive documents

        CloudKit data

        iCloud Photo Library photos


        Translation: Give your Caching Server more storage. MOAR.





        MDM Developers: InstallApplication


        Installs app if not installed

        Updates app if installed managed


        What's different?


        Migrate user to device assignment without reinstalling or losing user data

        Convert unmanaged to managed without reinstalling or losing user data

        Install via MDM or Configurator with the App Store set to be disabled



        Enterprise in-house apps:


        New explicit user trust flow for apps

        Prevent users from trusting apps

        Apps installed via enterprise's MDM do not require explicit user trust



        B2B apps:


        Can provide the same metadata for apps that can be provided for App Store-provided apps. Coming later this summer.



        For new settings discussed above, take a look in El Capitan's Profile Manager.




        New MDM commands and queries (iOS)


        Available Software Updates

        Update to iOS (DEP devices only)

        - Download and stage the update, for later installation



        iOS 9:


        Profile restrictions


        Keyboard shortcuts

        Modify device name, passcode, wallpaper


        Pair with Apple Watch



        Network Usage Rules

        OS X Server Account

        Mail: Mail Drop

        SSO: Specify


        New MDM commands and queries (OS X)


        Available Software Updates

        Install Software Updates (DEP Macs only)


        Configure ethernet proxy

        Login window - disable account migration


        Note: Recommend that readers of these notes make time to review the session video, they went through the new MDM commands, restrictions and queries pretty fast.





        DEP and VPP Simulators


        Simulate DEP and VPP services

        Test handling of service errors


        Available for download on developer portal

        New revs this week support the new iOS 9 / El Capitan features



        Apple Configurator:


        Rewritten; now Apple Configurator 2


        New interface puts the connected iOS devices front and center

        Discrete tasks

        Easy automation - combine tasks into workflows

        Multiple stations

        Companion to DEP and MDM server


        Tasks available from the Actions menu in Configurator 2.


        Configurator no longer maintains a database of applications. iOS applications can stored as files on the Mac's filesystem, in iCloud, on network storage, etc, and Configurator can select them as files and use them.


        Command line tool for managing Configurator 2, will be covered in an automation session on Thursday.


        Apple Configurator 2 beta available now.

        • Re: What's New in Managing Apple Devices notes
          rsaeks Level 1 Level 1 (0 points)

          Thanks, Rich!


          If you have a chance grab the Betas and accompying release notes. There are some great bits of information in those that will help with planning.

            • Re: What's New in Managing Apple Devices notes
              eng Level 1 Level 1 (0 points)

              Apple DEP service/hidden admin account - Random GUID. Currently cannot update password/target user. They are working on sending GUID information back to MDM server at creation account time to target later. This isn't a provision profile, but a part of the DEP Setup Assistant activation.


              Apple Configurator 2

              - Now uses CommerceKit to support Caching Servers. _Should_ support multiple front-facing IP addresses but could not be confirmed with engineering.

              - Shared Cache Container

              - New identifier - com.apple.configurator.ui

              - Blueprints are .plists and can be exported/imported by moving files to ~/Library/Group\ Containers/Group.com.apple.configurator/Library/Application\ Support/com.apple.configurator/Blueprints - EXPECT changes to keys/layout.

              - Automator actions currently require administrative rights and installation tool does not work - will be fixed in a future update.


              Apple Caching Service

              - Can optionally cache iCloud personal / business data (1 or both). Data location is truncated in logs and encrypted on volume. Cacher logs should still work but I need to test.

            • Re: What's New in Managing Apple Devices notes
              Level 1 Level 1 (0 points)

              Thanks, Rich. This is great information. Can't wait to watch the video when it's up.

              Off to grab AC2!

              • Re: What's New in Managing Apple Devices notes
                cashxx Level 1 Level 1 (0 points)

                I have never seen these before?  Are these released, I don't see them anywhere.


                DEP and VPP Simulators

                Simulate DEP and VPP services

                Test handling of service errors