With the release of iOS 9 Apple introduced a number of improvements to the Volume Purchasing Program (VPP). Of these improvements, one of the more significant is app assignment by device. With this new functionality it is now possible to assign VPP apps to an iOS device without the need for an Apple ID, and if that device is supervised, the installation is silent.
Before this change, it was only possible to assign apps to a user by associating them with an Apple ID. This method of app management can be an administrative nightmare when used in environments such as K-12 education, where many users may be working with a particular device. Students may not have an Apple ID, or may be too young to have one without parental consent. Additionally, it meant that an Apple ID needed to be configured on the iPad for apps to be silently pushed to supervised devices.
With VPP device assignment, an Apple ID is no longer required and with supervised devices, apps can be pushed silently with no end user interaction. Silent app push has a huge impact on an administrator’s ability to seamlessly deliver iOS apps to users. Combining this new functionality with Meraki Systems Manager features, such as multiuser authentication, can offer a fantastic classroom experience. Apps and settings are tailored to each student’s needs and dynamically changed as the user changes.
Systems Manager Legacy customers can gain access to this great new functionality by upgrading to the latest version of Systems Manager. Please contact your Meraki representative for further information or alternatively sign up for a specialist Systems Manager Teacher’s Assistant webinar here. Additionally stay tuned to our YouTube channel for additional video guides to this functionality.
With so many feature additions to Systems Manager, we have decided to create a recurring series of specialist webinars focusing on how to make the most of them. These specialist webinars will be scheduled regularly and cover two important feature sets available in Systems Manager, Sentry and Teacher’s Assistant. Listen to the podcast below to learn about all the features, functionality, and use cases that will be covered in these sessions.
Sentry
Systems Manager Sentry provides simple automatic security that is context aware. Sentry dramatically simplifies previously complex security configurations due to the native integration of Meraki networking products with Systems Manager MDM. In the Sentry-specific webinar, we will cover how Sentry works, highlight where it can be used, and go through live demonstrations of the individual features including:
With Systems Manager Teacher’s Assistant, integrating technology such as iPads into your lesson plan becomes a cinch. Teachers remain in control, ensuring that students’ learning benefits from the inclusion of mobiles devices, rather than them proving a classroom distraction. The Teacher’s Assistant specialist webinar covers examples of how mobile devices can be successfully used in education by looking at use cases, and providing a live demonstration of how to use features such as:
With so many ways to use Systems Manager, the amount of choice can sometimes seem overwhelming. Shortcut the learning process and attend one of these specialist webinars for further guidance on how to make the most of Systems Manager. These webinars assume attendees have a basic understanding of Meraki Systems Manager by having attended an introductory webinar such as Introduction to Cloud-Based Mobile Device Management, or having used the product with a trial. Sign up today for a Sentry session or a Teacher’s Assistant session.
With Meraki Systems Manager, Enterprise Mobility Management (EMM) solution, very powerful controls are placed into the hands of IT administrators. With great power, comes great responsibility; it may not be desirable to have every administrator in your organization capable of wiping the CEO’s iPad!
This is why we have introduced the new limited access roles feature in the Meraki dashboard. It allows organizations to easily choose what devices an administrative user has access to, but most interestingly, this selection of devices can change dynamically based on parameters such as time and identity. For example, teachers can only be given responsibility for devices during the time of their class, or enterprise helpdesk staff can only manage devices in their Active Directory group.
Limited access roles can be found in the Meraki dashboard under Configure > General
The example above is based on a retail environment where helpdesk staff only have access to the devices they are responsible for, with three roles for each of the helpdesk teams. These are:
A specialist team with knowledge of the Electronic Point of Sale (EPOS) system running on mobile handhelds
A generalist team responsible for the customer facing kiosks’ tablets
An emergency out of hours team able to help with anything
Tags are used to select the devices managed by each role, with both static and dynamic tags being used in our example. The grey tags represent static tags that have been applied to the device based on its role, while the green tags represent dynamic tags which can change. For these roles, time is being used as the dynamic tag corresponding to the stores operational hours.
With the times and roles defined, the user George has been given the ‘Shop floor EPOS help desk’ role. If George was part of another team and needed a different role, this can be selected from the drop–down.
Limited access roles help ensure privacy, protect against operator error, and simplify management of devices in the Meraki dashboard. This functionality has widespread applicability, while also being a core feature in education, where it is part of our Teacher’s Assistant functionality. Further information on this can be found in our previous blog post here.
Following the recent announcement of Teacher Assistant for Systems Manager, there is another exciting new feature available for Systems Manager customers: Shared Users.
At the heart of the Shared User feature is multi-user authentication. This allows for the user of the device to be repeatedly changed without an administrator’s intervention. The device will dynamically change based on the person using it at a given time, with the user logging into, or out of, the device using the Meraki Systems Manager app. This exceptionally simple self-service model allows a single iOS device to be easily used by multiple people with different needs.
Multi-User Authentication
A user can be assigned a device, or multiple devices, and this pairing allows for configurations, settings, applications, and other options to be automatically applied based on that specific person’s requirements. The list of users can be managed in the Meraki dashboard, or easily integrated into Active Directory.
Driven again by the requirements of educators, the Shared User feature is a natural extension of Teacher Assistant, enabling even more ways of learning with an iPad. Although of particular interest to those wishing to use iOS devices in a learning environment, the ability to easily support multiple users on one device has is useful in a number of situations.
Multi-user authentication can be enabled with a single checkbox in the Meraki dashboard under Systems Manager > Configure > General
User self-service
The Meraki Systems Manager app acts as the interface for multi-user authentication. With multi-user authentication enabled in a Systems Manager network, a fourth option will now appear in the bottom navigation pane of the app called ‘User’. When a user goes to this page, it will give the user the option to login to the device if no user is already assigned, or they can log the current user out of the device.
When a new user logs into the app, the Meraki cloud will check to see what needs to be changed on the device and act accordingly. This could be new applications, alternate settings, or fewer restrictions than the device had previously.
Total control, complete customization
With Systems Manager’s dynamic tags, the user of the device can be checked along with other things such as time, location, and security profile, to allow for complete customization of a device, giving total control. For further information on tags refer to this article.
A great example of the practical use of tags and multi-user authentication, is to put devices into a locked state when no one is logged in. By creating a profile that places non-assigned devices into single app mode, they can be locked into the Meraki app preventing any activity other than the ability to log into the device. When a user logs in, their tags are applied and the configuration for the device is updated.
Start sharing your devices today
Start sharing your iOS devices today by signing up for a Systems Manager account here, free for 100 devices or less. Existing Systems Manager Standard customer who would like to take advantage of this, and other new features, can enable a free trial directly within the Meraki dashboard.
Here at Meraki we have been working on Systems Manager to further ease the burden on educators trying to integrate technology into the learning process. With a wealth of powerful features, mobile devices, such as tablets, can significantly enhance the learning process, but this wealth can also come at a cost. Distractions caused by features not relevant to education, can hinder student learning. Teachers skilled in running a classroom must play the role of digital cowboy or cowgirl, corralling errant students and devices.
We’re listening to your concerns and are announcing the release of some new Systems Manager features. These will compliment existing features, and create a comprehensive suite of controls for your classroom; in essence, a Teacher’s Assistant (TA) for your devices!
Pay attention now
Single App Mode forces Apple iOS devices, such as iPads, to display just a single app. When in this special mode, the specified app is the only thing the user of the device can interact with, even the settings menu of the device is unavailable.
With role-based administration, network admins can provide teachers with access to their classroom’s devices, making Single App Mode easy to integrate into the classroom. A teacher can use the intuitive Meraki dashboard to find a device, view its details, and then lock it to the desired application. Whatever the student is doing at the time will be replaced with the app chosen by the teacher, focusing classroom activity on one task and preventing distractions.
Teachers can easily select an app of their choice from a drop down menu listing the available apps on that device. A great way to stop the class from using the devices, and command attention to ‘bring eyes up front’, is to lock the devices to the Meraki MDM app, preventing it’s further use. When free use of the device is allowed, the device can be easily released by clicking the ‘Disable Lock’ button.
All together now
Having this level of control per iOS device is great, but what about a whole classroom? Systems Manager has this covered with the ability to command devices in bulk. A teacher can easily select the iPad, or other iOS devices they want to lock to an app by using the instant search box. For example, it only takes a couple of clicks to select all 3rd Graders iPads and lock them on to a single app.
With the power of instant search, any teacher can precisely choose the devices they want to control; however in large deployments, selecting the wrong set of devices is a possibility. This is where the new Limited Access Roles in the Systems Manager dashboard come into play. School IT staff can prevent mistakes and simplify the educator’s experience by defining roles relevant to their needs.
At a high level, a teacher is unlikely to manage Apple MDM certificates in the Meraki Dashboard. They are more likely to want to control the specific classes of iPads, leaving the advanced options to administrators. Using Meraki’s tagging concept, teaching staff can be assigned the groups of devices they will work with.
Tags can be updated dynamically, for example by time. This allows for teachers to be given control of different sets of devices depending on their schedule. Time is only one of the many dynamic tags available in Systems Manager, with others such as location, or the owner also being available. Further information is available here
Show and tell
AirPlay is great for allowing teachers to easily display their screens to the whole class, but what about students? This ease of use can become a problem without control. How do you prevent students from taking control of unsecured AppleTV devices? Securing them with a password provides access control but has other problems. How do you allow students to use AirPlay when you want, but prevent access when you don’t?
AirPlay settings can be pre-provisioned in Systems Manager so that student iOS devices have all the settings ready to use, including password.
This prevents students being given the password, while making the teacher’s life easier as all the settings are ready to use on the class devices, not just their own. They can select the student’s device they wish display, choose their classroom from the drop down, and click AirPlay.
Combining this functionality with app lock allows a teacher to have the whole class focused on their fellow student’s screen, not distracted by their own.
You will need this
Some of us here in the Meraki office remember carrying heavy bags laden with books. Worse, we remember getting in trouble for having left one behind! Fortunately students today are looked after by Systems Manager with the Backpack feature.
Backpack can automatically download files and content to devices, storing it for use. Not only does digital content delivery take the strain off young shoulders, but it ensures that nothing gets left behind and only the most up-to-date material is available for learning.
Along with documents, lesson plans, and test results delivered via Backpack; the Meraki MDM app provides students access to a library of managed apps. Students can have core apps automatically pushed to their device, but collections of extra curricula content can be offered. Again, managed through powerful tags, individual students, classes, or sets of devices, can be given the exact content they need.
A TA for every classroom
Putting educators first, while not limiting the powerful creative potential of technology, is an essential goal of making our schools ready for the future. With Systems Manager’s new features, you have a new Teacher’s Assistant helping you manage the digital classroom.
