Securely manage Shared iPads with an MDM solution

 

Following the iPadOS 13.4 update from Apple, Shared iPads have become widely used among businesses, schools, retail, logistics and healthcare. Sectors that need multiple users to access a device have benefited from this efficient feature, as it allows different employees or students to login to an iPad at different timings and get work done.

To get maximum advantages from the Shared iPad capability provided by Apple, an MDM solution is required, to help organizations onboard the devices, make sure certain functions are restricted, to distribute apps for the Shared iPads, set up reactive measures and much more.

ManageEngine's Mobile Device Manager Plus is an all-round MDM solution that supports managing iOS, iPadOS, macOS, tvOS, Android, Windows and Chrome devices. By deploying MDMP in your work environment, you can utilize the different features supported for Shared iPads, to ensure simple yet secure device management.

The following are the range of features supported for Shared iPads:

Automated and seamless device enrollment

To bring the iPads under management, the devices need to be enrolled using Apple Business Manager or Apple School Manager. Apple DEP (ABM/ASM) is a program from Apple that helps organizations enroll devices without user intervention, guarantees complete control and eases out app distribution/app license management.

During Device Activation, the 'Shared iPad' option needs to be enabled. This will ensure that the iPads enrolled into Mobile Device Manager Plus can be used by multiple users. Multiple accounts can be created on the device, and a certain amount of storage can be assigned to each user. Thus, each employee gets an equal amount of device storage and a virtual account on the device for better user privacy.

Associating policies on Shared iPads

With ever-rising security threats, Shared iPads need to be secured by preventing access to device functionalities that could be a loophole for data theft, unapproved corporate data sharing, etc. For ensuring security on the iPads that you enroll into Mobile Device Manager Plus as Shared devices, you can disable access to a long list of device functions/settings like AirDrop, Camera, USB drives, biometrics and more. To be sure that no important corporate data gets retained on the shared devices, you can prevent users from sharing data from managed to unmanaged apps, restrict force backups and data syncs. Thus, admins can be certain that even the most basic of device functions on Shared iPads cannot be used to access, send, or misuse important corporate information. In the case of Shared iPads being used for educational purposes, restrictions specific to Apple Classroom can also be applied via MDM. This makes it easier for teachers to lock student's apps/ devices, and prompt the teacher's permission to access screen viewing functions. Note: For the above mentioned Classroom settings, the Apple Classroom 2.0 app should be installed on the teacher's device.

Setting up secured Wi-Fi configurations

Every device will require access to the Internet, to complete daily tasks at work, or access and use organizational resources. To simplify configuring Wi-Fi for Shared iPads, you can provide the SSID, set up a password, the type of security, and even choose whether the devices should automatically connect to your organizations network. This eliminates the need for different users accessing the Shared iPad at different times to manually set up or connect to a trusted network provided by the organization.

Secure corporate data access using VPN

Despite many employees heading back to the office or adapting a hybrid work model, a portion of remote work is here to stay. Remote workers or field employees will need to procure organizational data/resources, and to prevent them from accessing these important resources via untrusted networks, a VPN policy can be associated with the Shared iPads. By configuring a secured VPN connection with a preferred connection type and authenticating users, a trusted network connection can be established via MDM.

Per-App VPN

If only a few apps need to be opened with VPN connected on the device, these apps can be mentioned on the policy. Once the user opens the app(s), a VPN connection will be automatically established.

Managed Web domains

While users browse on Safari, it's likely that they will download and view media or documents for references/work. To secure these documents downloaded from certain URLs, and make sure that users access these documents only using apps distributed by MDM, a 'Managed Web domain' policy can be associated with the shared iPads.

Wallpaper

To maintain uniformity across all corporate owned devices, a common wallpaper with the brand's name, logo, description can be deployed to all the shared iPads. Users can be restricted from modifying this set wallpaper.

Asset Tag information

Unique identification of each shared iPad can be achieved via the Asset Tag information. A set of details like device name, department name, custom message and image can be configured for the devices, making it easier to identify devices. (Beneficial in a scenario with bulk devices)

Global HTTP proxy

Filter all corporate and personal data being transferred or accessed on devices by setting up a Global HTTP proxy policy. With this policy, all HTTP network traffic has to go through the proxy.

Certificates & SCEP

Validate users' identity by remotely deploying certificates issued by CA servers or even user-based certificates. Secure communications made by the devices using these certificates.

APN

Automate your Access Point Name set up with this policy, after which the APN will function as a door between devices' network and the Internet. MDM uses dynamic variables to automate this configuration and map specific user details.

Custom configuration

In addition to the existing queue of policies that MDM provides for data security, custom profiles can also be created with the help of third party tools. Note: This is mainly for policies that MDM does not support.

Managing apps

Mobile Device Manager Plus follows and suggests a straightforward approach to app management. Since users will be logging in on the shared iPad at different timings or with different work-based needs, it can get tedious to distribute apps manually or configure them. However, because the iPads will be onboarded using ABM/ASM, managing and distributing apps is even more efficient, VPP apps and in-house apps can be installed on the devices without any user intervention.

Note: MDMP supports managing VPP apps via device based licenses.

Geo-tracking

If a user has logged into the shared iPad, the device's location can be viewed on the MDM console. The admin gets a complete history of the location(s) traversed by the device and the accurate location of the device.

 

In the unfortunate event of a lost device, or if you need to remotely factory reset the device or delete any corporate information, you can take the following immediate security actions:

  • Complete Wipe
  • Corporate Wipe
  • Lost Mode
  • Locate device
  • Remote Alarm
  • Lock device

Delete User

The Delete User command in Mobile Device Manager Plus provides administrators with an efficient way to manage user sessions on Shared iPads. This feature allows admins to view all users currently logged into the devices and selectively delete specific user sessions as needed. Additionally, the Force Deletion option enables admins to remove users even if they are actively logged in or if an iCloud data sync is ongoing. 

NOTE: It is mandatory to configure an APNs certificate before managing Apple devices using a mobile device management (MDM) solution. To know more about the steps involved in configuring APNs certificate for Apple device management tools, click here.

Start your 30-day free trial of Mobile Device Manager Plus to implement shared device management in your organization now!