Here’s how to capitalize on iOS 9’s best new feature
When Apple introduced iOS 9 in September, an unheralded but significant feature was included: the ability to assign apps to unique device identifiers rather than specific Apple IDs. This functionality allows companies to distribute apps to individual devices with little to no intervention on behalf of the end user.
Previously an absolute requirement of nearly any deployment, the Apple ID was doubly important since nearly every Mobile Device Management solution (MDM) requires an “agent.” Once downloaded from the App Store, agents patrol for common security breaches, such as “jailbreaking” devices, and allow devices to be found on a map through geolocation; without an agent, these imperative abilities are nonexistent.
This change is a win-win for organizations and employees. For organizations, IT can purchase, deploy, and manage apps in bulk and apps aren’t tied to Apple IDs — users can’t delete these apps or modify their settings. And employees get up-to-date apps and information (organizations take care of pushing out updates) on their devices, and won’t be required to log into an Apple ID to access shared apps.
Let us explain what IT administrators need to do to capitalize on this new ability.
What do I need to prepare?
To make app assigning across all devices work, an administrator will need the following:
- Apple Volume Purchase Program (VPP) for apps, tokenized: To distribute apps in this new method, administrators must use Apple VPP, tokenization, rather than the old method of redemption codes. Of the many benefits of this approach, the two most significant are the ability to revoke an app’s ownership, and the option of “silent” installation on supervised devices (more on this below).
- Apple Device Enrollment Program (DEP): To silently push apps to devices, the devices must be supervised, either by a Mac running Apple Configurator (this may be unrealistic for most large deployments), or over the air through a DEP. Though this step is technically optional, it’s highly recommended for a frictionless deployment.
- An MDM solution with this feature in place: It’s not available yet, but keep an eye out for it. The major MDM vendors have committed to opening up this feature in the near future.
How do I begin deployment?
Organizations familiar with providing one paid copy of an app to each employee will find this new approach jarring. Because apps are now assigned at the device level, rather than a user level, more copies of apps will likely need to be purchased; the one-to-one relationship of apps to devices will need to be maintained. If you’re not set up for tokenized VPP, you’ll need to be.
Once the MDM solutions adopt the new program, any VPP tokenized installations can be silently converted to device-based assignment. But, because these solutions aren’t ready yet, now is the time to complete the necessary steps so organizations can seamlessly move forward with this capability when the lights do get turned on.
One last note: Devices procured through SHI, DEP-authorized resellers, or Apple directly are the only ones that can capitalize on this functionality. Because outside devices cannot be supervised, apps pushed to them must be authorized by the end user.
What can be done today?
SHI can assist administrators in deploying devices, and ensure they are optimized for the next steps. Contact your SHI account executive to get started.