DEP MDM and Cisco Meraki. 1 Day Deployment

Mobile Device Management, or MDM is really taking off, but it really can be a minefield. Especially when most schools or SME's are stuck with Apple Configurator 1 and 2 to manage and supervise their iPads / mobile devices and not necessariy tied into any MDM solution. That's often fine for most, but in the Education space, the Department of Education would rather you moved away from this and take full control over what your students are watching.

That's all fine in theory, but finding the time to get the job done and the learning involved is often a bit daunting and not something most have the time to dive into. That's where we come in, but I see no reason why we can't help those out who want to give it a crack by clearing the fog and giving you clean steps on what to do.

Here at Leading Edge Computers in Port Macquarie, we're highly efficient and specilised in this area and in pretty much 1 day we can have your iPads supplied, linked to DEP, set up in Apple Schools manager, tied into your DEP,  and network profiles set up, all into Cisco Meraki MDM and all up and running with your own, simple to maintain fully fledged MDM solution. And that's no joke.

We hear how long some companies take to get this done and it's not necessary. If you know what you're doing, MDM is fast, effective and a real pleasure to use as is linking your devices into the Apple DEP which you need to do to take full advantage of remote management of your devices with your MDM whatever that may be - Zuludesk, Meraki, Profile Manager, Airwatch and others.

So, let's have a look at how we manage a deployment within 1 day in Cisco Meraki.

1. Your school or institution needs an Apple DEP ID. You can apply for this at - you will then be migrated to an Apple Schools Manager account where you can centrally manage your DEP link to Apple. This ID is needed to complete a chain of ownership from you to Apple to your MDM. You'll also need this if you already have iPads and want to bring them on-board with DEP.

2. Choose your MDM solution and ensure you have linked it into Apple Schools Manager. This varies slightly for different MDM's but in Meraki for example, it's simply a case of swapping tokens with your Meraki MDM and Apple from within your Meraki MDM. Choose DEP in your Meraki dashbord and follow the stes to connect to Apple MDM

3. In the same panel, connect your VPP [ Volume Purchasing Program ] to your MDM / Meraki.

4. Set up your networks in your MDM [ this may need to be done later as some MDM's need devices to be available first in order to create a network. ] - you can use a single network for all of your DEP devices if you'd like, or I prefer to split them up - Library, Technology, Design, Rocket Science for example. This way it's easy to manage sets of DEP devices within those networks. 

5. In Meraki [ or your MDM ] choose a default network your DEP devices will be assigned to. This doesn't matter too much as you can easily move these devices to any network as you wish later on but I set up a simple DEP-IN network where my devices all link in initially. Just makes things neater.

6. So, let's get some devices into your inventory so we can start adding them to networks and apply on-boarding settings.

7. In Apple Schools Manager, select Device Assignments and add in the iPad serials that your supplier has confirmed have been linked to DEP.  It's worth saying here too that you will need to add your suppliers into schools manager.. if you don't do this, you'll get a message from Apple reminding you to do so. Adding active serials here will only work if the devices have been correctly registered with Apple. Choose the MDM server you want to assign them to which you've previously set up - you can have more than one. This is also where you can set up a new MDM - for example, let's say you're moving from Zuludesk to Meraki but don' want any downtime - this is where we make sure there's a seemless move. If you haven't done this part yet, add an MDM server in Schools Manager and follow the prompts to exhange tokens with your MDM to link them in.

8. As soon as your devices have been assigned to your MDM server, you can jump into your Meraki and MDM dashbord and select DEP from Organisation [ Meraki ]. Here you'll see a list of your available deivces in DEP.

9. Select all of them and them and select Assign Settings. This is where we tell the iPads how they will be set up. In Meraki, select Create Settings. Give them a name. Generally, this is how I set up iPads for School deployments  - Pairing Yes, Supervise Yes, Mandatory Yes, Removable No, Shared No. Then you get to choose what parts of the standard iPad setup screens you want to miss. Select ALL of them apart from Location Services. This means all screens are missed apart from Location Services that needs ot be set to ALLOW otherwisde your date and time will be incorrect. Click ASSIGN to XX devices.

10. As soon as any of these devices see a network and have a valid internet connection, they will grab this setup detail and do as they are told. This prepares them for further settings once on your network. From the same screen, let's get those iPads into the network they will live in, so select the ones you want, and from the menu's select 'MOVE' Select your target network and thats it!.

11. Applying settings [ Profiles ] to your iPads to set WiFi network details, proxy details, wallpapers to identify them. Select the network you want to set up and then select Systems Manager and Settings. Hit the + butotn on the top right of the window and set up the basics.. Restrictions is probably the main payload to add in. Choose these carefully as you have a LOT of control over what your iPads can/can't do with these controls.

12. Easily forgotten here is a very important bit. Tagging. Tags relate your profiles and in the next steps, assigment of Apps to groups of iPads. In Meraki in the settings screens you've created for the current selected network, in the Scope setting, select 'with any of the following tags' and select a relevant tag for the iPads in this network that should acquire the profile you've set up. Make it easy. If the network you're looking at is 'Library' for example, create a new tag called 'library'. At the bottom of the screen you'll see the devices that are in this scope - you should see none at present as we have not 'tagged' any ipads as yet so let's do that. SAVE your profile first then navigate to Systems Manager and Clients [ still on the same network ] Here you should see all of your iPads that you earlier 'MOVED' from your DEP main menu to the chosen network.

13. Select them all. Then select Tag. Add the tag 'library' to all of them. If you now go back to Settings, you'll notice those iPads now appear in the scope.. and this means they'll acquire the profile you've put together.

14. Now let's send some Apps over to these Library iPads. Go to Systems Manager and Apps. Here you should see all available Apps. Scope initially should show NO DEVICES -this means no Apps will be installed on any device as you've not set this up. Select the Apps you want to appear on your 'Library' iPads. Once you've selected them go to EDIT SCOPE and add in the tage 'library'. You can now tag these Apps to your other iPad groups then make sure you tag those iPads also to join them to the Apps you've chosen.

That's it. Yes, it seems like a lot to do in a day, but we do it regularly. It's worth noting also the dates on which your various certificates will expire and ensure you add them to your diary otherwise devices will fall off your networks in a years time and start misbehaving. 

Meraki gives a huge amount of control over how your iPads work., It's also very easy to manage and is highly recommended by us. We can manage the entire process for you and install Caching servers to your network to elimiate network load when all of these devices are updating themselves - all of which is done by you with a single click. Call us anytime, speak to Darren and I'll come out to show you in the real-world how Meraki and MDM works.

Register for Apple DEP and VPP Programs here.

Welcome to Leading Edge Computers