Administration of Tablets in Everyday School Life with Mobile Device Management (MDM)

With the increased interest of schools to use tablets in classrooms, the Kreismedienzentrum Wildeshausen (media center of the district Wildeshausen) experienced a significant increase in inquiries for circulating tablets in 2015. In order to guarantee a safe operation of the equipment regardless of the location, the institution was faced with the task of organizing a reliable central tablet management.

Due to lack in personnel at the KMZA it was impossible to organize a manual device management, in which the tablets are connected to a laptop via USB cable and the subsequent MDM configuration is carried out individually.

In addition to the central tablet management, they planned to lend the devices to the schools as a so-called ‘suitcase solution’ and wanted to make remote maintenance possible.

Device management requirements

In order to ensure a smooth process, a catalogue of requirements was set up including the following options:

• ‘Contactless’ configuration of the devices during setup, the so-called ‘enrollment’
• Remote maintenance of the devices
• Installation of system-specific updates
• Installation of apps and their updates
• Central allocation of rights and restrictions via configuration profiles
• Allocation of devices to wireless networks
• Organization of an own ‘Appstore’ with managed apps of the Kreismedienzentrum
• Monitoring of the device functions

With the implementation of an MDM solution, the application of one of the KMZ‘s guiding principles was realized simultaneously. Namely, the takeover of support tasks in the area of MDM for the schools in the rural district of Oldenburg by the Kreismedienzentrum.

Schools that want to use iOS devices can, for example, implement their MDM via a common platform of the district.

Possibilities whitin the use of MDM solutions

The MDM solution JAMF Pro® is multi-client capable, i. e. each school is provided with a so-called ‘site’ on a server. This server is rented by the Kreismedienzentrum Wildeshausen and displays all all integrated school devices. The school administrators can then maintain the devices remotely via a web-based access.

The following properties of the device can be located via MDM:

• Device name
• Telephone number
• iOS version
• Installed programs
• Serial number
• Model name and model number
• Storage space and available capacity

Andreas Schenk from the company Apfelwerk portrays this very clearly in a graphic [1]:

By activating the tablets via the MDM of the Kreismedienzentrum schools also have the following further options:

• Own access to the Appstore via VPP (volume program to purchase apps without Apple ID)
• Own synchronization with the Apple School Manager
• Location-based VPP tokens (tokens no longer bound to personal Apple ID)
• 90 days update suppression
• WiFi use only from MDM Managed WiFi – school’s individual home screen layout
• Conversion of unmanaged apps into managed apps

Current models for tablet usage in schools

The following solutions have already established themselves:

1. The so-called 1: n – solution (‘suitcase solution’) in which one tablet is available to several students in their everyday school life. The devices belong to the institutions.
2. The so-called 1:1 solution in which each pupil has access to a device for the whole school day. Here, the devices also belong to the institution.
3. A personal 1:1 solution in which the tablets are acquired privately by the pupils and used in their school.

All three solutions can be managed via MDM.

The significant advantages of a common MDM

Both smaller schools with a small number of pupils (e. g. primary schools) and schools with large units can use a common system for managing tablets through MDM.

Support is facilitated, because the MDM maps a harmonized IT landscape. The administrators of the schools benefit from a close support via the KMZ and regular meetings on MDM topics enable networking and exchanges. Another advantage is the direct connection to a central identity management system. JAMF offers the possibility of a configuration against a central directory service (via LDAP or SAML). This makes it possible to further simplify the above mentioned work processes. A separate user and group administration is no longer necessary.

The device enrollment works with the login data of the school administrators and, if SAML has been configured, even via single sign-on. Also the own school’s ‘Appstore’ can be accessed with the platform’s login data. Apps are assigned based on classes (groups).

From the point of view of a Kreismedienzentrum, this is a considerable advantage, as the support and consulting tasks can be centralized and harmonious infrastructures in the IT area can be set up. However, it is not enough using MDM alone, as further services are meant to be used in the future.

For teachers, this solution has the decisive advantage that a central access to the different platforms is possible. So they no longer need to fight their way through a jungle of login names.

Sources

[1] DATENSCHUTZ IN APPLES MDM FRAMEWORK (in German)