iPads in schools

The digitisation in schools that are equipped with UCS@school continues to progress rapidly. Many school authorities and federal states are providing schools with mobile terminals for use in the classroom. Apple’s iPads in particular are in demand. The devices are robust, easy to use and affordable. They are also equipped with a large number of special apps for digital education.

While iPads are usually tied to a single user, there is one exception for schools with the so-called shared iPads: Students authenticate themselves with their credentials and can thus access personal data, homework, apps, books, etc. This not only saves costs but in combination with mobile device management also a lot of time, as teachers can manage the contents centrally.

Apple School Manager and MDM solutions

Prerequisite for the use of shared iPads is their connection to the Apple School Manager. The responsible administrators manage the students‘ user accounts, the devices and their contents via the web portal of the manufacturer. Apple’s Device Enrollment Program (DEP) facilitates the addition and initial configuration of new iPads. The purchase and distribution of apps and books can also be automated. The manufacturer calls this provisioning program the Volume Purchase Program (VPP).

An MDM (Mobile Device Management) system is required to use DEP and VPP. However, such a mobile device management is recommended anyway if a larger number of tablets is in use. Otherwise you would need to configure each device manually. An MDM system takes care of the software and the basic privacy-compliant settings of the iPads, integration with the school network, user accounts, classes, and more. The Apple School Manager provides an interface for MDM solutions such as ZuluDesk, FileWave und Relution – all available in the Univention App Center.

Interaction with the ASM Connector

There are two things you need to consider when using shared iPads: In addition to basic considerations on data protection (e.g. “What about personal data on the device?”, “Are telemetry data transferred?”, etc.), the responsible administrators would like to see in particular a further automation of the user administration. For this reason we have developed the Apple School Manager Connector. It connects existing UCS@school installations with the Apple School Manager and fits perfectly into our vision for school IT infrastructure.

A typical application scenario looks as follows:


Graphic of a typical user scenario Apple School Manager Connector

iPads purchased from the school authority or school get into the Apple School Manager via the Device Enrollment Program (DEP). The connector transfers users, classes, and course data from the UCS@school instance to the ASM via SFTP, i.e. SSL-encrypted – anonymously if desired. Our new app modifies the user data in such a way that it is not possible to assign the data on an iPad to an individual user. The clear names no longer end up in the ASM (and thus in the MDM). In order to increase user-friendliness, the user names can be made visible which in turn needs to be assessed by the responsible data protection officer.

Screenshot of Apple School Manager

The connector also ensures that the roles defined in UCS@school (students and teachers) are correctly transferred to the Apple School Manager. This provisioning of the user data is not a one-time action: After installing the connector from the Univention App Center, administrators can specify the synchronization interval in the settings. They can determine, for example, that the connector synchronizes the data once a day at a certain time.

MDM systems can then use this data to store profiles on the mobile devices. The connector is designed to work with all common mobile device management solutions, including those that are not available via the Univention App Center.

Improved data protection

When designing the Apple School Manager Connector, we placed great emphasis on data protection. We involved data protection officers from school authorities in the development. During the set up of the ASM Connector, those who are responsible decide for themselves which data should be anonymized.

Anonymization is activated by default in the ASM Connector.

For example, the new app can generate managed Apple IDs for the login and thereby modify them. These managed Apple IDs are subject to restrictions. Find further information on this on Apple’s support website. It may also be necessary to ensure that cloud services such as Apple’s iCloud are disabled via an MDM system.

As to the situation in classrooms this still means that the results from each lesson will be saved in a file storage that conforms to data protection regulations before the user logs off from the iPad. For this purpose, we recommend ownCloud or Nextcloud. These solutions are both available from the Univention App Center. In the future, it will be possible to configure these online memories in such a way that users can access them without further time-consuming or error-prone registration. The aim is to facilitate the access significantly for teachers and pupils.

The advantages of the UCS Apple School Manager Connector at a glance

  • Teachers or school administrators no longer have to manually register their students per school or per class in Apple School Manager: students and teaching staff are automatically registered as Apple users.
  • Synchronization of user accounts, classes, and courses can be done anonymously, so app vendors can’t use Apple IDs to identify individuals.
  • Schools can decide independently how they want to use iPads in a standardized way. If required, a school authority with a central IT infrastructure management can also operate multiple MDM systems.
  • The connector is available as an app in the App Center of UCS@school and can be installed with a few mouse clicks.
  • In its standard configuration, the Connector synchronizes all user accounts of the activated schools with the ASM every night. The same applies to schools, classes, work groups and users.
  • Univention recommends using one of the three MDM solutions from the Univention App Center, as they are already integrated into UCS@school and its identity management. However, MDMs that cannot be installed directly via UCS can also be connected to the new connector via standardized interfaces.

Apple School Manager Connector at the Univention Summit

At the Univention Summit on January 31 and February 1, 2019, we will be happy to show you how the Apple School Manager Connector works and what it can do for you. At this event you will also be meeting numerous technology partners who make their solutions available in the Univention App Center.

Register now for the event

Further information

  • UCS Apple School Manager Connetor in the App Catalog
  • The source code of the Apple School Manager Connectors on Github
Use UCS Core Edition for Free!
Download now

Leave a Reply

Your email address will not be published. Required fields are marked *