Dear Lazyweb, what's the cheapest and easiest way to push out changes to dozens of iPads over the air?
Correct answers begin with "I have done this thing, and here's how", using small words.
Currently we do this by configuring one, then bringing another within Bluetooth range and cloning it, but that is tedious. It sounds like Apple Configurator is how you do this, but I am lost in a twisty maze of product names, all alike. WTF are Apple Business Manager and Apple Business Essentials? Do I need a Mobile Device Manager? Is ABM an MDM? Or is it really the case that the only way to update a fleet of iPads over the air is to pay rent to some 3rd party interloper who is not Apple?
Yes, I have read dozens of Apple documents about these things, and I still don't understand. Don't just google it for me, please.
MaaS360 works quite well for a third party interloper.
Apple Business Manager does not include the MDM component. It allows you to enroll devices, manage apple IDs for your business, and allow/revoke app permissions on those devices.
Apple Business Essentials is ABM + MDM + a few other things like icloud storage and 24/7 support for enrolled devices. It's billed as a one-stop shop for small businesses to do what you seek without having to deal with a third-party interloper like JAMF or MaaS360. That is probably what you seek if you want to go the all-Apple route.
Another nice thing about Business Essentials is that you can get nice long warranties on all your devices for not a lot of money.
I ran house management for The Rathskeller Club (immersive theatre venue) and used Jamf Now as our MDM to manage our iPad and iPhones. iPad for digital signing guest waivers, iPhones for all house manager tools and logins. These devices were not attached to a user; my house staff used shared devices. This was 2018 till 2020 and I haven't used Jamf Now since (we closed the venue in 2021).
Jamf Now has a lot more bells and whistles than I needed, but it does the mass updating + app installs with ease once you do the first one for each device blueprint.
One blueprint was for the iPad: User facing and super locked down to the SignNow app. The iPhones were a different blueprint that didn't lock down like iPads and installed apps like Eventbrite, Slack, and security camera monitoring tools. All had our WiFi password loaded. I could remote update app and/or OS once they were setup.
I recommend starting with one device for one blueprint. Start playing around with setup, lockdown, and trying it all over again. If you like the service and comfortable with the setup, deploy a second device on the same blueprint to see how it works on two devices. The subsequent devices on the same blueprint will go easy. The second blueprint setup will go easier, but again perfect on one device then scale up when comfortable.
The first time you set up getting apps to be included was complicated to pair to the Jamf account. Sorry my memory's murky, I just remember it being weird at the time. After it works for one device, it works for all.
The first three devices are free in the service, then $4/device/month from there. I know it adds up, but that's the game we have to play. At least with the first three free, you can see if you like it and NOPE out if you don't.
-----
Apple has Apple Business Essentials does the similar but is user centric. It's about sending a new employee a device and reducing the onboarding to "turn on and create your password".
ABE offers "device plans" which the company owns the device and attempt to operate like Jamf Now, but I don't know how well that works out. Searching for docs proved… not useful. I have no personal experience with ABE as it's new. I worry it may not be your device centric solution, but I concede I have no experience with ABE directly to know.
We use Jamf at work today. It's pretty simple, powerful, and does everything we've needed it to do so far.
I use Jamf professionally and it works well but is crazy expensive for even a non-profit with a Big Budget. It's not feasible for small non-profits or places that act like one.
It's been a few years since I worked in this space but JAMF has long been the market leader in this category.
If you want to go the opensource route, MicroMDM is the most developed option, but you'll have to run your own server and the path will definitely be rocky. There may be things you want to do that aren't fully implemented yet.
Also, if you're not already on the MacAdmins Slack, I would highly recommend it. In the modern SEO'd world, it be be very hard to find real technical information on Mac administration/configuration, since most of it is aimed at non-technical people. MacAdmins is a gold mine.
Out of curiosity was the hardware something you guys inherited from the Nonchalance crew or did you have to assemble it all from scratch?
No, the hardware was acquired / bought by us.
I do this with Mosyle MDM, which has a free tier for up to 30 devices. ABM is not an MDM, but it's where you associate each device with a specific MDM service.
I have done this thing, and here's how.
First you need an MDM, l like JAMF Now and 42Gears.
If you don't buy your iPads from an Apple Partner and they don't pre-enroll your iPads then you have to physically connect them to a Mac, run Apple Configurator 2 to create an enrollment profile, push the profile to the iPad, then wipe it and let it enroll itself in the MDM. Then you just do everything from within the MDM from anywhere in the world.
There's more details but the documentation in your MDM of choice will be WAY better than Apple's docs, I've done it with three different MDMs now. There's setting up a certificate, getting it signed, etc, but that's all just busywork anyone can do, even a guy who helped invent browsers.
The company I work for would tell you to use Meraki MDM and happily sell you licenses. https://meraki.cisco.com/products/systems-manager/
Our internal IT uses JAMF instead. You can take that for what you will.
For whichever MDM, this is the exhaustingly step by step instructions for setting it up on the Apple side:
https://documentation.meraki.com/SM/Device_Enrollment/Apple_Automated_Device_Enrollment_(ADE)