COVID–19 will likely change a lot of things in our world forever, and I’ve been thinking through a lot of what will change in the enterprise technology world. One of the key things I’ve come to realize is that new device onboarding and deployment will have to become zero-touch in a world where employees will likely be remote at least part of the time.
About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
What is zero-touch deployment?
Zero-touch deployment is the idea that an IT department can ship a new device to an employee in the original shrink wrap, and the setup process for the machine will be automated using a company’s device management system. No longer do IT employees have to ‘image’ a computer, bind to active directory, and then allow users to login. When an employee gets a new laptop, all of the provisionings happen for them without the interaction of IT. Simply put: zero-touch is a hands-off scalable model that works for organizations.
Why zero-touch is key post-COVID–19
When the world gets back to ‘normal’ in the post-COVID–19 world, I think the workplace will be changed forever. That means that IT policies will change forever. If a large subset of employees is working remotely, how will you do device deployment when your IT policies and procedures are all built around in-the-office employees? This fact is why zero-touch implementation has to be central to your future device deployment plans.
How Apple enables zero-touch
In a zero-touch deployment world, the entire setup process happens through Apple School/Business Manager and a device management system.
Apple Business Manager is a simple, web-based portal for IT administrators to deploy iPhone, iPad, iPod touch, Apple TV, and Mac computers all from one place. When this portal is used with your mobile device management (MDM) solution, you can configure device settings and buy and distribute content. And Apple Business Manager integrates using federated authentication with Microsoft Azure Active Directory (AD), so you can quickly create employee accounts with Managed Apple IDs.
Because serial numbers in ASM and ABM come straight from the factory, when they connect to Wi-Fi during the setup process, unremovable configuration profiles are automatically applied enforcing company policies. Because all documents are in cloud-based solutions like One Drive, Google Drive, Dropbox, Box, etc., all a user has to do is log in to the application that will be preinstalled as part of the setup process.
Your MDM server communicates to devices via the Apple Push Notification service (APNs) and tells them how to behave. This maintains a constant connection to your devices, so you don’t have to. Commands, apps and profiles are all sent to the device over the air. MDM software leverages the MDM framework built into Apple’s operating systems. With your MDM solution, you can create configuration profiles based on the various settings you’d like to deliver and push them to your devices over the air via APNs. Configuration profiles are XML files and can be built inside of Jamf — the gold standard for Apple MDM.
Zero-touch was a great idea a few years ago, but going forward, it’s likely to be essential for IT departments to be able to adjust to a new world. It allows deployment to happen ‘hands-off’, so it’s easy to deploy new machines to remote employees without having to unbox, image, rebox, and then ship. A laptop can be ordered directly from Apple, shipped straight to the employee, and the corporate device management will take over from there. You can say RIP to device imaging and say hello to the future of device deployments that’s as straight forward as setting up a new laptop at home.
FTC: We use income earning auto affiliate links. More.