Enabling Apple Education in Ivanti EPMM

When you enable Apple Education in Ivanti EPMM, the following occurs:

  • Ivanti EPMM creates components required to synchronize with Apple School Manager, such as a certificate enrollment profile. Creating an Apple enrollment device profile makes it easier to manage Apple School Manager devices.
  • You select a previously created custom attribute or create a new custom attribute to correlate the devices in Ivanti EPMM with the devices in your Apple School Manager account. The custom attribute matches the Managed Apple ID assigned to each user in Apple School Manager or device cart, and must be of type string.
  • Ivanti EPMM checks existing devices for values in the defined custom attribute column, and associates relevant devices with courses from the synchronized Apple School Manager data.
  • Ivanti EPMM evaluates devices to determine whether the devices have a value for the custom attribute you created. Values should match either the Managed Apple ID for that device or the device cart name for shared iPad devices.

When enabling Apple Education for the first time, Ivanti EPMM creates the following entities:

  • 2 local certificate authorities (CA)
  • 2 certificate enrollments
  • 1 Apple Education configuration (only one auto-generated Apple Education configuration can exist in Ivanti EPMM)
  • 1 label: All Education

Ivanti does not recommend editing the certificate enrollment settings and the local CAs. There is no need to apply labels to these automatically-created settings, as Ivanti EPMM automatically applies the "All Education" label to them.

Before you begin 

In Apple Education, there are three types of device users. Each device used in Apple School Manager must be mapped to one of these device user types:

  • Teacher using 1 device (1:1)  
    • Teacher iPad devices are required to be assigned directly to the teacher. This assignment is done through setting the teachers' device's custom attribute for the managed Apple ID to the teachers' Managed Apple ID.
    • Example scenario of Teacher 1:1 device usage: At the beginning of class, the teacher will open the Classroom app and start the class enabling the teacher to see all the students' activity.
  • Student using 1 device (1:1)
    • One student gets an iPad device. This iPad device is associated to a Managed Apple ID. After this device has been associated to classes, the device is ready for use.
    • Example scenario of Student 1:1 device usage: At the beginning of the school session, a student is assigned an iPad device for use in classes. This iPad is associated to their Managed Apple ID through the Apple Education's Managed Apple ID custom attribute for that device. This device will stay with the student throughout the school session.
  • Students sharing a device (multi-user)
    • Two students share the same iPad and that iPad is associated to a device cart. If a device belongs to a student or a teacher, do not select this field.
    • Example scenarios of shared devices cart usage:One device cart will be associated to Room 32 in a local high school. There are 15 iPad devices associated to that device cart. Throughout the day, Room 32 cycles through a History class and an English class. At the beginning of the History class, one student picks up an iPad, logs in using a Managed Apple ID and uses it during the class time. At the end of History, the student returns the iPad devices to the device cart. When English class starts a student picks up an iPad, logs in using a Managed Apple ID and uses it during class. At the end of class, the student returns it to the device cart.

Procedure 

  1. Select Devices & Users > Apple Education.
    A toggle button on the page reads Off.
  2. Select the toggle button to enable Apple Education. The toggle now reads On.
  3. Enter the information listed in the table below.

  4. Select Save.

    A sync to the Apple Education data located in the Apple School Manager begins and the data (classes, individuals, shared device carts, etc.) downloads into Apple Education. The "Sync Status" field at the top of the Apple Education page displays the status of the sync. The page automatically refreshes and reloads.
    Once the sync is done, you can view your courses in Apple Education and begin managing them.

Table 1. Apple Education Account Entries

Item

Description

Apple Device Enrollment Account

Select the drop-down list and select the Apple Device Enrollment account.

Make sure to select only an Apple Device Enrollment account associated with Apple School Manager.

Custom Attributes

Select the custom attribute you created to map devices enrolled in Apple School Manager. You can have a total of 300 custom attributes in Ivanti EPMM.

  • Managed Apple ID Attribute Name - (Required) Use this field for 1:1 devices, which can be teachers or students. Select from the drop-down or enter a name that you have determined use when configuring the custom attribute for the device. This will link the device to the individual user. An example of a Managed Apple ID Attribute Name would be AppleEduID.

Teachers can only be 1:1 devices whereas students can either be 1:1 or multi-user. One device can belong to only one individual and that connection using custom attributes is associated to the name of the attribute you enter here.

  • Shared Device Cart Attribute Name- (Optional) This custom attribute is used to create a mapping between a device and a cart. Enter a name that you will use to assign devices to specific device cart via custom attributes or select the custom attribute name you created. If a shared device cart name is not entered, the device cart tab and links in Apple Education are not shown. One shared device can belong to only one device cart and that connection using custom attributes is associated to the name of the attribute you enter here. An example of a Shared Device Cart Attribute Name would be DeviceCart.

The Shared Device Cart Attribute Name must be different from the Managed Apple ID Attribute Name.

Restrictions

Shared Observation Modification Control-

  • Not selecting this check box allows the device user privacy, as per the General Data Protection Regulation (GDPR) in Europe.

  • If you want to allow the teacher to remotely control the students' screens, select this check box. Once selected, this check box cannot be disabled.

Creating labels for Apple Education

Labels can be assigned to a class, location, course, or type of device. Use the Apple Education labels to assign apps and configurations, like WiFi and Restrictions. For example, you may decide to have a Label for each location's WiFi. Or you may have the WiFi configuration based on location and type of device, as Teachers may be able to access more hosts than students. In addition, you will want to have a teacher label and assign that label to the Classroom App.

Procedure 

  1. Select on Devices & Users > Devices.
  2. Select Advanced Search.
    The Advanced Search dialog box expands.
  3. Select the drop-down arrow and expand Apple Education.
  4. Use these guidelines in the table below to complete your search criteria using the query builder or by manually editing the expression.

  5. Select Save to label.
  6. Type a name and description for the new label.
  7. If Notes for Audit Logs is enabled, a text dialog box opens. Enter the reason for the change and then select Confirm. For more information, see Best practices: label management.

Table 2. Search Criteria Guidelines

Field

Description

Example

Apple Education Enabled

Enter a unique name that clearly identifies the purpose of the label.

"apple_education.apple_education_in_use" = true

Class ID

Enter the unique class ID. An example, class ID could be: 02015a85-2815-4939-b6e0-b29334cad952

"apple_education.class_id" starts with "02015a"

Course ID

Enter the unique course ID, for example, a history class that runs June 2018.

"apple_education.course_id" starts with "[email protected]"

Location ID

Enter the unique location ID. You are assigned one location for your Apple School Manager account. Through the Apple School Manager portal, you can add additional locations.

"apple_education.location_id" = "[[email protected]]"

Apple Education Role

Enter the unique teacher's ID name / number.

Common uses:

"apple_education.role" equals "Teacher"

"apple_education.role" equals "Student"

"apple_education.role" equals "Student (MultiUser)"

"apple_education.role" starts with "Student"