Shared iPad devices with Apple Business Manager

This section addresses enabling shared iPads with Apple Business Manager.

Overview

If you have an Apple Business Manager account loaded in Ivanti EPMM, you can enable Shared iPad devices between multiple employees. This allows organizations to share devices between multiple employees. Employees can sign in using a Managed Apple ID and access their custom profile with Mail accounts, files, app data, etc. The data is stored in iCloud, allowing the employee to log into any Shared iPad.

A sample case study for using Shared iPad devices for Apple Business Manager is in the healthcare industry, where a doctor and nurses can share one device.

Admins of Shared iPad devices can manually create accounts, Managed Apple IDs and passwords and federate to an identity provider like Azure Active Directory.

If Admins installs an app for Shared iPad devices, all users will have that app. Apps for Shared iPad devices are loaded through registration for Apple-licensed apps. You must have the Send Installation Request on device registration or sign in selected in the AppCatalog.

Requirements for Shared iPad devices for Apple Business Manager

Below are the requirements for enabling Shared iPad devices:

  • An Apple Business Manager account
  • Managed Apple ID - Managed Apple ID to be associated with each enrolled device. This Managed Apple ID provides authentication for MDM management and app licensing. When the MDM pushes down apps and media, necessary Apple licenses are assigned to the Managed Apple ID associated with the device. Admins can manually create these accounts or federate to an identity provider like Azure Active Directory.
  • Shared iPad devices must have at least 32 GB of storage and be supervised.

Enabling Shared iPad devices for Apple Business Manager

There is only one step for enabling Shared iPad devices:

  1. Add an Enrollment Profile and set the sessions for Shared iPad devices. See Creating an Apple Enrollment profile for Apple Business Manager

Shared iPad supported configurations

  1. Below are the supported configurations. If these configurations are to be pushed per Shared iPad device user, then you need to create or edit existing configurations to have $MANAGED_APPLE_ID$. You should have already created Managed Apple ID in Apple Business Manager for each Shared iPad device user and also created a separate account for each of the below configurations.
    • CalDAV
    • CardDAV
    • Google Account
    • Subscribed Calendars
    • Exchange
    • Email
    • Managed App Configuration

    $MANAGED_APPLE_ID$ is also used in a user enrollment scenario, not to be confused with the Shared iPad device scenario.

    For more information, see:

  1. If you are creating new configurations, add label support for Shared iPad devices. See Managing Labels in Getting Started with Ivanti EPMM.
  2. MANAGED_APPLE_ID is the only substitution variable that changes in iPad sharing when a device user logs in. (Other device substitution variables can still be used, but it does not denote a device user) If you updated any configurations with user substitution variable $MANAGED_APPLE_ID$, push the configuration. The user substitution will only push on the user channel for Shared iPad devices.
  3. Once the Shared iPad device user logs in, the Shared iPad settings display in the Device Details page. You can also search on specific Shared iPad fields, see Advanced searching for more information.

Creating an Apple Enrollment profile for Apple Business Manager

See Creating an Apple Device Enrollment Profile. Make sure to mark you place here so you can return for the next step if needed.

Retiring Shared iPad devices

Wipe the device prior to retiring the device. Once you retire a device, the MDM profile is removed and the Admin cannot make remote MDM commands or changes. This leaves the Shared iPad without MDM and the device user cannot erase or reset the device since it's Shared iPad. If this happens, The only way to erase or reset the Shared iPad device once is to connect to Apple Configurator and select the Allow Erase All Content and Settings (supervised devices only) option.

Shared iPad delete user session

Managing Apple School Manager Devices