Shared iPads
The shared iPad feature allows multiple users to use an iPad. The user experiences can be personalized even though the devices are shared. You can use shared iPads for education or business. Apple School Manager (ASM) supports the instructor and student roles in addition to the roles Apple Business Manager (ABM) supports.
Prerequisites
- Apple School Manager or Apple Business Manager
- XenMobile Server
- Any iPad Pro, iPad fifth generation, iPad Air 2 or later, and iPad mini 4 or later
- At least 32 GB of storage
- Supervised
Configure Shared iPads
Multiple students in a classroom can share an iPad for different subjects taught by one or several instructors.
Either you or the instructors enroll Shared iPads and then deploy device policies, apps, and media to the devices. After that, students provide their managed Apple ID credentials to sign in to a Shared iPad. If you previously deployed an Education Configuration policy to students, they no longer sign in as an “Other User” to shared devices.
XenMobile uses two communications channels for Shared iPads: The system channel for the device owner (instructor) and the user channel for the current resident user (student). XenMobile uses those channels to send the appropriate MDM commands for the resources supported by Apple.
Resources that deploy over the system channel are:
- Device policies: Education Configuration, Maximum Resident Users, and Passcode Lock Grace Period
-
Device-based volume purchase apps
Apple doesn’t support Enterprise apps or user-based volume purchase apps on Shared iPads. Apps installed on a Shared iPad are global to the device and not per user.
-
User-based volume purchase iBooks
Apple supports assignment of user-based volume purchase iBooks on Shared iPads.
Resources that deploy over the user channel are:
-
Device policies: Apps Notifications, Home Screen Layout, Restrictions, and Webclip
XenMobile supports only those device policies over the user channel.
When configuring device policies, you specify the deployment channel in the policy setting Profile scope.
To remove device policies that you deployed over the user channel, make sure that you choose a Deployment scope of User for the Profile Removal policy.
General workflow
Typically, you provide preconfigured and supervised Shared iPads to instructors. The instructors then distribute the devices to students. If you don’t distribute pre-enrolled Shared iPads to instructors: Make sure that you provide the instructors with their XenMobile Server passwords so that they can enroll their devices.
The general workflow for configuring and enrolling Shared iPads is as follows:
-
Use the XenMobile Server console to add ASM or ABM accounts (Settings > Apple Deployment Program) with Shared mode enabled. For more information, see Manage ASM or ABM accounts for Shared iPads.
-
As described in this section, add the required device policies, apps, and media to the XenMobile. Assign those resources to delivery groups.
-
Have the instructors do a hard reset on the Shared iPads. The Remote Management screen for enrollment appears.
-
The instructors enroll the Shared iPads.
XenMobile deploys configured resources to each enrolled Shared iPad. After an automatic restart, instructors can share the devices with students. A sign-in page appears on the iPad.
-
A student chooses the class and then enters their Managed Apple ID and temporary ASM or ABM password.
The Shared iPad authenticates with ASM or ABM and prompts the student to create an ASM or ABM password. For the next sign-in into the Shared iPad, the student must enter the new password.
-
Another student who is sharing the iPad can then sign in by repeating the preceding step.
Manage Apple School Manager or Apple Business Manager accounts for Shared iPads
If you already use XenMobile with Apple Education: You have an existing ASM or ABM account configured in XenMobile for devices that aren’t shared, such as the devices used by instructors. You can use the same ASM or ABM and the same XenMobile Server for both shared and non-shared devices.
XenMobile supports these deployment scenarios:
-
A group of Shared iPads per class
In this scenario, you assign the Shared iPads to a class of students. The iPads stay in the classroom. Instructors who teach different subjects in that class use the same set of iPads.
-
A group of Shared iPads per instructor
In this scenario, you assign the Shared iPads to an instructor, who uses those iPads for the various classes that they teach.
Organize Shared iPads into device groups
ASM or ABM lets you organize devices into groups by creating multiple MDM servers. When you assign the Shared iPads to an MDM server, create a device group for each group of Shared iPads, per class or per instructor:
- Group 1 of Shared iPads > Device Group 1 MDM Server
- Group 2 of Shared iPads > Device Group 2 MDM Server
- Group N of Shared iPads > Device Group N MDM Server
Add ASM or ABM accounts for each device group
When you create multiple ASM or ABM accounts from the XenMobile Server console, you automatically import groups of Shared iPads (one for each class or instructor):
- Device Group 1 MDM Server > Device Group 1 account
- Device Group 2 MDM Server > Device Group 2 account
- Device Group N MDM Server > Device Group N account
Requirements specific to Shared iPads are as follows:
- One ASM or ABM account for each device group with these settings enabled:
- Require device enrollment
- Supervised mode
- Shared mode
- For a given educational organization, make sure that you use the same Education suffix for all ASM or ABM accounts.
To add an account, go to Settings > Apple Deployment Program.
Apps for Shared iPads
Shared iPads support assignment of device-based volume purchase apps. Before deploying an app on a Shared iPad, XenMobile sends a request to the Apple volume purchase server to assign volume purchase licenses to the devices. To check the volume purchase assignments, go to Configure > Apps > iPad and expand Volume Purchase.
Media for Shared iPads
Shared iPads support assignment of user-based volume purchase iBooks. Before deploying iBooks on a Shared iPad, XenMobile sends a request to the Apple volume purchase server to assign volume purchase licenses to students. To check the volume purchase assignments, go to Configure > Media > iPad and expand Volume Purchase.
Deployment rules for Shared iPads
For Shared iPad deployment, the rules at the delivery group level don’t apply because they relate to user properties. To filter the policies, apps, and media for each group of devices: Add a deployment rule for the resources based on the account name. For example:
- For the Device Group 1 account, set this deployment rule:
Apple Deployment Program account name
Only
Device Group 1 account
<!--NeedCopy-->
- For the Device Group 2 account, set this deployment rule:
Apple Deployment Program account name
Only
Device Group 2 account
<!--NeedCopy-->
- For the Device Group N account, set this deployment rule:
Apple Deployment Program account name
Only
Device Group N account
<!--NeedCopy-->
To deploy the Apple Classroom app only to instructors (using unshared iPads), filter the resources by ASM or ABM shared status with these deployment rules:
Deploy this resource regarding ASM or ABM shared mode
only
unshared
<!--NeedCopy-->
Or:
Deploy this resource regarding ASM or ABM shared mode
except
shareable
<!--NeedCopy-->
Delivery groups for Shared iPads
For the device group for each instructor:
- Configure one delivery group. For the instructor, assign all the classes that the Education Configuration policy defines.
- That delivery group must include these MDM resources:
- Device policies:
- Education Configuration
- Apps Notifications
- Home Screen Layout
- Restrictions
- Maximum Resident Users
- Passcode Lock Grace Period
- Required volume purchase apps
- Required volume purchase iBooks
- Device policies:
Security actions for Shared iPads
In addition to existing security actions, you can use these security actions for Shared iPads:
- Get Resident Users: Lists the users that have active accounts on the current device. This action forces a sync between the device and the XenMobile console.
- Logout Resident User: Forces a log out of the current user.
- Delete Resident User: Deletes the current session for a specific user. The user can sign in again.
- Delete All Users: Deletes all users on the device.
After you click Delete Resident User, you can specify the user name.
Results of security actions appear on the Manage > Devices > General and Manage > Devices > Delivery Groups pages.
Get information about Shared iPads
Find information specific to Shared iPads on the Manage > Devices page:
- Look up:
- Whether a device is shared (ASM or ABM shared)
- Who is logged in to the shared device (ASM or ABM logged-in user)
- All users assigned to the shared device (ASM or ABM resident users)
- Filter the device list by its ASM or ABM Device Status:
- View details about the user logged in to a Shared iPad, on the Manage > Devices > Logged-in User Properties page.
- See the channel used to deploy resources to instructors and users in a delivery group on the Manage > Devices > Delivery Groups page. The Channel/User column shows the type (System or User) and the recipient (instructor or student).
- Get information about resident users:
- Has data to sync: Whether the user has data to be synchronized to the cloud.
- Data quotas: The data quota set for the user in bytes. A quota might not appear if user quotas are temporarily off or aren’t enforced for the user.
- Data used: The amount of data used by the user in bytes. A value might not appear if an error occurs as the system gathers the information.
- Is logged in: Whether the user is logged on to the device.
- View the push status for both channels.
In this article
- Prerequisites
- Configure Shared iPads
- General workflow
- Manage Apple School Manager or Apple Business Manager accounts for Shared iPads
- Organize Shared iPads into device groups
- Add ASM or ABM accounts for each device group
- Apps for Shared iPads
- Media for Shared iPads
- Deployment rules for Shared iPads
- Delivery groups for Shared iPads
- Security actions for Shared iPads
- Get information about Shared iPads