Probably the most issues I would like in an effort to do in our new deployment is stumble on gadgets which are “out of spec” and ensure that the customers in finding their as far back as me for … ah … re-education.
Maximum “out of spec” issues will also be handled through the MDM server itself. If a tool tests in with a lacking configuration profile or a lacking app, the server will mechanically handle that.
Now and again, although, we need to take a look at for different prerequisites and ensure that those eventualities do not move on for too lengthy. To succeed in this, I’ve designed a “lockout protocol” for our deployment.
The Configuration Profile
Now we have a configuration profile that may be carried out to any supervised iPad that necessarily “locks out” the person from doing any paintings. It’s truly rather easy.
The primary payload is a Restrictions payload which I take advantage of to simply permit one app: The JAMF Self Carrier app.
The second one payload is a House Display Structure payload. This places the Self Carrier app into the Dock, in order that other folks can in finding it simply.
That’s all it’s however, since the gadgets are supervised and in DEP, there’s not anything the person can do to get out of this example apart from to come back and notice me for assist.
The Standards for Lockout
To stumble on those anomalous prerequisites, I’ve a wise tool team in our MDM that captures gadgets in accordance with the next prerequisites:
- The tool stock is greater than 10 days outdated (i.e. it’s now not speaking with the server correctly) OR
- The JSS “Jailbreak Detected” box is “sure” OR
- The “Location Products and services for Self Carrier” is “Now not Enabled/Unknown”.
- The iOS model is not up to the present liberate model of iOS.
Now, I generally give a grace length for iOS updates of a couple of week earlier than I replace the standards for the good team so it’s now not too draconian.
I haven’t but had a tool the place the stock on my own was once stale. I think this situation is most definitely redundant for the reason that, if the tool can’t provide stock, it’s not likely in an effort to obtain the brand new profile both.
When a brand new iOS replace comes out, the very first thing I do is push a notification to Self Carrier. To be truthful, about part the scholars reply to this in a well timed method.
After a couple of days, my new factor is to push a brand new wallpaper to the gadgets that places the message proper within the scholars’ faces.
After a couple of extra days, if the gadgets nonetheless aren’t up to date, I replace the standards for the lockout protocol and the shutter comes down till the entirety comes into line.
Even if locked out, the tool will nonetheless be capable of be up to date as Settings is the one app that may’t be hidden.
As soon as the anomalous state of affairs is resolved, the person will most probably want to come and notice me. Units replace their stock usually as soon as an afternoon to the JSS, however an administrator can drive a listing replace manually. That will purpose the tool knowledge to be up to date and the limitations lifted.