Apple School Manager can help bridge the gap between educational institutions and students while centralizing management of their distance learning initiatives in five simple, yet powerful ways.
Apple School Manager (ASM), formerly known as Device Enrollment Profile (DEP), is Apple’s backend website that allows schools or districts to create an account linked to their Apple sales accounts, facilitating a seamless transition between new equipment purchased and configuration, then to the end user’s hands.
ASM aims to make managing Apple devices easier than ever before. Take MacBook Pro laptops, for example. Before ASM, IT typically configured a source device with all the software and settings required, then encapsulated all that data and captured an image, resulting in a large file that would be copied over to each target device, effectively cloning the original.
By using ASM, a new device gets automatically enrolled in the school’s ASM account (based on serial number). Enrolled devices are linked to a Mobile Device Management (MDM) server from the console within seconds. Upon powering on the devices for the first time, users must answer a few basic questions, such as selecting a preferred language, location, and establishing a network connection. The device activates with Apple servers and gets handed to the MDM for configuration.
The example above demonstrates a basic set up, and a new device can be made available within minutes. The software can be leveraged for more advanced deployments and fully supports macOS, iOS, iPadOS, and tvOS, among other helpful features detailed below.
Arguably one of the biggest recurring tasks for any IT professional is deploying (and upgrading) software applications. One of the interesting features baked right into ASM is the ability to search and procure licenses for applications, books, and media due to its tight integration with the App Store. Any application available in the app store can be licensed–from one to more than 10,000 licenses–and made available for any devices that support it. Even paid apps can be purchased, often at a discount. The best part: Licenses do not expire with a device, so once a device is at the end of its life or replaced, the licenses simply rejoin the pool.
Most organizations implement some sort of directory services to centrally manage user accounts. ASM offers integration with LDAP and cloud-based services, such as Azure or Microsoft 365, to allow user accounts to federate across services while maintaining security and SSO capability. Apple goes one step further when federating by allowing these accounts to serve as managed Apple IDs. This opens up a world of possibility not available to the standard Apple ID, such as limiting FaceTime and Messages to only users within your domain or disabling it outright.
SEE: Office 365 is now Microsoft 365: What you need to know (TechRepublic)
At this level, Apple has really tapped into something special for all stakeholders. Beginning with IT, data source connectors allow for information to be imported from Student Information Systems (SIS) to populate class rosters and link them to the respective educators teaching those courses. For teachers, the Classroom app allows them to draw upon this roster information to pull up their classes–fully populated. It is also powerful enough to allow them to share documents, assignment work, collaborate with other teachers and students, share screens, and manage the classroom by keeping tabs on what students are doing, including limiting what they can do and when they can do it. Students interface using the Schoolwork app, which provides a one-stop shop for all their work, questions and answers, collaboration, remote management, and requesting systems for when asking for assistance.
One of the keys to making ASM work as well as it does is the handover capability it uses with your selected MDM provider. Using encryption to secure communications, ASM and MDM are in constant communication, syncing data between the two platforms. This ensures that tasks occur as quickly and efficiently as possible while being as up to date as possible. In this role, the MDM will enforce policies, push configurations, and manage the device day to day.
SEE: Google Classroom tips: How to create and manage classes remotely (free PDF) (TechRepublic)
Data and user security
Devices enrolled in ASM will always handover to the MDM, even when lost, stolen, or wiped. This gives organizations the best possible chance to recover equipment, as it is effectively “useless” to anyone outside of the organization’s network. Apple continues to double-down on data security with the supervision of devices being enabled by default when provisioned via ASM, and this goes for user privacy, too. Apple has implemented systems that still allow users to use the features of these devices without having to worry about Personally Identifiable Information (PII) being leaked.