Sudo Talks Oct 24 Q&A

ByBen Greiner

Following our October Sudo Talks session on iOS Management, we’ve summarized key takeaways from the Q&A. Here are the insights and practical guidance on the challenges and solutions discussed during the event.

Device Enrollment and Management Processes

  • Question: Any plans for User Enrollment coming to Addigy?
  • Answer: We are reviewing and working on support for account-driven User Enrollment. Please send a ticket to [email protected] to show priority for this feature!
  • Question: Are there any recommendations to help streamline adding 150+ iPads into Apple Business Manager (ABM) after the fact, or is patience required, adding them one at a time with Apple Configurator?
  • Answer: If the iPads were purchased through a reseller, they may be able to retroactively add them to ABM. If purchased through Apple, contact them if the devices were bought under your company account. Otherwise, adding them during maintenance or rotation may be your best option.
  • Question: If a device is in ABM with Essentials, and Addigy was set up after deployment, is ‘Erase All Content and Settings’ enough to push it into Addigy?
  • Answer: As long as the device is in ABM and properly assigned to Addigy, ‘Erase All Content and Settings’ should re-enroll it into Addigy.
  • Question: What are your recommendations regarding urgent deployments for devices not yet in ABM, and how do we streamline enrollment?
  • Answer: Ideally, these devices should be added to ABM using Apple Configurator for full control and supervision. However, for urgent deployments, Manual Device Enrollment can be used, as some management is better than none. The main downside is that iOS/iPadOS devices won’t be in Supervised mode, which limits critical management capabilities. Additionally, non-removable MDM profiles cannot be enforced, meaning users could remove the enrollment profile and disable management entirely.
  • Question: Is there a difference in deploying Apple apps via Addigy on devices with Automated Device Enrollment (ADE) versus manually enrolled devices?
  • Answer: Yes, there is a difference. Devices enrolled via Automated Device Enrollment (ADE) are in Supervised mode, allowing apps to be deployed without any prompts to the end-user. On non-supervised devices, such as those enrolled manually, the end-user must approve app installations.
  • Question: Is enabling Supervised mode only possible through ADE or Apple Configurator?
  • Answer: This is true for iOS and iPadOS devices, however macOS devices enrolled manually (using enrollment link or manually downloading the enrollment profile) will be treated as Supervised if they are running macOS 11 or newer.
  • Question: Which Identity providers support SSO enrollment for iOS?
  • Answer: Addigy supports SSO enrollment for all Apple devices—iPhones, iPads, Macs, and even Apple TVs—when enrolled through Automated Device Enrollment (ADE). We provide guides for setting up Microsoft, Google, and Okta, but any Identity Provider that supports SSO should work.
  • Question: Does Addigy support the Return to Service feature of iOS?
  • Answer: It’s coming soon. Our ETA for the Return to Service feature is November of this year.

MDM Policy and Compliance

  • Question: Does Await Device Configured hold until initial MDM enrollment is verified, or does it wait for all policies/apps to be applied? Does this have an effect on installation priority settings?
  • Answer: Await Device Configured holds the device on the Remote Management screen until all defined ADE Enrollment policies are deployed. This includes prioritized deployments (0.1-0.9). For details, visit: Overview: Priority Deployments
  • Question: For BYOD/personal devices, how does the unremovable profile work?
  • Answer: BYOD cannot have unremovable profiles. Device management is more limited on personal devices to avoid full control over personal assets. More details can be found in this guide.
  • Question: Can we control the language of update notifications, and do you have examples?
  • Answer: This depends on macOS/iOS language settings and defaults. Please submit a support ticket for further guidance on customizing this for your organization.
  • Question: Can apps be removed from the home screen layout without dumping them into a folder?
  • Answer: Yes, you can control app visibility on the home screen using the following Restrictions profile settings in iOS 15 and later:
    • allowListedAppBundleIDs: Displays only the listed apps and prevents launching or displaying any others.
    • blockedAppBundleIDs: Prevents specific listed apps from appearing or being launched.
    Note: blacklistedAppBundleIDs and whitelistedAppBundleIDs were used in earlier versions but are deprecated in iOS 15. For additional information, visit: Home Screen Layout for iOS and iPadOS
  • Question: In SOS remote sessions, why does the iPhone lock when the screen goes dark, and how can I prevent this?
  • Answer: Try the solutions in this guide.
  • Question: Does Addigy support custom app deployment?
  • Answer: Yes! Addigy supports Apple’s preferred method for custom app deployment, as outlined in this Apple article.

Self Service

  • Question: Any updates on adding extra fields to the Ticket part of Self Service?
  • Answer: We are continuously evaluating workflow improvements based on customer feedback. If adding extra fields to the Ticket section is important for your team, we encourage you to submit a request to [email protected]. This helps us prioritize the features that matter most to our users.
  • Question: Can we deploy Self Service without affecting already deployed apps?
  • Answer: Yes, deploying the Self Service app will not affect apps that are already deployed. Self Service simply presents available apps to the end-user. If an app is already installed, the end-user won’t be able to trigger a second installation as long as the “install as managed” option is selected in the Addigy policy settings.
  • Question: If Self Service is deployed after apps, can users remove apps through Self Service?
  • Answer: No, users would have to remove the application themselves. Similar to how to Apple’s App Store works today.

Additional Questions

  • Question: How can users sign into iCloud while using Managed Apple Accounts?
  • Answer: Some services are disabled for Managed Apple Accounts. Apple sets these limitations, and feedback on business use cases can be provided to Apple. Learn more about supported services here.
  • Question: Does Addigy have a roadmap for Vision Pro and VisionOS support?
  • Answer: VisionOS support is under review. To help prioritize this feature, please submit a ticket to [email protected].
  • Question: Can you explain how Shared iPads handle multiple login sessions and storage resources?
  • Answer: Shared iPads are designed to manage multiple user sessions efficiently by allocating separate storage and settings for each user. Apple has detailed documentation on how Shared iPads handle login sessions and storage resources, which you can find here: Prepare Shared iPad.
  • Question: Is the demo video of iOS setup with auto-enrollment available online?
  • Answer: The demo video is not currently available online, but we are working on updates to the main Addigy website, where we plan to include it in the future. Stay tuned for updates!

Summary

We’re committed to continuously evolving the Addigy platform to meet the demands of modern IT environments. Your feedback helps drive our improvements, and we invite you to send additional questions or suggestions to [email protected].

For further guidance, Addigy customers can reach out to their Customer Success Manager, and if you’re new to Addigy, we invite you to Schedule a Demo or start a Free Trial.

Similar Posts