Automating Apple device rollouts in education is easier than you think. In today’s session, Robert Brown, Director of Technology at Foxcroft Academy, shared how an automated method of pulling student, teacher and class data from PowerSchool, and syncing it with both LDAP and Jamf, is instrumental to the success of the 1-to-1 iPad program at Foxcroft.
Brown was instrumental in transforming Foxcroft’s technology department. He turned two computer labs, and a budget of less than $1,000 per year, into the state’s first high school to implement a 1-to-1 iPad program with a yearly budget approaching $250,000. For Brown, a 1-to-1 deployment was key to achieving equity for all students. “For many of these students, this is the only device their family has for technology,” he said. So how’d he do it?
Brown moved to a hands-off approach, beginning with app assignment. He noticed that with manual code distribution, he would encounter issues with students who forgot to redeem a code, which required IT time and resources to intervene. With device-based app assignment, Brown is able to assign apps directly to devices without requiring manual code redemption by the student. Students simply power on their device and automatically see all the apps associated to their classes (both on the device and in Self Service).
“With device-based assignment, students can get everything they need without an Apple ID. It takes a lot of work out of our hands,” Brown explained. This specifically helps with complexity of supporting the school’s 475 international students from 20 different countries, many of whom already have Apple IDs from regions outside the U.S.
The driving force behind Brown’s zero-touch deployment? Scripts. PowerSchool (their SIS) is the source of truth for students, classes and staff. When a new student is added to PowerSchool, a script syncs them with the school’s LDAP and does a look up. If the student isn’t already a LDAP user, a new LDAP user is created. Once LDAP is queried and updated, a script writes profiles, smart groups and classes to Jamf, which organizes students by class and assigns the apps and content associated with each class.
To demonstrate this relationship, Brown walked through both the IT and end-user experience. He showcased their use of configuration profiles to link LDAP groups to classes and Smart Groups to assign apps and eBooks. Brown remarked that the keys to success for linking so many systems, profiles and smart groups is using the same naming convention. “Everything is just consistent,” he said. When the sync happens and the student’s device checks in, they automatically receive all of the content associated with the class they are in LDAP and PowerSchool. Brown said, “It’s really quick. For the IT department, I don’t even need to know who is in the class. It all just happens behind the scenes. The less involvement by us, the better.”
The move to device-based app assignment also helped streamline their app budget. Brown showed a few helpful tips specifically for eBook distribution. App distribution takes place with VPP (Volume Purchase Program) through a device-based app assignment, but eBooks are distributed specifically through Self Service. Because eBooks can’t be reclaimed, using Self Services reduces the likelihood that a student claims the eBook before they know for sure they’ll need to use it.
“Our classes like Coding with Python required paid apps, and with device based assignment, Smart Groups, LDAP and syncing, we only get the licenses we need and only the students in that class will get app. And Self Service keeps us from wasting eBooks,” Brown explained.
Each year new students receive pre-configured DEP-enrolled iPads, along with username and password information. Then the student takes it from there. Brown went on to say, “there’s no more manually configuring Wi-Fi and other settings. It’s all already there.”
Brown closed out the session with a few tips on recovering lost or stolen iPads. School devices are configured with a prompt for a guest login and password. If a device is stolen and the thief attempts to use the guest log in and password, the device is automatically placed in a Smart Group and Brown can collect their IP address and location. “It’s helped us recover quite a few devices,” Brown said.