Enter Apple Configurator 2, a free tool on the Mac App Store. This tool basically fixes most setup challenges for iOS, but does so over USB. This means that Apple Configurator is not a replacement for Bushel. In fact, we get a lot of questions from experienced Apple administrators about how to use profiles that we don’t yet support. So Apple Configurator is great way to get settings on devices that you don’t need to update over the air (e.g. initial setup options). Apple Configurator 2 is a tool that can help to manage iOS devices during a mass deployment and do so in a manner that is easy enough that you don’t need a firm background in IT to manage devices on a day-to-day basis.
Here is what Apple Configurator can do:
- Update iOS devices to the latest version of iOS.
- Rename devices using a numbered scheme (e.g. iPad 1, iPad 2, etc).
- Erase (wipe) iOS devices.
- Backup and Restore iOS devices.
- Deploy profiles/policies (e.g. no Siri for you, disable cameras, setup wireless, etc) to iOS devices.
- Export profiles.
- Activate devices (after all a restore of a freshly activated device is an activation).
- Push any kind of app to devices.
- Track Volume Purchase Program (VPP) codes used on devices.
- Manage the wallpaper on “Supervised” devices (more on supervision later).
- Manage the names of devices en masse.
- Load content to apps on devices.
- Skip initial Activation steps on devices.
Apple Configurator 2 does have some caveats, including the following:
- In order to push apps through Apple Configurator, the system running Configurator needs access to Apple’s servers and Apple Configurator needs an AppleID associated with it that is not the VPP facilitator if you are leveraging any paid apps.
- You can use Apple Configurator “off-line” or without an AppleID to Prepare devices with Profiles, just not to Activate devices. For the initial device activation process, Macs running Apple Configurator will need to be online. Additionally, you’ll be prompted to enter your Apple ID routinely.
- If you push Trust and Enrollment profiles to automatically join an MDM, the device isn’t associated with a user unless the MDM has been prepped to designate each UDID or Serial Number to a given user. Bushel doesn’t yet support mass enrollment in this fashion but will.
- If you accidentally plug in your iPhone to a machine and you’re using Apple Configurator on it and you’ve chosen to Erase in the application, then it will wipe your phone along with the 30 iPads you’re wiping. It’s awesome and scary like that (yes, I’ve accidentally wiped my phone).
I see a number of uses for Apple Configurator. Some of these use cases include:
- Company and education labs: manage devices end-to-end (no MDM, iTunes iPhone Configuration Utility or other tools needed), managed by the lab manager.
- One-to-One environments (schools): Manage the distribution of infrastructure settings (mail, wireless networks, etc) for devices as well as Trust Profiles to make it faster to enroll in MDM environments and Web Clips to manage the links for enrollment.
- Device distribution: Pre-load applications (that can’t be updated unless they’re cradled again), renaming, profiles, activation, iOS software updates, etc.
- Backup and Restore only stations where you don’t interfere with later iTunes use.
These can enhance practically every environment I’ve worked with. But unless it’s a small environment (e.g. the labs), Apple Configurator isn’t a replacement for the tools already in use in most cases, like an MDM solution. Instead, it just makes things better. Overall, Apple Configurator 2 is a welcome addition to the bat belt that we all have for iOS management and deployment. Now that we’ve looked at the when/where of using it, let’s look at the how.
At this point, we’ll explore the Profiles options in Apple Configurator 2. To create profiles, use the File menu and click on New Profile.
At the Untitled profile name, enter a name in the Name field. This is how it will appear in the Profiles section of Apple Configurator. Because you can deploy multiple profiles, I’m just going to configure the SSID and Web Clip and call it MDM Enrollment Staging. Optionally, give it some notes, organization name, etc.
Click on Wi-Fi and then click on the Configure button. Here, enter the SSID of the deployment network (MDMEnroll in this example). We’ll use the Hidden Network field to indicate the SSID is suppressed and we’ll use the network type of WEP and throw the password into the Password field as well. Now, before we move on, notice that there’s a plus and minus sign in the top right of the screen? You can deploy multiple of each, so if you have 10 wireless networks, 4 Email accounts, 9 VPN connections, 29 SSL Certs etc, you could deploy them all easily with multiple entries of each.
Next, we’ll go ahead and enter a name for our Web Clip and the URL that the device will point to.
We’ll also disable certain features of iOS. To do so, click on Restrictions, and uncheck various boxes in order to disable features you don’t wish to use.
Go ahead and close the window and you’ll be prompted to save the profile.
You’ll then see MDM Enrollment Staging.mobileconfig in the Finder where you selected to store it.
Apple Configurator 2 is really a great tool when used in the right scenarios. In learning how it works and interacts I actually learned a lot about both iOS and Mac OS X that I didn’t know before. I hope I did the tool justice with how easy it is to use. This is a fairly long article and it’s probably more complicated than it needs to be in parts, but that’s more my method of trying to figure out what it’s doing than the tool being complicated. It’s not hard to figure out at all. I am sure I could teach any non-technical iOS admin basic use of Apple Configurator 2 in less than an hour.
Overall, in Apple Configurator 2, we have a new, powerful iteration in our arsenal that makes up the iOS administration ecosystem. I also hope that no matter what, if you manage iOS devices, that you’ll take a look at it. I expect you’ll find it useful in some part of your management toolkit!
Have market trends, Apple updates and Jamf news delivered directly to your inbox.