Re-provision mobile devices with the Jamf Return to Service app
The Return to Service app allows frontline staff to erase and reenroll an iPhone or iPad without intervention from IT admins. This blog discusses the Return to Service feature and outlines the Return to Service app available with Jamf Pro.
The importance of re-provisioning shared devices quickly
When deploying shared iPad or iPhone for a purpose, organizations need to set up the device for use by multiple user groups. These users can work for the organization — called the deskless workforce — like retail store associates, gate agents or manufacturing floor employees. Other users interacting with shared devices are patients during a hospital stay or students during the school year. Whatever the use case, implementing a shared-device model means readying them for the next user. This can be multiple times during the day, once every few days or each semester. To ready a device, IT staff needs to wipe its data, re-provision and reconfigure it. Organizations can configure the Return to Service app to automatically re-provision a device, or if they want to provide more control to frontline users, to re-provision the device in one tap.
Let’s explore a patient using an iPad during a hospital stay. When healthcare organizations offer patients a bedside iPad, it needs to be configured to patient needs. That means deploying patient-facing apps like Epic MyChart; Zoom or Teams to communicate with family and friends; or apps to change room settings or to stream a TV show. iPads can provide patients more control and peace of mind during their stay.
But these devices contain sensitive information, like patient health information (PHI). So after the patient is discharged, the device needs to be completely wiped of its data. It also needs to be quickly re-provisioned and reconfigured for the next patient.
Re-provisioning devices historically relied on more manual interaction for IT admins and frontline staff. After a patient discharge, IT admins could send a remote EraseDevice command to erase all data on the device, including data from the previous user (like data from Epic MyChart). However, to ready the device for the next user, hospital staff would have to manually go through the Setup Assistant. This means selecting the language, region, and the Wi-Fi profile. At this point, the device is reenrolled into MDM, and reconfigured for the next user.
Going through the Setup Assistant adds extra burden to hospital staff, extra time to device re-provisioning and can add extra support tickets for IT staff.
Return to Service
In iOS 17 and iPadOS 17, Apple introduced the Return to Service feature — making resetting and reenrolling devices into MDM completely automated. The feature removes the need for frontline staff to select the language, region and Wi-Fi profile during Setup Assistant. Not having to select a Wi-Fi profile is critical, since a Wi-Fi profile is required to activate the device. With Return to Service, the device automatically enrolls into MDM and is ready for the next user.
Return to Service performs the following actions:
- Resets using Erase Device command with Return to Service
- Securely wipes all data.
- Caches the Wi-Fi profile and MDM profile (optional).
- Restarts the device.
- Applies the previously configured language and region settings.
- Installs the Wi-Fi profile.
- Installs the MDM profile (optional).
- Connects to Wi-Fi.
- Reenrolls into MDM.
There are certain requirements to use Return to Service:
- Devices must be on iOS 17 or iPadOS 17 or later
- Devices are enrolled with MDM via Automated Device Enrollment through Apple Business Manager or Apple School Manager (if no MDM profile provided)
- Activation Lock must be disabled
Return to Service application
In Jamf Pro, there are two ways to utilize Return to Service: via the Jamf Pro API or with the Return to Service app. This section will focus on the Return to Service app, which is available in the Apple App Store or the Jamf Marketplace. To use the Return to Service app, organizations must use Jamf Pro.
As we mention above, once the patient is discharged, all PHI or other sensitive data needs to be removed, and the device needs to be re-provisioned for the next patient. This workflow must happen quickly without unnecessary user interaction from nursing crews or other hospital staff. This is where the Return to Service app can help.
Let’s take a look at what the app looks like in action. The following workflow is a view of a frontline user being empowered to use the Return to Service app themselves. (This workflow can also be done without interaction from a frontline user.)
A member of the hospital staff opens up the Return to Service application.
The app brings up the Reset button, which the staff member taps. A five-second countdown screen is presented to cancel and then Return to Service is initiated.
In the background, the Return to Service app performs the actions mentioned in the previous section — starting with using the Erase Device command with Return to Service to reenrolling into MDM.
iPhone being set up and reenrolled into MDM
At this point, the device automatically returns to service — back to the Home Screen without any user interaction.
Enable end-user workflow
To enable the end-user workflow, IT admins can configure the device with a few simple steps in Jamf Pro. (To get a full understanding of the workflow, check out the administrator guide.)
- Integrate the Return to Service API by creating the API role and client
- Select the network configuration profile containing the Wi-Fi payload
- Create a managed app configuration by adding your client ID, client secret, and Wi-Fi configuration profile ID
- Create the app record configuration and add your app to the Jamf Pro app catalog
And that’s it. Now the Return to Service app can be deployed to any managed mobile device.
Summary
The Return to Service app opens up opportunities for organizations to reduce the time and effort it takes to re-provision mobile devices. And for organizations with shared device deployments, reducing re-provision times is critical. This blog already outlined an example of how Return to Service helps with patient bedside devices, but that’s not the only use case. Some others include:
- Retail store associates returning a shared device at the end of their shift
- Flight attendants sharing devices with point-of-sale or custom airline apps
- Students using an iPad they have to return at the end of the lesson
- K-12 schools wiping a device at the end of the school year
- Patients using an iPad for distraction and returning it to a nurse when checking out
Whatever the use case, if a device needs to be refreshed and re-provisioned, any verified user can do it with one tap in the Return to Service app.
Want to learn more about Return to Service?