Zero touch deployment: as easy as ABC

What is Zero Touch Deployment?

First, let’s get a small misconception out of the way. Zero Touch Deployment does not mean “any touch” or “no touch”, for that matter. Devices — whether new in box or from existing stock — still and will always require reconfiguration to some degree.

However, the purpose of Zero Touch is to delineate that, with the proper setup, IT can develop an onboarding workflow that allows them to shift the burden of manually setting up each device to the end-user themselves, managing the process each step of the way through automation.

The end result? New devices are provisioned quickly, efficiently and the same way each time. End-user’s get their devices faster and are empowered by being able to setup their devices as they see fit — but within the purview of IT and security policies. And best of all? The process is completely granular, allowing IT to modify it as needed so that user’s in say, the Marketing department get exactly the software they need, while members of the Finance department get the apps that are important to them without compromise or provisioning additional software that isn’t required.

Components necessary for Zero Touch Deplyment

As Chris explains in the video, there are a few components required for Zero Touch to be a reality. Luckily, organizations already have many of these components and many of them are free and just require initial configuration to get going.

• Apple School Manager (ASM) or Apple Business Manager (ABM) Account
• Apple devices purchased from Apple or Authorized Reseller
• Mobile Device Management (MDM) solution

That’s it! The first two can be obtained from Apple, while the third requires an MDM solution, like Jamf Pro, in order to manage the devices once they are enrolled and in the hands of end-users.

Now, there is some minor configuration that will be required to get the ASM/ABM and Jamf Pro accounts to communicate, as well as some default settings that should be configured, especially if the ultimate aim for your organization is to automate as much as of deployment process as possible. Chris does a stellar job of providing this information as well as some suggestions for getting started with a strong, Zero Touch foundation.

Benefits to Zero Touch vs Legacy Deployment

Now, any admin that has to ever deploy computers like laptops, for example, to a remote team using legacy deployment methods will know exactly how taxing, time consuming and well, error-prone the process could be.

Most of the time, admins would utilize monolithic, or thick-imaging, to create one giant, general purpose image with all the settings, software, configurations — everything needed by anyone that would use the laptop — in an effort to not miss anything important and make sure everyone was accounted for.

While it sounds great in theory, and it could be at times, in practice the process could be affected negatively by any number of variables, resulting in a complete waste of time. One that led to manually wiping all devices again and starting again from step one.

Thankfully, these days are behind us as Apple admins and the shining light that is Zero Touch illuminates those once dark times. For starters, Zero Touch is modular, meaning that if any point fails in the chain, simply restarting from that point is all that’s necessary to move forward. Plus, given this modularity, when workflows need to change, such as when upgrading to a newer version of macOS, it’s usually as easy as downloading the latest version of the installer — the rest remains the same and the deployment should continue to work as intended.

Another benefit to keeping everything separate is that each device gets a cleanly installed version of macOS each time. Settings, configurations and applications are added during their respective phase in the Zero Touch workflow. Speaking of apps, when it’s their turn to be installed, the cloud-based nature of the deployment strategy favors only the latest versions of apps, such as those found on the Mac App Store, so there’s little to no reason to worry about keeping legacy versions of applications handy or creating awkward upgrade processes that install newer versions over a chain of older versions that could potentially break functionality. All that is a thing of the past!

Centralized device management & automation

Finally, centralizing device management is the core function that keeps Zero Touch operating beautifully — from the initial pre-stage phase to enrolling the device in MDM, provisioning it with the settings, configurations and applications required by the user it is assigned to, to on-going maintenance by IT staff, including maintaining the device’s security posture with first and third-party patches and updates, policies to ensure device’s remain compliant and inventory is up to date.

Through helpful management functionality, like Smart Groups and Self Service, both aid in establishing automated workflows, empowering end-user’s to stay productive with access to resources anywhere and at any time. On the administrative side, IT can rest assured that automation helps them to not only work smarter, not harder, but keeps devices, users and data safe throughout the device’s lifecycle.

Read more BETT Apple at School content:

• Streamlining deployments and updates in Mac labs
• How Explain Everything fosters engaged learning
• Learning technology at Heronsgate Primary School
• Focused creativity in the classroom with Apple and Jamf
• Google + Apple at Holy Trinity CofE Primary School
• iPad and Showbie: personalized feedback and impactful learning
• Balancing tradition with innovation at RGS Worcester
• Engaging AR learning activities for the classroom and home
• From the classroom to full remote: a fast learning curve
• Using Microsoft, Google and other identity providers with Jamf School
• iPad learning anywhere, anytime