Gone are the days when you had to manually configure devices and subsequently assign them to an MDM server via Apple Business Manager. With these new automation features in Apple Configurator, the entire device provisioning process is now fully automated!
In my previous post, we unfolded the myriad announcements made during Apple's most recent Worldwide Developers Conference (WWDC 2023). We navigated through the torrent of innovations and technological advancements, focusing on how they promise to redefine the user experience.
In the last post, we discussed the latest development in macOS 14 and iOS/iPadOS 17.
Somesh Pathak
Till now, Apple Configurator has long been a staple for IT professionals managing iOS/iPadsOS & macOS device with Apple School Manager or Apple Business Manager ecosystems. Traditionally, adding a new device to your organization involved a two-step process. First, the device had to be added into your organization. Then, someone with the role of Device Enrollment Manager would have to log in to the ABM portal to assign that device to the appropriate MDM server.
Excitingly, this year brings a significant update: Apple Configurator now enables automatic assignment of devices to your chosen MDM server directly within the tool itself. This streamlines the process and makes life a whole lot easier for IT administrators.
In this blog post, we're revisiting the Apple Configurator, but with a different lens. So, buckle up and join me as we traverse through the soon-to-be-released Apple Configurator features and see what Apple's commitment to continuous improvement has in store for us.
Before we dive in, make sure you have the following:
Apple Configurator is a free tool developed by Apple and available on the Mac App Store. This tool provides a way for administrators to mass-configure and deploy iPhone, iPad, and iPod touch devices in an organization or school. It is often used in environments where multiple iOS devices need to be quickly set up with specific settings and apps, such as in education or business settings.
Leveraging Automator and the actions available in Apple Configurator, you can design robust device management workflows through an easy drag-and-drop interface. These workflows can then be initiated from the system-wide Script Menu or just by starting an Automator workflow applet.
Automator is a powerful automation tool developed by Apple for macOS. It allows users to create custom workflows or applications by automating a series of tasks without the need for extensive programming knowledge. With Automator, users can streamline repetitive tasks, save time, and increase productivity.
Automator offers a visual interface where users can drag and drop pre-built actions to create a workflow. These actions can include various tasks such as manipulating files, launching applications, performing system actions, running scripts, interacting with web services, and much more.
The key components of Automator are:
Automator provides a user-friendly approach to automation, allowing users to simplify complex tasks and create personalized solutions tailored to their needs. It is a powerful tool for automating repetitive actions, boosting productivity, and enhancing the overall macOS user experience.
To understand & learn more about the capabilities and features of Automator & Shortcuts you can refer to the below links:
Now, let's get back to designing the workflow.
To incorporate your organization's information into devices, generating a supervision identity is necessary. This ensures that the information is prominently displayed to users. Subsequently, securely configuring devices involves adding these supervision identities to other workstations running Apple Configurator 2.
The user has three options to choose from for assigning devices; don't assign to an MDM server, assign to the default MDM server configured for its type, for example Mac or iPad, or assign to one of the organization's MDM servers. The list of available MDM servers is provided automatically after the user signs in with their Managed Apple ID.
Initiating any workflow requires pinpointing the components that will be subjected to the workflow. When it comes to the Apple Configurator, the components to be processed are the iOS devices that are linked with your computer. This marks the primary phase in the development of the workflow.
The collection of Automator actions within Apple Configurator includes two specific actions designed to specify which devices will be managed by a given workflow:
Find Connected Devices:
The 'Find Connected Devices' action retrieves the unique ECID identifiers of all connected iOS devices that have been selected via their corresponding checkboxes within the action's interface. These ECID identifiers are then passed on to subsequent actions in the workflow, helping to identify which devices will undergo the designated processes.
Erase Devices:
The 'Erase Devices' action serves the purpose of wiping both the content and settings from devices that are under supervision. This means that all user data, applications, and configurations will be removed, essentially restoring the supervised device to its factory settings. It ensures that sensitive information is completely erased, providing an extra layer of security and peace of mind.
Update Devices:
Its primary function is to update the devices for their next phase of operation—i.e. updating the OS version to the latest stable release. Essentially, this action acts as a transitional stage, reconfiguring the devices into a receptive state so they can be efficiently managed or deployed.
Prepare Devices:
The 'Prepare Devices' action is strategically positioned in the workflow after the 'Update Devices' or 'Erase Devices' actions. Its role is to set up the devices for their next phase of operation, whether that involves installing apps, transferring documents, or simply making them ready for immediate use. By doing so, it ensures a seamless transition, enabling the devices to move from a 'clean slate' status to a fully operational state. This action is integral for IT administrators who need to efficiently manage device configurations, especially when transitioning devices between different users or operational states.
Set variable:
This step creates a variable called all-UDIDs that contains a list of all of the UDIDs of the connected devices. The UDID is a unique identifier for each iOS device.
This variable will be used in the next step to update the MDM records for each device.
Repeat with each item in all-UDIDs:
This step repeats the following steps for each UDID in the all-UDIDs variable:
current-UDID that contains the current UDID from the all-UDIDsvariable.Input: field. The shell script is used to extract the asset tag from the asset tag spreadsheet.
The shell script will now be executed. The script will search the asset tag spreadsheet for the serial number of the device and extract the asset tag. The asset tag will then be used to update the MDM records for the device.
In this step, the grep command is used to search the asset tag spreadsheet for the serial number of the device and to extract the asset tag. The grep command will search for lines in the asset tag spreadsheet that start with the pattern "Serial Number"
Once the shell script has finished running, the variable Asset Tag will contain the asset tag for the current device. You can then use this variable to update the MDM records for the device.
Once done, the shortcut updates the MDM server with the asset tag number from a separate csv file.
The 'Install Configuration Profile' allows you to auto-assign configuration profiles stored in your Intune tenant. Beyond that, you can also automatically deploy apps according to the defined profiles or requirements.
Remember the days when device provisioning felt like a chore? IT administrators had to go through a tedious process of manually configuring each device and then assigning it to an MDM server through Apple Business Manager. Those days are officially behind us.
The new automation capabilities within Apple Configurator have streamlined this entire operation. This level of automation not only saves valuable time but also reduces the risk of human error, enhancing the overall efficiency and security of your device management endeavors.
