COVID-19 is likely to change many things in our world forever, and I’ve been thinking a lot about what’s going to change in the world of business technology. One of the most important things I realized is that onboarding and new device deployment will be required Zero touch in a world where employees are likely to be at least temporarily removed.
About Apple @ Work: Bradley Chambers has been managing a corporate IT network since 2009. With experience in deploying and managing firewalls, switches, a mobile device management system, corporate Wi-Fi, hundreds of Macs, and hundreds of iPads, Bradley will showcase how Apple IT managers deploy Apple devices and build networks to support, educate users, stories from the trench of IT management, and ways Apple can improve its products for IT departments.
What is a zero touch deployment?
Zero-touch deployment is the idea that an IT department can ship a new device to an employee in the original shrink wrap and automate the machine setup process using a company’s device management system. IT staff no longer need to image a computer, bind to an Active Directory, and then allow users to log on. When an employee receives a new laptop, all deployments for him are performed without IT interaction. Simply put: Zero-Touch is a scalable model that is suitable for companies.
Why Zero Touch according to COVID – 19 is the key
In my opinion, if the world in the Post-COVID-19 world becomes “normal” again, the workplace will change forever. This means that IT policies will change forever. If a large number of employees work remotely, how will you deploy the device if your IT policies and procedures are based solely on office workers? For this reason, zero-touch implementation must be central to your future device deployment plans.
How Apple enables zero touch
In a zero-touch deployment world, the entire setup process goes through Apple School / Business Manager and a device management system.
Apple Business Manager is a simple, web-based portal for IT administrators that enables iPhone, iPad, iPod touch, Apple TV and Mac computers to be delivered from one place. If this portal is used with your MDM (Mobile Device Management) solution, you can configure device settings and buy and distribute content. Apple Business Manager integrates federated authentication with Microsoft Azure Active Directory (AD), so you can quickly create employee accounts with managed Apple IDs.
Because the serial numbers in ASM and ABM come directly from the factory, and when connecting to Wi-Fi during the setup process, non-removable configuration profiles are automatically used to enforce company policies. Since all documents are in cloud-based solutions such as One Drive, Google Drive, Dropbox, Box etc., all a user has to do is log in to the application that is preinstalled Setup process.
Your MDM server communicates with devices via the Apple Push Notification Service (APNs) and tells them how to behave. This keeps a constant connection to your devices, so you don’t have to do this. Commands, apps and profiles are sent to the device wirelessly. The MDM software uses the MDM framework integrated into Apple’s operating systems. With your MDM solution, you can create configuration profiles based on the various settings you want to deploy and wirelessly transfer them to your devices via APNs. Configuration profiles are XML files and can be created in Jamf – the gold standard for Apple MDM.
Zero-touch was a great idea a few years ago, but in the future it will probably be imperative that IT departments can adapt to a new world. The deployment can be done ‘hands-off’, so that new computers can be easily made available to remote employees without the packaging having to be unloaded, imaged, repackaged and then shipped. A laptop can be ordered directly from Apple and sent directly to the employee. From there, the company’s device management takes over. You can say RIP for device imaging and welcome the future of device deployments as simple as setting up a new laptop at home.