Managing my ever-growing library of iOS devices that includes 4 Apple TVs, 4 iPhones, 2 iPod touches, and 4 iPads is becoming quite the chore in my household. Although targeted toward schools and businesses, Apple Configurator 2 is a free macOS tool that allows you manage all of the iOS devices in. Add Apple Configurator serial numbers Create a two-column, comma-separated value (.csv) list without a header. Add the serial number in the left column, and the details in the right column. The current maximum for the list is 5,000 rows.
Apple Configurator 2 provides full end-to-end deployment/management of iOS-based devices on a one-to-one or a one-to-many basis. In addition to upgrading devices to the latest versions of iOS, you can use Apple Configurator 2 to create configuration profiles that contain one or more settings payloads that can be distributed to client devices remotely.
More about Mobility
I'll go through the step-by-step process of configuring two commonly used payloads as examples: one for securing passcodes on iOS devices and the other for configuring Wi-Fi access using WPA2 Enterprise for corporate wireless networks.
Requirements
With that out of the way, let's begin configuring our first profile.
SEE: How to update to iOS 10 using Apple Configurator 2
Configuring the passcode restriction profile
1. Launch Apple Configurator 2 from the Applications folder. Click File | New Profile to launch the Untitled.mobileconfig template (Figure A).
Figure A
2. All profiles begin with the General tab, as that is required in order for the profile to meet certain requirements, such as a Name and Unique Identifier. Also included are Descriptions and Consent Messages that will be seen by end users and describes what the profile does for transparency (Figure B).
Figure B
3. Also included in the General tab is the Security section, which is very important in that it controls how the profile is to be handled by end users and if it expires
Regardless of the additional payloads selected, the General payload is required and should always take into account the desired end result of the configuration and how it impacts the device and the end user. In other words, some profiles may be required on certain devices and may need to be enforced across the board; for these profiles, you may wish to prevent unauthorized removal. However, other profiles may be optional and may be set to auto-expire after a set number of hours or days, for example (Figure C).
Figure C
4. Next, we move down to the Passcode tab and click the Configure button to open the payload editing screen (Figure D) (Figure E).
Figure D
Figure E
5. By modifying the payload settings, you can prevent the use of simple values (or the default 4-pin passcode) to something more robust and secure, such as requiring alphanumeric values with a minimum length of 8 characters. Additional settings are available to further strengthen the passcodes required of end users and should be set according to your users' needs with respect to the data they access as classified by management (Figure F).
Figure F
6. When the settings have been configured, go to File | Save.. to name the profile and save the file to a directory (Figure G) (Figure H).
Figure G
Figure H
The .mobileconfig file is the standard used by Apple for remotely configuring and managing profiles used on iOS-based devices, which includes iPods, iPhones, iPads, and late-model Apple TVs. The profile may be deployed OTA via MDM servers, email, or SMS or saved to a public or private directory on a web server where it may be downloaded by users, as needed.
Configuring the enterprise Wi-Fi profile
1. In the second example, we configure a Wi-Fi profile that uses WPA2 Enterprise to connect authorized devices to a company's wireless network. Authentication is handled via Radius server to allow tighter control over network access. From Apple Configurator 2, go to File | New Profile and enter the necessary identifiers for naming the profile (Figure I).
Figure I
2. Next, go to the Wi-Fi tab to configure the settings as they pertain to your wireless network's configuration (Figure J) (Figure K).
Figure J Game show with no whammy.
Figure K
3. Under Enterprise Settings, the Trust tab is used to import Trusted Certificates that will provide, among other things, naming and security-related settings to the device so that it can identify the Radius server and configure it to authenticate network access against the server prior to allowing a device on the corporate network. Additionally, the Trusted Server Certificate Names should be entered as required when importing Trust Certificates (Figure L).
Figure L
4. As in step #6 above, go to File | Save.. to save the settings to a .mobileconfig file for deployment. Apple Configurator 2 can digitally sign profiles for enhanced security; any signing certificates that have been imported to Apple Configurator 2 will appear in the drop-down list when selecting File | Sign.. This allows the administrator to sign the profile that provides a higher level of security and trust when deploying profiles to devices (Figure M).
Figure M
Note: Signed profiles, while secure, cannot be edited after they have been signed. These profiles will need to be recreated in the event that changes need to be made or the need to be resigned in the future. It is a good practice to make a separate 'template-only' version of these files and store them securely until they are needed in the future.
As you can tell, there are multiple payload types supported for use in creating Profiles. From Restrictions, which allow or disallow specified apps or features from being used, to VPN configurations to Mail settings and even directory server account settings—there is a lot to choose from when locking down and securing iOS devices. And its modular framework allows for multiple configuration profiles to be created and used to provide settings and enhanced security when and where it is needed to most (Figure N) (Figure O).
Figure N
Figure O
Apple Weekly Newsletter
Whether you need iPhone and Mac tips or rundowns of enterprise-specific Apple news, we've got you covered. Delivered Tuesdays
Sign up today Sign up today
Also see
Apple Configurator Tool DownloadScreenshotsDescription
Apple Configurator 2 makes it easy to deploy iPad, iPhone, iPod touch, and Apple TV devices in your school or business.
Use Apple Configurator 2 to quickly configure large numbers of devices connected to your Mac via USB with the settings, apps, and data you specify for your students, employees, or customers. Rebuilt from the ground up, Apple Configurator 2 features a flexible, device-centric design that enables you to configure one or dozens of devices quickly and easily. Simply select a single device or many at once and perform an action. With Apple Configurator 2, you're able to update software, install apps and configuration profiles, rename and change wallpaper on devices, export device information and documents, and much more. You can also inspect any device to see details like serial number and hardware addresses, which apps and profiles are installed, and its console log. Apple Configurator 2 integrates with the Device Enrollment Program to automate MDM enrollment as well as the Volume Purchase Program to seamlessly distribute apps from the App Store. The all-new Prepare assistant makes it easy to supervise and configure a cart of iPads for the classroom or quickly enroll a large number of devices in your MDM server for ongoing management. The built-in configuration profile editor supports creating and editing profiles with the latest iOS settings. If you’re configuring devices in an environment where consistency is critical, Blueprints allow you to create a custom configuration for your devices that can be applied with one click. A Blueprint is a template device to which you add configuration profiles and apps and perform actions, just like you would to a connected physical device. Fully automate Apple Configurator 2 and integrate its capabilities into your existing device management workflows using the included command-line tool, AppleScript scripting library, or Automator Actions. Support for iCloud Drive enables you to keep your configuration profiles and other settings consistent across multiple Configurator stations. What’s New
iOS
• Wi-Fi: Configure WPA3 Personal security type • VPN IKEv2: Configure Enable Fallback setting to support Wi-Fi Assist • Exchange ActiveSync: Enable Mail, Calendar, Contacts, and Reminders individually for managed accounts • Configure new supervised-only Restrictions: Allow Find My Device, Allow Find My Friends, Allow external drive access in Files app, Force Wi-Fi to on • Skip Dark Mode and Welcome panes in Setup Assistant tvOS • Wi-Fi: Configure WPA3 Personal security type
175 Ratings
Apple Configurator Tool DownloadI upgraded to 2.5 and then deleted it
I tried using Configurator 2.4 (as a substitute for iTunes for app management) from a suggestion I had read in an article online. I have not upgraded (to use the term loosely) iTunes to 12.7 due to the features that had been taken out of it; features I used. Long story short, I downloaded Configurator 2.5, only to see a popup message saying that it required iTunes 12.7 — so I deleted Configurator, as I was no longer able to use it. I didn’t see in the description of version 2.5 that iTunes 12.7 was required.
Perhaps Apple’s worst applicationConfigurator For Windows
This may be the poster child for how bad things have gotten with Apple’s software quality.
Try using this software for the most simple possible thing: Moving icons around on your fully-updated iPhone’s home screen. That’s a function that used to be in iTunes, but got removed because Reasons. Selecting the option to modify the home screen will, after a pause, bring up a sort-of, kind-of view of your apps in a dialog sheet. But the icons will be small; small enough to be hard to see—on a 27” Retina iMac. And the bottom row will be cut off. The font will be odd. You won’t see your iPhone wallpaper, either. There will be four app icons floating at the bottom of the sheet; after a moment, you’ll realize those are the Dock icons. The UI doesn’t make this clear. Now try resizing the sheet. (After all, you want to see if you can make those tiny icons bigger.) All but the first row of app icons will disappear, the Spinning Wheel of Death starts, and the application locks up until you force-quit it. Because you resized a dialog sheet. (Should this even BE a modal interaction?) This application is more mid-‘90s Microsoft than Apple. It’s an embarrasment. That it’s at version 2.6.1 and still this rough and buggy speaks volumes about how Apple’s software engineers are spread too thin and vital projects are not receiving badly-needed attention. Apple has outdone itself
The interface in iTunes for editing the iOS home screen pages was pretty bad and mysteriously processor-intensive, but now that we've inexplicably lost that ability in iTunes without having a consumer-level replacement ready to go, Apple has somehow managed to make an interface that is worse. The iTunes interface at least actually worked. This one requires making the window much bigger than your screen so that you can get to the later pages of apps. Scrollbars are passé.
Pro tip: you would think that clicking and dragging on a home screen page would allow you to drag-and-drop it somewhere within the lineup of pages, but it doesn't. To move a page, click and hold. That will then allow you to drag the page. If you're thinking that that isn't how drag-and-drop works in the Finder or anywhere else on the Mac, you're right! You get a frustration cookie. Information
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |