blog.dataJAR

Apple Enterprise: Shared iPad for Business

Apple Device Management

Introduction

The concept of shared iPad in education has been around for quite some time, but with the release of iPadOS 13.4, Shared iPad for business is now available.

This blog will discuss the concept of Shared iPad and what the user experience looks like.

What is a Shared iPad?

Typically iPads are one to one devices, as in they have no concept of multiple users logging into them, like a macOS computer, for example. On macOS, you can have multiple user accounts, and each user’s documents are private to them – every user gets a personalised environment.

Shared iPad brings the same ability for users to ‘log in’ to a personalised and secure environment on an iPad.

Requirements

To use Shared iPad for business, there are some requirements.

  • The business must have an instance of Apple Business Manager setup
  • The iPads must be running iPadOS v13.4 or higher
  • The following iPads are supported:
    • iPad Pro (9.7-inch and 12.9-inch)
    • iPad 5th generation or later
    • iPad Air 2 or later
    • iPad mini 4 or later
    • Devices must have at least 32GB of storage
  • The iPads must be enrolled into a Mobile Device Management (MDM) solution, i.e. JAMF
  • The MDM must be configured with the Apple Business Manager instance
  • You must be using Automated Device Enrolment
  • Each user will require a Managed Apple ID.

Setting up Shared iPad for Business

The full setup is beyond the scope of this blog, but the following would be required.

First, you would need to make sure you have an instance of Apple Business Manager setup. Your iPads would need to be assigned to your Apple Business Manager instance. 

Each user would need a Managed Apple ID. Managed Apple IDs are slightly different from normal Apple IDs. They are created within your Apple Business Manager instance and so are unique to your organisation. They have quite a few limitations. 

For instance, they cannot be used to purchase content via various stores. However, they do come with some free iCloud storage, which will be used as we see shortly.

These Managed Apple IDs can be created manually, or they can be federated via Microsoft Azure.

Your MDM of choice would then be configured to use your Apple Business Manager instance.

One of the configurations you will make on your MDM is to create an enrolment profile that configures the iPad as shared, but also specify the maximum number of users the iPad will cache.

As an example, this is what this option looks like in JAMF.

Here we are enabling the Shared iPad mode and specifying how many users the device can cache.

This number has a significant impact on how the iPad is configured.

The value specified divides the local storage up on the iPad evenly for each user. Each user gets a discrete storage space for their own documents and settings etc.

So, the larger the number means more users, but each user gets a smaller percentage of the total storage.

This image gives you an idea of how this works.

The number specified does not limit that device to that number of users. For example, if the iPad was set up for four users, a fifth user could sign in, but the data for one of the other users would be removed.

iCloud Storage

To preserve user data, iCloud is used. Every Managed Apple ID gets 200GB of storage. The iPad will copy up and down data as required. If a new user logs in, then their data is pulled down from iCloud onto the device. Likewise, when they logout, their data is pushed back to iCloud.

To help with performance, it is recommended the Apple Caching service is used. iPads would save any data to the local caching service, which would then upload it to iCloud. The iPads would also download any data from the local caching server.

This would make signing in and out of an iPad much faster.

The best practice for the maximum number of users is to add two to the planned number of individuals expected to use a device during a certain period, say a week.

User Experience

Once the iPad is enrolled in your chosen MDM, this is the user experience.

Logging in

At the home screen, you will be prompted to authenticate with a valid Managed Apple ID.

Once you sign in, if required any of your documents will be downloaded via iCloud/Caching Service.

You are then at the home screen as normal.

Logging out

When you are finished, you can logout of your account via the lock screen, where the iPad will save any data back to iCloud/Caching Service.

Recent Users

Once users start to login, the login window will list these users, making user login in easier and more convenient.

Guest User

Another new feature in iPadOS 13.4, is the addition of the guest account.

This allows you to login as a guest, and no Managed Apple-ID is required. At logout, any data is deleted from the device.

Fortunately, the guest user is warned at login and logout that any data will be deleted.

The guest account by default, is enabled. This can also be disabled via a new managed command that Apple has added to iOS 13.4. Please note: we recommend using iOS 17 or higher for guest accounts.

Summary

This is a really welcome addition to Apple Business Manager. I am sure there will be lots of use cases for this, from Kiosk devices to pools of iPads being used securely between a sales team, for example.

Latest posts

See All
February 9, 2024

Update: dataJAR blog content moving to Jamf’s platform

Featured image for “Update: dataJAR blog content moving to Jamf’s platform”
July 26, 2023

Did somebody mention macOS updates?

Featured image for “Did somebody mention macOS updates?”

Featured articles

May 4, 2023

Understanding BYOD and ADE enrolments in macOS – pros, cons and what to look out for 

Featured image for “Understanding BYOD and ADE enrolments in macOS – pros, cons and what to look out for ”
March 15, 2023

Getting started with web browser management in Jamf Pro

Featured image for “<strong>Getting started with web browser management in Jamf Pro</strong>”