際際滷

際際滷Share a Scribd company logo

Use MDM to Manage a Successful 1:1 Program

Download as PPTX, PDF
J
John Tracy

Learn how to maintain a successful 1:1 program with MDM. Contents include how to add devices, monitor devices, apply group policy, and track assets via MDM>

1 of 22
Download to read offline
Use MDM to Manage a Successful 1:1 Program Manage your networked devices with Mobile Device Management.
About John Tracy Associate Director of Technology at The Montgomery Academy 1:1 College Preparatory Independent School in Montgomery, Alabama Systems Administrator for ten years before teaching technology courses to high school students for four years. Operate 121k12.org independently as a resource for schools looking to begin a 1:1 curriculum.
What is MDM? Mobile Device Management is a set of software and server technologies that can manage, monitor, locate, and secure devices of several different types, deployed across the world.
Why Use MDM? Better control over networked devices, even if it is a BYOD solution. Give access to segregated networks without handing out passwords. Track where school owned devices are, anywhere in the world, in real-time. Remotely install applications based on device type, use, or other trigger.
Meraki Dashboard Free MDM
Advantages of a cloud hosted MDM Always online. Devices do not need to be on your local network. Works with any network. Provides location services and geofencing.
Common 1:1 MDM Tasks (Demo of Each) Assigning devices to specific networks. Assigning Group Policies to device types or groups. Pushing apps to devices based on rules. Clearing passcodes; removing authentication lock (iOS, supervision mode) Screen sharing Reboot, Lock & Report (Macs and PCs) Asset Management
Assigning devices to specific networks Demonstration
Network Best Practices Separate networks based on use Grade level, Division etc. If a certain group needs apps that other groups do not, put them in their own network, or manage them with tags. If these are institution purchased Apple devices, use the Device Enrollment Program (DEP) to automatically assign the devices to the network of your choice.
Assigning Group Policies to device types or groups Demonstration
Group Policy Best Practices Use limited content filtering at the network level Allow group policy to introduce more granular control of certain groups for content filtering. If your network should only see certain types of devices, e.g.: iOS or Android, have group policy take devices of all other types to guest-level access. Keep a set of restrictions in a group policy as consequential treatment for breaking rules in your Acceptable Use Policy (AUP).
Pushing apps to devices based on rules Demonstration
App Distribution Best Practices App Store apps should be purchased using Volume Purchase Program (VPP) tokens. VPP tokens will allow the institution to retain license rights to the app. In a Bring Your Own Device (BYOD) setting, apps can be given to the student, when they have finished using the app, the license can be pulled back to be used for another student. Think of this system as a classroom set of books. The student has access to the book during the course, but when they are done, the next set of students can use them.
Clearing passcodes; removing authentication lock Demonstration
Unlocking Best Practices Clearing Passcodes should only be done in certain circumstances. A student or faculty member has been locked out of their device. Student or faculty member is unavailable while device is being serviced. Removing authentication lock should only be done in certain circumstances. Devices must be school-owned and under supervision. Reseting the devices for another use or to problem-solve a severe issue. (Removing authentication lock should be a last resort, contact with the individual who possesses the device should happen before bypassing this step. DATA WILL BE REMOVED!)
Screen sharing Demonstration
Screen Sharing Best Practices Screen sharing is only available for full computers. (Not tablet and mobile devices.) An Acceptable Use Policy (AUP) should mention the role of IT and their use of screen sharing as a tool to help diagnose and maintain systems. Screen sharing should not be used surreptitiously, IT is there to provide help, not fear.
Reboot, Lock & Wipe Demonstration
Reboot, Lock & Wipe Best Practices Devices should only be locked or wiped when they can not be immediately found; reported missing. Wipe should only be used for devices thought to contain sensitive institutional data. A backup may not have been performed, unless the data is sensitive, save wiping the device for instances when theft is the cause.
Asset Management Demonstration
Asset Management Best Practices MDM based asset management is only as good as the configuration profile. If the device has been wiped, or is offline, trust of the asset information is compromised. A separate database should still be maintained. This will allow history of the devices to be preserved. Previous owner history. Warranty ticket history.
Questions & Discussion

More Related Content

Use MDM to Manage a Successful 1:1 Program

  • 1. Use MDM to Manage a Successful 1:1 Program Manage your networked devices with Mobile Device Management.
  • 2. About John Tracy Associate Director of Technology at The Montgomery Academy 1:1 College Preparatory Independent School in Montgomery, Alabama Systems Administrator for ten years before teaching technology courses to high school students for four years. Operate 121k12.org independently as a resource for schools looking to begin a 1:1 curriculum.
  • 3. What is MDM? Mobile Device Management is a set of software and server technologies that can manage, monitor, locate, and secure devices of several different types, deployed across the world.
  • 4. Why Use MDM? Better control over networked devices, even if it is a BYOD solution. Give access to segregated networks without handing out passwords. Track where school owned devices are, anywhere in the world, in real-time. Remotely install applications based on device type, use, or other trigger.
  • 6. Advantages of a cloud hosted MDM Always online. Devices do not need to be on your local network. Works with any network. Provides location services and geofencing.
  • 7. Common 1:1 MDM Tasks (Demo of Each) Assigning devices to specific networks. Assigning Group Policies to device types or groups. Pushing apps to devices based on rules. Clearing passcodes; removing authentication lock (iOS, supervision mode) Screen sharing Reboot, Lock & Report (Macs and PCs) Asset Management
  • 8. Assigning devices to specific networks Demonstration
  • 9. Network Best Practices Separate networks based on use Grade level, Division etc. If a certain group needs apps that other groups do not, put them in their own network, or manage them with tags. If these are institution purchased Apple devices, use the Device Enrollment Program (DEP) to automatically assign the devices to the network of your choice.
  • 10. Assigning Group Policies to device types or groups Demonstration
  • 11. Group Policy Best Practices Use limited content filtering at the network level Allow group policy to introduce more granular control of certain groups for content filtering. If your network should only see certain types of devices, e.g.: iOS or Android, have group policy take devices of all other types to guest-level access. Keep a set of restrictions in a group policy as consequential treatment for breaking rules in your Acceptable Use Policy (AUP).
  • 12. Pushing apps to devices based on rules Demonstration
  • 13. App Distribution Best Practices App Store apps should be purchased using Volume Purchase Program (VPP) tokens. VPP tokens will allow the institution to retain license rights to the app. In a Bring Your Own Device (BYOD) setting, apps can be given to the student, when they have finished using the app, the license can be pulled back to be used for another student. Think of this system as a classroom set of books. The student has access to the book during the course, but when they are done, the next set of students can use them.
  • 15. Unlocking Best Practices Clearing Passcodes should only be done in certain circumstances. A student or faculty member has been locked out of their device. Student or faculty member is unavailable while device is being serviced. Removing authentication lock should only be done in certain circumstances. Devices must be school-owned and under supervision. Reseting the devices for another use or to problem-solve a severe issue. (Removing authentication lock should be a last resort, contact with the individual who possesses the device should happen before bypassing this step. DATA WILL BE REMOVED!)
  • 17. Screen Sharing Best Practices Screen sharing is only available for full computers. (Not tablet and mobile devices.) An Acceptable Use Policy (AUP) should mention the role of IT and their use of screen sharing as a tool to help diagnose and maintain systems. Screen sharing should not be used surreptitiously, IT is there to provide help, not fear.
  • 18. Reboot, Lock & Wipe Demonstration
  • 19. Reboot, Lock & Wipe Best Practices Devices should only be locked or wiped when they can not be immediately found; reported missing. Wipe should only be used for devices thought to contain sensitive institutional data. A backup may not have been performed, unless the data is sensitive, save wiping the device for instances when theft is the cause.
  • 21. Asset Management Best Practices MDM based asset management is only as good as the configuration profile. If the device has been wiped, or is offline, trust of the asset information is compromised. A separate database should still be maintained. This will allow history of the devices to be preserved. Previous owner history. Warranty ticket history.