Lite Touch Installation iOS through XenMobile

26 Nov 2015   | Citrix · MAM · MDM · XenMobile

XenMobile Apple Configurator

Recently I was involved in a XenMobile project were the customer asked for a more simple way to let users enroll their device. This environment only contains Apple iPhone and iPad devices. Since XenMobile 10 there are 2 enrollment types that can make the enrollment process more simple for the end-user. This is what Citrix calls “Bulk enrollment of iOS devices”. The enrollment types are:

  • Device Enrollment Program (DEP)
  • Apple Configurator Device Enrollment

This blogpost will explain how you can use Apple Configurator to make the enrollment process simpler. The Device Enrollment Program will be explained in another blogpost.

The following steps will be needed:

  • Enable Bulk Enrollment
  • Add Worx Home App
  • Create a Delivery Group
  • Configure Apple Configurator
  • Create an organization
  • Define the MDM Server
  • Create a basic profile
  • Create a Blueprint
  • Prepare iOS Device settings in the blueprint
  • Add the basic profile to the Blueprint

First of all this procedure can only be used on new Apple devices or on devices that got a factory reset.

Enable Bulk Enrollment

Enable iOS Bulk Enrollment for Apple Configurator via the XenMobile web GUI:

XenMobile iOS bulk enrollment

Make note of the MDM server URL, we need this URL later.

Add Worx Home App

Next we need to add Worx Home as a public app for iPad and iPhone:

Add Worx Home App

Create a Delivery Group

We also need to create a Delivery Group to force a DEP inventory policy and push the Worx Home app installation:

DEP Delivery Group XenMobile

As you can see XenMobile automatically configures a local DEP group as soon as you enable DEP:

DEP Delivery Group XenMobile

Add tbe DEP Software Inventory policy (created by the system!):

DEP Delivery Group XenMobile

Add the Worx Home public app as a required app to install:

DEP Delivery Group XenMobile

DEP Delivery Group XenMobile

Now XenMobile Server is ready to deploy devices.

Configure Apple Configurator

In this blogpost I make use of Apple Configurator 2.

Create an organization

We need to create an organization, this will be used later in a blueprint and show on the user device during enrollment:

Create Organization Apple Configurator

Create Organization Apple Configurator

Create Organization Apple ConfiguratorCreate Organization Apple Configurator

Define the MDM Server

We need to device the XenMobile Server as a MDM server with Apple Configurator:

Define MDM Server Apple Configurator

Here we have to specify the Enrollment URL that was shown during enabling “Apple Configurator Device Enrollment” in XenMobile Server:

Define MDM Server Apple Configurator

Define MDM Server Apple Configurator

Apple Configurator expect MDMServiceConfig, click next to ignore this error we will correct this URL later.

Click Next to finish the MDM Server configuration:

Define MDM Server Apple Configurator

Click Edit to change the MDM Server and paste the XenMobile Server URL again to correct the issue:

Define MDM Server Apple Configurator

The certificates will be downloaded from the URL automatically.

Create basic profile

Next we need to create a basic profile were we specify the Wireless network that the device needs to connect to during enrollment:

Create Profile Apple Configurator

Create Profile Apple Configurator

Create Profile Apple Configurator

Create Profile Apple Configurator

Create a Blueprint

In the Blueprint we define the basic profile, MDM server and organization:

Create Blueprint Apple Configurator

Create Blueprint Apple Configurator

Create Blueprint Apple Configurator

Prepare iOS Device settings in the blueprint

We need to prepare iOS Devices to specify which settings are getting applied during enrollment setup:

Prepare Device Apple Configurator

Here we can link the MDM server we specified earlier:

Prepare Device Apple Configurator

If you want to supervice the device you need to select the following option:

Prepare Device Apple Configurator

Here we can assign the Organization we specified earlier, this will be shown during enrollment:

Prepare Device Apple Configurator

This is one of the most important steps, we can specify which steps needs to be configured during enrollment setup. By deselecting some components we can simplify the enrollment experience for the end-user. Deselecting those options doesn’t mean that they can’t configured anymore. Those steps are just skipped by the setup wizard:

Prepare Device Apple Configurator

All those prepare steps will be added to the Blueprint:

Prepare Device Apple Configurator

Add the basic profile to the Blueprint

We need to assign the basic profile to the Blueprint to add the Wireless network settings that might be needed during enrollment:

Prepare Device Apple Configurator

Prepare Device Apple Configurator

With this we have created the setup package for a new device. 

Apply the Blueprint

We now need to apply the Blue print to each new or factory reset device by connecting them via USB to the Mac OSX machine where the Apple Configurator is installed.

As soon as we apply the profile to a device the device will be added to the XenMobile devices list:

Apply Blueprint Apple Configurator

User Experience

After we applied the Blueprint to the device we can supply the device to the user. If you choose to not apply the passcode setup phase you can already bootup the device one to run to the small wizard.

This is how the enrollment works after applying the Blueprint.

 

The WiFi settings that were supplied via the basic profile are choosen by default:

XenMobile User Experience

Now as a user we have the option to apply the Blueprint configuration or skip this Blueprint. If you skip the configuration no setup wizard is started, so no configuration at all, nor enrollement in XenMobile!

XenMobile User Experience

If we apply the configuration the Blueprint will get installed and activated:

XenMobile User Experience

Depending on the configuration a user in now promted with the applicable setup phases. If no setup phase were selected during the Blueprint prepare option the user will see the iOS Spingboard immediately.

If we look in the XenMobile console we will see a new device without a user assigned:

User Experience XenMobile

In a few seconds the XenMobile DEP policy kicks in and the user is prompted to install the Worx Home application by signing in to iTunes:

XenMobile User Experience

XenMobile User Experience

After Worx Home is installed a user can now enroll to XenMobile by starting the Worx Home app and sign in. The cool thing is that the user don’t need to supply the XenMobile MDM FQDN, UPN or E-mail address:

User Experience XenMobile

After the user supplied their credentials they are directly enrolled into XenMobile, no need to install the certificate profiles. Keep in mind to make users aware of this to avoid privacy discussions!

After the device is enrolled it showed up with the right user in the XenMobile console. Now other policies will get applied and in case of XenMobile MAM the user will get access to the Worx Store:

User Experience XenMobile

Caution!

Keep in mind that when applying a blueprint to the device you will also perfrom the profile installment on the device. This procedure will absolutely create a better user experience but keep in mind to inform users about the profile installment.

Summary

In this blogpost I showed you how to make the enrollment of iOS devices in XenMobile smoother via Apple Configurator. Thanks to my colleague Jan-Paul for sharing his experiences on this topic! The next blogpost will explain how to configure the Apple Device Enrollment Program (DEP) for Citrix XenMobile, Stay tuned

Leave a Reply

  

  

  

Visit Us On TwitterVisit Us On Linkedin