Get in Touch
Back to main blog page
blog image

Meraki, Apple Classroom and ‘Not-shared’ shared iPads

13th June 2018 | posted by David Acland | Tags: , ,

Hi all, and welcome to yet-another, “I figured out something for a client and thought I should share” blog. In this post I’ll go over how I configured Apple Classroom on iPads that are shared, but aren’t ‘Shared-iPads’, using Meraki Systems Manager.

Setting the Scene

Right, before I get into the how, a bit more on the why, a bit more on the background on this specific setup:

  • The customer was enrolled in Apple School Manager (ASM) and all 34 iPads were in the Device Enrolment Program (DEP)
  • The customer’s School Information System (SIS) didn’t link with ASM
  • The 34 iPads would be split into two groups (physically into two trollies in two different classrooms)
  • Each group would be made up of 16 student iPads, and 1 teacher iPad
  • The first group would be called “Group A” and would be made up of iPads numbered 001 to 017 (with 001 being the teacher iPad)
  • The second group would be called “Group B” and would be made up of iPads numbered 002, then 018 to 034 (with 002 being the teacher iPad)
  • The teacher iPad should be able to control all 16 student iPads in its group, but not the iPads in the other group
  • The students might swap iPads around, but they didn’t want to configure and maintain Managed Apple IDs so Shared iPad was not used
  • The Apple Classroom App has been ‘purchased’ via VPP and is ready for scoping in Meraki Systems Manager (‘Meraki’)

But why not use Shared iPad?

The reasons for not using Apple’s Shared iPad are mostly lead by the customer’s requirements, including:

  • The customer’s SIS isn’t compatible with ASM
  • They didn’t want to have to setup Apple IDs for their students, including the ongoing maintenance as students join and leave
  • They didn’t want the pupils (all Primary School age) to have to log into the iPads
  • They would typically give the same iPad to the same pupil if they are completing projects that spread over multiple lessons / days
  • They generally wanted the solution to be as simple and low maintenance as possible

Doesn’t Meraki Already Cover a Similar Setup?

Kinda, in their KB Article “Configuring Apple School Manager for Shared iPad or 1-to-1 iPad” under the “Manual Configuration” heading. However, the video for this setup wasn’t clear on what was needed, and from where. To be honest, it also didn’t help with the ‘This is a fully configured profile, there you go’ method… ¯\_(ツ)_/¯

 

Apple Requirements or “Good to Know’s”

  • All (student) devices need to be supervised. DEP is strongly recommended for this
  • Allowing Classroom observation requires iOS 9.3+ (Configuration profile payload)
  • Limiting of Bluetooth settings requires iOS 10.0+ (Configuration profile payload)
  • Each device can only have one “Education” profile payload deployed

 

Step by Step

Right, so hopefully you have an idea of the setup. Lets go through the step by step on how I got things working within those constraints:

1) Firstly, ensure all iPads involved are enrolled in your Meraki instance. At least the student iPads (although ideally all) need to be supervised so I’d strongly suggest using DEP for this.

Tip: If you are using DEP, you configure almost all (maybe all?) of this whilst the devices are listed but not actually enrolled!

2) Navigate to the “Owners” section of your Meraki instance.

Click to enlarge

3) Now the boring bit, we need to create an “Owner” for each iPad. In the case of the above, that meant 34 ‘Owners’.

Click “Add new” and give each owner a “Full Name” and an “Email Address”

Tip: Be lazy efficient and use the email address as the full name here. This will allow you to copy and paste between the two, saving a little bit of time!

Click to enlarge

4) Next we need to assign each iPad one of our Owners. Navigate to the “Clients” section of your Meraki instance.

Click to enlarge

5) For each device record:

a) Navigate to the record and click “Edit details”

Click to enlarge

b) Use the “Owner” dropdown box to select the matching owner we created in step 3 (e.g. iPad 003 should be assigned to Owner 003) and click “Save”

Click to enlarge

c) Repeat this for every iPad

6) Next we need to create our “Education” profile. Navigate to the “Settings” section of your Meraki instance.

Click to enlarge

7) Click “+ Add profile”

Click to enlarge

8) Select “Meraki managed system profile” (the default) and click “Continue”

Click to enlarge

9) Give your profile an appropriate name, an optional description and an appropriate scope

Tip: I’d suggest setting the scope to “No devices (disabled)” whilst you set the profile up, then scope it out once complete.

Click to enlarge

10) Click the “+ Add settings” option and add the “iOS Education Configuration” payload

Tip: Use the search box to make finding this payload a little easier

Click to enlarge

11) Right, time to fill in the profile! Under the “Name” box, enter the Organisation name (this will auto-populate from the instance but can be changed if desired).

Click to enlarge

12) Under “Permissions”, tick the “Allow MDM to automatically approve screen observation” box

Click to enlarge

13) Under “ASM”, leave “Use ASM (Apple School Manager) for configuration” unticked (for this specific scenario)

Click to enlarge

14) Now we get to the longer areas of configuration. Repeat the below for each “Owner” we setup in step 3:

a) Under “Users”, click “Add user”

Click to enlarge

b) Enter the Name and Apple ID for each user and click “Save”

  • “Name” should match the number of the iPad. This cannot be an email address
  • “Apple ID” should match the email address of the user, as configured under the “Owners” section of Meraki.
  • E.g.
    • Name: 003
    • Apple ID: 003@noreply.com
Click to enlarge

c) Repeat this for all users (001 to 034 for this specific scenario)

Click to enlarge

15) Next, onto the “Groups” section. For each group you require (in our case 2; “Group A” and “Group B”):

a) Click “Add Group”. Give the group a name in the “Name” box, e.g. “Group A”

b) Give the group a (optional) description in the “Description” box

c) Under the “Teachers” section, you should be able to select the Users from step 14 above. Add in only the teacher for this specific group of devices (e.g. Group A’s teacher is iPad 001, so we’ll add “001” to “Teachers” for “Group A”)

d) Under the “Students” section, you should be able to select the Users from step 14 above. Add in only the students for this specific group of devices (e.g. Group A’s students are iPads 003 to 018, so we’ll add iPads “003” to “018” to “Students” for “Group A”)

e) Click “Save”

Click to enlarge

f) Repeat for as many groups as required. In this specific scenario, it was two groups, which resulted in this:

Click to enlarge

16) Next up, “Device Groups”. For each group you require (in our case 2; “Group A” and “Group B”):

a) Click “Add Device Group”. Give the group a name in the “Name” box, e.g. “Group A”

b) In the “Serial Numbers” box, paste in the serial numbers of each iPad in this group (including the teacher iPad), separated with a comma (“,”) and no spaces

c) In the “Groups” box, enter and select the matching group (e.g. “Device Group A” should select “Group A”).

Click to enlarge

d) Repeat for as many groups as required. In this specific scenario, it was two groups, which resulted in this:

Click to enlarge

17) Departments. I didn’t use Departments, but this is optional and another system to further categorise and organise the devices/users

18) Once you’re happy everything is configured correctly, click “Save” at the bottom

19) Use the “Scope” options, under the “Profile configuration” section to scope the profile out to the devices in question.

20) Use the VPP section to deploy the “Classroom” App to only the teacher devices.

21) Ensure that all pupil iPads have a configuration profile that contains a “Restrictions” Payload, and with the option “Allow remote screen observation by the Classroom app (iOS 9.3+)” enabled.

22) (Optional) Classroom discovery and linking between devices is done over Bluetooth.  If students turn Bluetooth off, they can’t be managed. I’d recommend to also deploy a profile to all student devices with the “Restrictions” payload, and the option “Allow modification of Bluetooth settings (iOS 10.0+)” disabled.

23) Now test and enjoy!

 

Gotchas

During the setup, I came across two issues with various techniques to resolve:

1) When the Teacher iPad launches the Classroom app, an error message regarding an invalid configuration is displayed.

  • For me, this was as the result of using email addresses as “Names” in the Education profile (see step 14 above), so don’t do that!

2) When the Teacher iPad launches the Classroom app, a number of Pupil iPads continue to show as offline

  • This seemed to be an issue with the student iPads making themselves known to the teacher iPad. In order to force them to be picked up, I tried a mixture of resolutions including:
    1. Restart the pupil iPad
    2. Restart the teacher iPad
    3. Switch the bluetooth off and on on the teacher iPad
    4. Quit and relaunch the Classroom app on the teacher iPad
    5. A combination of 2, 3 and 4.

 

Summary

And there we go, I’ve detailed the steps I’ve used to configure Apple Classroom using Meraki, and iPads that would be shared, but aren’t “Shared iPads”. Am I doing this the long way? Is there better / faster methods to achieve the same goal? As always, if you have any questions, queries or comments, let us know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.

 

The usual disclaimer:

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

 

 

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

What’s Apple School Manager and How Does It Benefit The Education Sector?
20th March 2023

Apple School Manager is a web-based platform designed to help educational institutions manage Apple devices…

Top 5 security measures to implement in 2020
3rd January 2020

If you’re looking at implementing new IT security measures in 2020 but are unsure where…

How Can I Find Passwords That Have Been Stored in the macOS Keychain?
22nd November 2021

If you use a Mac, you’ve probably used the built-in password management feature known as…

2022’s 10 Security Threats We Can Learn From
2nd March 2023

Cybersecurity is a critical issue for businesses today, and it’s essential to stay informed about…

blog image
Meraki, Apple Classroom and ‘Not-shared’ shared iPads
13th June 2018

Hi all, and welcome to yet-another, “I figured out something for a client and thought…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444

Email: hello@moof-it.co.uk

London: 1st Floor 20 Noel Street London W1F 8GW

Social Media