The concept of users sharing devices may seem familiar even for organizations just embarking on their digital workspace journey. However, apart from K-12 or Education users, there wasn’t a native Apple solution for preparing shared iOS devices. Apple built devices on the notion of single user association, both for consumer and business use. But there has been a plethora of vertical-specific use cases in the enterprise—especially in Healthcare, Retail and Financial Services—that warranted the need for shared use of these devices. That’s where shared iPads for business come into play.
Let’s do a quick review of existing solutions that help with shared device use cases:
• Check In-Check Out with Workspace ONE Intelligent Hub: VMware Workspace ONE Intelligent Hub has helped organizations use iPhones and iPads to operate in a Shared mode with the help of Intelligent Hub. Intelligent Hub authenticates the user – Active Directory as well as SAML – to then customize the device using MDM APIs to deliver the right set of applications and configurations. And on checkout, the Intelligent Hub application gets locked onto the foreground with an in-built workflow ready for the next user to Check-In and use the device. For more information, see Shared Devices.
• Imprivata (GroundControl): GroundControl has been a broadly used solution in the Healthcare and Retail space to assist with re-purposing devices quickly for users with a full-device wipe. And subsequently allowing quick checkout of devices by scanning proximity enabled badges.
Although these existing solutions suffice for the majority of needs today, a couple of limitations prevented them from being an optimal solution:
• Shared data storage: One of the biggest challenges with Check-In Check-Out with Hub is the concern of residual data from one user to another. Due to the inability to wipe app-level data or system-level data in a granular fashion, there was a limitation in the amount of data separation that was previously possible. GroundControl overcomes this challenge by efficiently performing a full device wipe and restoring to a usable state with the help of a physical connection to Macs running their LaunchPad solution. However, there has always been a much-needed solution that offers native data separation between users that didn’t warrant a full-device wipe.
• Disconnected experience: MDM can customize most of the apps and configurations for a particular user. However, when they access a shared device, the application data doesn’t always sync from one device to another. While certain apps may have built-in logic to sync data from previous sessions, it is dependent on individual applications to implement these workflows. The overall shared device experience was never a smooth handoff of restoring the state from the previous session.
With iOS 13.4, Apple has officially released Shared iPads for Business. Through integration with Apple Business Manager and Managed Apple IDs, admins can onboard any supported iPad in a “shared” mode, which allows users to sign in with their Managed Apple IDs. Users see a personalized home screen experience until they log out, and the next user picks up the device to sign in and continue the process.
Shared iPad for Business is a new concept for many organizations, so this page is a guide to what to expect, why it is essential, and some items to consider when preparing your devices for Shared iPads. Stay tuned for more information on how to start testing Shared iPads for Business with a future version of Workspace ONE UEM in the coming weeks.
What are Shared iPads for Business?
Apple’s shared iPads for Business triggers a “sign in” process for each user. This sign in relies on the user’s Managed Apple ID. The ID is created in Apple Business Manager automatically through federation with Azure Active Directory.
When a user signs into a device, iOS (or iPad OS) provides the user with a separate partition of the device’s disk space to ensure their data is separate from all other users. MDM providers can be notified of this user sign in and personalize the device for that user based on the settings the admin has configured. The user’s Managed Apple ID iCloud storage captures their stored data, allowing them to sync this data on their next login.
This solution offers a native check-in/check-out experience. Additionally, it offers built-in security and integration with existing Apple Business Manager and Managed Apple ID technologies.
What is the End-User Experience for Shared iPads for Business?
Rather than read about the experience, we thought of showing you what it looks like with a video
What are the Prerequisites to Begin Using Shared iPads for Business?
Review the following requirements to ensure your Apple environment meets the criteria for shared iPads for Business.
iPads with 32GB storage or higher
To provide each user with secure storage, the iPad itself must have enough disk space to allow multiple users. Each user typically needs at least a few GBs to perform their day-to-day tasks. The greater the total device storage, the more simultaneous users you can configure on a device. Once the iPad reaches maximum capacity, it automatically removes the oldest accounts by last login time. This makes room for the new user’s data partition.
Managed Apple IDs for sign in
When users sign into a Shared iPad, Apple must trust the authentication of the user. Apple achieves this by creating a Managed Apple ID for each user that intends to leverage these devices. Then, Apple Business Manager admins must manually create these accounts or federate to an identity provider. For more information on creating Managed Apple IDs, look at Apple’s support pages here.
Devices added to Apple Business Manager for onboarding
To onboard, add supported iPads to Apple Business Manager and use an automated enrollment profile with Shared mode enabled. The automated enrollment profile is similar to enrolling a 1:1 iPad with skip Setup Assistant enabled.
What do I get with Shared iPads?
Shared iPads come with some unique advantages that other shared device solutions do not offer in comparison. These capabilities seem to distinguish Shared iPads as a top solution for multi-user devices in the Apple ecosystem.
Built-in data separation and encryption
As previously mentioned, the data separation in shared iOS is a gamechanger in the world of shared devices. Other solutions mentioned attempt to achieve this by hiding access to features or performing full device wipes. With Apple’s Shared iPads, each partition is unique per user. Additionally, each partition is encrypted with a different device passcode created locally by the user. Apple Business Manager admins also have the option to create or reset the device passcode on behalf of users.
Locked-down system settings
Device supervision offers admins access to APIs to lockdown Apple devices. However, shared mode takes this one step further. It completely hides several system apps and settings, out of the box, for all users. For example, shared iPads altogether remove the Software Updates section within the Settings app. Solutions like Workspace ONE’s OS Updates framework becomes the primary method to manage device updates effectively. The full list of restrictions is extensive, so we encourage readers to review Apple’s support page on this topic.
Personalized user experience
When users log in with their Managed Apple ID, it notifies the managing MDM provider of this change. As a result, the MDM provider provides personalization, and only shows the resources needed by the targeted user. Personalization could include app configuration, SSO, and even customized Home Screen layout. Be on the lookout for more to come from VMware regarding these unique capabilities.
“Guest mode” for auth-less device access
Temporary Session or Guest Mode provides immediate or anonymous device access. This mode provides immediate access to the device’s Home Screen with no Managed Apple ID or device passcode prompt. Guest Mode is great for quick access to identity independent information.
Conclusion
Hopefully, this gives color and clarity to the new and exciting experiences to come with Shared iPads for Business. Apple continues to expand its ecosystem, pioneering solutions that become the new standard for success in the enterprise.
Stay tuned for more information on how to use Shared iPads for Business with a future version of Workspace ONE UEM in the coming weeks.