Shared devices

Apple announced that, starting from iOS 9.3, they’ll allow schools to share iPads among students by enabling them to login and out of the iPad with their own iCloud account.There’s been a lot of speculation online already on how this might work, and no one knows for sure until Apple releases more information, but until then, here’s my take:

DEP

A couple of years ago Apple started their Device Enrollment Program (DEP). It’s a program where iPads are bound to the company that bought them, and during the device registration the iPad downloads the necessary profiles so that the device is automatically enrolled in that company’s MDM server.

This has two benefits: if the iPad is stolen, it will always re-enroll after a wipe, so no one can ever use that device outside of company control.

But, the biggest benefit is that companies can automatically push configurations, apps and restrictions to the iPad upon first boot.It makes the enrollment process a lot nicer, and the user needs to configure a lot less.

Device Based App Deployment

Apple has long offered a Volume Purchase Program (VPP) for schools and companies. It allows them to buy apps in bulk and distribute them among their employees or students.Users accept the app with their AppleID and they can update, delete and reinstall the app themselves.

Thanks to Managed Distribution, companies can buy 100 licenses, gift them out, and revoke the license as they feel needed.

New in iOS9 is the option to use a Device Based Employment. Instead of handing of a license to a users’ AppleID, the license is assigned to the device itself. This means a user never has to type an AppleID, apps can be update remotely via the MDM server and are user-independent.

iCloud Drive

Thanks to iCloud Drive apps sync seamlessly across device, almost instantly. Instead of each app backing up their document folder to iCloud, iCloud Drive provides instant sync + cloud ‘backup’ for your data.More and more of Apple’s own services are moving to iCloud Drive instead of a regular documents folder that gets backed up every night. They moved photos with iOS 8, notes with iOS 9, and now with iOS 9.3 has migrated to this new model. If you want a reason why they migrated iBooks, look no further than education.

Prior to iCloud Drive, if you deleted an app that only backed up via iCloud, that apps’ data was lost. They only way to fix it was restoring a your iCloud backup from the night before. With iCloud Drive you can now delete e.g. Pixelmator. Upon reinstall, the app will find its data in iCloud Drive, and it’s as if you’ve never deleted the app.

A new kind of Deployment.

Thanks to DEP and Device Based Apps, any company with a decent MDM server can now do this:They buy 20 iPads via the DEP program. Within their MDM server they add the iPads to a group and push a set of specific apps to the device. Thanks to the control they have over the setup-steps they disable everything except for ‘Add iCloud account’ and ‘Wifi’. And as a bonus they disable the installation of Apps by the user.

They gift out the iPads to their users, who launch the iPads, choose a Wi-Fi network and type in their AppleID. While they are looking for their password, the iPads already has started downloading all the apps in the background. Which means that, when they’ve reached the home screen, it’ll contain all the assigned apps and their personal iCloud data.If they user wipes the iPad and reconfigures it, they have the same iPad again. If they take any other iPad from those 20 iPads and reconfigure the iPad they get.. That same iPad configuration and their own data.

Sound familiar?

Shared iPads

If you take the three technologies above and combine them, we’re really close to Apple’s new education flow:

A school buys iPads via DEP. they push a specific set of apps to those iPads via Device Based Assignment, and they’ll probably won’t allow, or can’t allow, the installation of other apps.Apps that are pushed need to be compatible with this enrollment type. If the developer didn’t allow for this option, tough luck.

A student than takes any iPad, logs in with their AppleID and all their data gets downloaded. Which thanks to iCloud Drive doesn’t require a restore of the iPad anymore. Apps just start lazely syncing their documents.

But I think there’ll be a new prerequisite for apps that can opt-in for this program: they need to be iCloud Drive compatible or at least support a way to get their data restored on the fly from an online source akin to Google Drive, Dropbox,..

Why? Cause I think the user-switching will purely be based on iCloud accounts. Each time a student gets an iPad, they log in with their AppleID. iOS will remove the previous user’s iCloud login, and remove all iCloud Drive documents, photos, music, iMovie projects, key chains and bookmarks connected to that account.

The apps aren’t removed, but after the login process has finished, they now show the iCloud data of this student. (Imagine numbers with all spreadsheets showing the cloud icon). If it can’t be synced via iCloud, or if the app can’t login to their own sync engine via the keychain and preferences: though luck, it’ll be as if you haven’t used it beforehand.

For example: if you use 1Password in school with iCloud syncing, each time a user logs in it’ll pull the Vault from iCloud Drive. If you sync via Dropbox, you’ll need to reauthenticate.

So the only thing that’s really new here is that Apple will make sure only and all user data gets wiped when a new user logs in.

Cause the rest of the process really doesn’t differ a lot from the current flow that exists in Deployments with iOS 9. The real difference is that they’ll wipe a device, but retain the apps.At least that’s how I see it.