Use MDM to Manage a Successful 1:1 Program
Post on 07-Jul-2015
200 Views
Preview:
DESCRIPTION
Transcript
Use MDM to Manage a
Successful 1:1 ProgramManage your networked devices with Mobile Device Management.
About John Tracy
• Associate Director of
Technology at The Montgomery
Academy
• 1:1 College Preparatory
Independent School in
Montgomery, Alabama
• Systems Administrator for ten
years before teaching
technology courses to high
school students for four years.
• Operate 121k12.org
independently as a resource for
schools looking to begin a 1:1
curriculum.
What is MDM?
Mobile Device Management is a set
of software and server technologies
that can manage, monitor, locate,
and secure devices of several
different types, deployed across the
world.
Why Use MDM?
• Better control over networked devices, even if it is a
BYOD solution.
• Give access to segregated networks without handing out
passwords.
• Track where school owned devices are, anywhere in the
world, in real-time.
• Remotely install applications based on device type, use,
or other trigger.
Meraki Dashboard Free MDM
Advantages of a cloud
hosted MDM
• Always online.
• Devices do not need to be on your
local network.
• Works with any network.
• Provides location services and
geofencing.
Common 1:1 MDM
Tasks (Demo of
Each)
• Assigning devices to specific
networks.
• Assigning Group Policies to
device types or groups.
• Pushing apps to devices based
on rules.
• Clearing passcodes; removing
authentication lock (iOS,
supervision mode)
• Screen sharing
• Reboot, Lock & Report (Macs and
PCs)
• Asset Management
Assigning devices to
specific networksDemonstration
Network Best Practices
• Separate networks based on use
• Grade level, Division etc.
• If a certain group needs apps that other groups do not,
put them in their own network, or manage them with
tags.
• If these are institution purchased Apple devices, use the
Device Enrollment Program (DEP) to automatically
assign the devices to the network of your choice.
Assigning Group Policies
to device types or
groups
Demonstration
Group Policy Best Practices
• Use limited content filtering at the network level
• Allow group policy to introduce more granular control of
certain groups for content filtering.
• If your network should only see certain types of devices,
e.g.: iOS or Android, have group policy take devices of
all other types to guest-level access.
• Keep a set of restrictions in a group policy as
consequential treatment for breaking rules in your
Acceptable Use Policy (AUP).
Pushing apps to devices
based on rulesDemonstration
App Distribution Best Practices
• App Store apps should be purchased using Volume Purchase
Program (VPP) tokens.
• VPP tokens will allow the institution to retain license rights to
the app.
• In a Bring Your Own Device (BYOD) setting, apps can be
given to the student, when they have finished using the app,
the license can be pulled back to be used for another
student.
• Think of this system as a classroom set of books. The
student has access to the book during the course, but when
they are done, the next set of students can use them.
Clearing passcodes;
removing authentication
lock
Demonstration
Unlocking Best Practices
• Clearing Passcodes should only be done in certain circumstances.
• A student or faculty member has been locked out of their device.
• Student or faculty member is unavailable while device is being
serviced.
• Removing authentication lock should only be done in certain
circumstances.
• Devices must be school-owned and under supervision.
• Reseting the devices for another use or to problem-solve a severe
issue. (Removing authentication lock should be a last resort,
contact with the individual who possesses the device should
happen before bypassing this step. DATA WILL BE REMOVED!)
Screen sharing Demonstration
Screen Sharing Best Practices
• Screen sharing is only available for full computers. (Not
tablet and mobile devices.)
• An Acceptable Use Policy (AUP) should mention the role
of IT and their use of screen sharing as a tool to help
diagnose and maintain systems.
• Screen sharing should not be used surreptitiously, IT is
there to provide help, not fear.
Reboot, Lock & Wipe Demonstration
Reboot, Lock & Wipe Best Practices
• Devices should only be locked or wiped when they can
not be immediately found; reported missing.
• Wipe should only be used for devices thought to contain
sensitive institutional data.
• A backup may not have been performed, unless the
data is sensitive, save wiping the device for instances
when theft is the cause.
Asset Management Demonstration
Asset Management Best Practices
• MDM based asset management is only as good as the
configuration profile.
• If the device has been wiped, or is offline, trust of the
asset information is compromised.
• A separate database should still be maintained. This will
allow history of the devices to be preserved.
• Previous owner history.
• Warranty ticket history.
Questions & Discussion
top related