On Tuesday, we wrote about the enterprise angle for Apple’s new MacBook Air, trackpad and mouse support in iPadOS 13.4, and the new Magic Keyboard for iPad Pro.
But there was another significant announcement for Apple in the enterprise this week: iPadOS 13.4 is bringing Shared iPad for Business.
Shared iPad is a multi-user mode that came out for education customers back in 2016 with iOS 9.3. It allows a managed user to go up to any institutional iPad, log in, and get all of their apps, settings, and data pulled down from iCloud. For longtime desktop admins, you can think of this as the iPad equivalent of Windows roaming profiles.
We always thought it would be great to have Shared iPad for enterprise, too, but we weren’t holding our breath. And in the meantime, there were plenty of other approaches to enabling multi-user iPads, via app-level solutions, MDM, and GroundControl.
Now that we finally have multi user/shared device/roaming profile capabilities at the system level for enterprise iPads, how does this work and what does it mean?
How it Shared iPad works
Apple has posted some documentation for Shared iPad, and since it’s been around in education for a few years, the EMM industry already has some experience with it.
To use Shared iPad, customers will need an Apple Business Manager instance; an MDM server or UEM product that supports Shared iPad; some recent iPads; and managed Apple IDs for users.
Managed Apple IDs can be set up in a number of ways, including via federation with Microsoft Azure Active Directory. (I’ll focus on Azure AD for now; check out Apple’s documentation for login flows using other methods.)
Azure AD federation for business users came out last fall with iOS 13.1 and User Enrollment, so some key integration questions have now been answered, such as how to deal with users that already made a consumer Apple ID with their corporate email address.
Users can log into any iPad set up for shared usage by their organization with their Azure AD username and password. They will be prompted to create a passcode on the iPad, and, then, their apps, data, settings, and email accounts are synced down from iCloud. All this data is cached locally on the iPad, and when the user comes back, they’ll see a list of recent users they can tap on.
Given the data synced to the iPad and the need to set a passcode, Apple’s documentation recommends having users return to the same device, if possible. Customers can also cache iCloud data on their network, using the Content Caching features in macOS.
Shared iPad also now has a temporary guest mode. No username or passcode is required; more settings and options are locked down; and any data is deleted when the user is done.
As you can imagine, there are a variety of MDM commands and profiles for managing Shared iPads. Shared iPads operate in supervised mode, which supports many different restrictions, and on top of that, there are additional features, settings, apps, and services that are restricted for Shared iPad and Managed Apple IDs. IT can also manage storage allocations.
Since Shared iPad requires an MDM server, you’ll have to wait and see how your EMM or UEM vendor exposes all of the settings. In the meantime, in addition to the Shared iPad documentation listed above, you can also dig through MDM settings for IT and MDM documentation for developers.
What Shared iPad for Business means
As I mentioned, some vendors in the EMM space have already created their own multi-user options; but having these new capabilities at the OS level is going to open up even more options.
Apple has been on a tear with enterprise features recently, and Shared iPad for Business is another example of this. Other updates out this week include an educational testing mode for Macs, proxy support with the Apple Push Notification Service, and iCloud Drive folder sharing. I’m super excited to see what else WWDC brings in June.
Customers considering Shared iPad for Business are going to have to keep several factors in mind.
First, there’s the need for Managed Apple IDs, Apple Business Manager, and iCloud storage. Some customers might be waiting until Azure AD projects are finished to take advantage of this, or hoping that Apple adds support for other identity providers. Using iCloud as the syncing mechanism also means that some organizations might need to make sure their apps are storing any sensitive data in other locations.
Second, I can think back to countless conference sessions on how to optimize Windows roaming profiles and login times. Many of these same concepts will apply with Shared iPad, too. You can even do things like showing and hiding apps via MDM, similar to desktop app masking approaches like FSLogix.
Also, you will have to wait for your EMM or UEM vendor to provide support. Jamf announced support on Tuesday; we’ll be sure to put other support announcements in the Friday Notebook as they happen.