Use MDM to Manage a

Successful 1:1 ProgramManage your networked devices with Mobile Device Management.

About John Tracy

• Associate Director of

Technology at The Montgomery

Academy

• 1:1 College Preparatory

Independent School in

Montgomery, Alabama

• Systems Administrator for ten

years before teaching

technology courses to high

school students for four years.

• Operate 121k12.org

independently as a resource for

schools looking to begin a 1:1

curriculum.

What is MDM?

Mobile Device Management is a set

of software and server technologies

that can manage, monitor, locate,

and secure devices of several

different types, deployed across the

world.

Why Use MDM?

• Better control over networked devices, even if it is a

BYOD solution.

• Give access to segregated networks without handing out

passwords.

• Track where school owned devices are, anywhere in the

world, in real-time.

• Remotely install applications based on device type, use,

or other trigger.

Meraki Dashboard Free MDM

Advantages of a cloud

hosted MDM

• Always online.

• Devices do not need to be on your

local network.

• Works with any network.

• Provides location services and

geofencing.

Common 1:1 MDM

Tasks (Demo of

Each)

• Assigning devices to specific

networks.

• Assigning Group Policies to

device types or groups.

• Pushing apps to devices based

on rules.

• Clearing passcodes; removing

authentication lock (iOS,

supervision mode)

• Screen sharing

• Reboot, Lock & Report (Macs and

PCs)

• Asset Management

Assigning devices to

specific networksDemonstration

Network Best Practices

• Separate networks based on use

• Grade level, Division etc.

• If a certain group needs apps that other groups do not,

put them in their own network, or manage them with

tags.

• If these are institution purchased Apple devices, use the

Device Enrollment Program (DEP) to automatically

assign the devices to the network of your choice.

Assigning Group Policies

to device types or

groups

Demonstration

Group Policy Best Practices

• Use limited content filtering at the network level

• Allow group policy to introduce more granular control of

certain groups for content filtering.

• If your network should only see certain types of devices,

e.g.: iOS or Android, have group policy take devices of

all other types to guest-level access.

• Keep a set of restrictions in a group policy as

consequential treatment for breaking rules in your

Acceptable Use Policy (AUP).

Pushing apps to devices

based on rulesDemonstration

App Distribution Best Practices

• App Store apps should be purchased using Volume Purchase

Program (VPP) tokens.

• VPP tokens will allow the institution to retain license rights to

the app.

• In a Bring Your Own Device (BYOD) setting, apps can be

given to the student, when they have finished using the app,

the license can be pulled back to be used for another

student.

• Think of this system as a classroom set of books. The

student has access to the book during the course, but when

they are done, the next set of students can use them.

Clearing passcodes;

removing authentication

lock

Demonstration

Unlocking Best Practices

• Clearing Passcodes should only be done in certain circumstances.

• A student or faculty member has been locked out of their device.

• Student or faculty member is unavailable while device is being

serviced.

• Removing authentication lock should only be done in certain

circumstances.

• Devices must be school-owned and under supervision.

• Reseting the devices for another use or to problem-solve a severe

issue. (Removing authentication lock should be a last resort,

contact with the individual who possesses the device should

happen before bypassing this step. DATA WILL BE REMOVED!)

Screen sharing Demonstration

Screen Sharing Best Practices

• Screen sharing is only available for full computers. (Not

tablet and mobile devices.)

• An Acceptable Use Policy (AUP) should mention the role

of IT and their use of screen sharing as a tool to help

diagnose and maintain systems.

• Screen sharing should not be used surreptitiously, IT is

there to provide help, not fear.

Reboot, Lock & Wipe Demonstration

Reboot, Lock & Wipe Best Practices

• Devices should only be locked or wiped when they can

not be immediately found; reported missing.

• Wipe should only be used for devices thought to contain

sensitive institutional data.

• A backup may not have been performed, unless the

data is sensitive, save wiping the device for instances

when theft is the cause.

Asset Management Demonstration

Asset Management Best Practices

• MDM based asset management is only as good as the

configuration profile.

• If the device has been wiped, or is offline, trust of the

asset information is compromised.

• A separate database should still be maintained. This will

allow history of the devices to be preserved.

• Previous owner history.

• Warranty ticket history.

Questions & Discussion