WEBVTT

00:08.000 --> 00:12.860
The very first thing we're going to do is start to play around with Moule config profiles, mobile config

00:12.860 --> 00:21.230
profiles are basically of settings that you can set and then apply to devices to get a consistent experience

00:21.440 --> 00:27.420
or to provide some sort of limitations or restrictions without having to touch every single device.

00:28.820 --> 00:32.360
So we're going to go up here to the file menu and hit new profile, get started.

00:33.820 --> 00:40.360
And this is what this looks like, you have if you haven't seen mobile config profiles before, this

00:40.360 --> 00:43.750
profile editor basically gives you a list of all the different things you can configure.

00:45.090 --> 00:47.220
And then apply to your iOS devices.

00:48.690 --> 00:51.540
So the first thing we're going to do, there are some here that say not configured.

00:51.600 --> 00:54.210
There's some of the same mandatory general, always mandatory.

00:55.050 --> 00:57.950
So we're going to go in here and just do a couple of basic things.

01:02.710 --> 01:06.050
Identifier here, we're just going to change this as well.

01:08.600 --> 01:10.430
Really just has to be unique identifier.

01:24.700 --> 01:32.590
So if I'm having this profile given to users and they have to install themselves like, say, for example,

01:33.400 --> 01:39.750
I hosted on a Web page and then I'm asking my users to navigate to the Web page to select the profile,

01:40.150 --> 01:43.710
there's going to be a message that pops up when they go to add it to their device.

01:43.720 --> 01:45.430
And that's what this message messages.

01:46.120 --> 01:48.520
So you can put this in and or you cannot.

01:48.520 --> 01:55.780
If you're automatically applying the mobile config profiles during onboarding with configurator, then

01:55.780 --> 01:58.260
it really doesn't matter what the message says.

01:58.990 --> 02:02.440
Same thing if you're using an MDM to automatically push these out.

02:03.850 --> 02:05.770
I'm just going to go ahead and say.

02:17.900 --> 02:19.580
You know, this is the basic profile.

02:21.470 --> 02:27.320
So this is where you can go in here and say when these profiles can be removed, so if you want, you

02:27.320 --> 02:28.100
can say never.

02:29.230 --> 02:32.950
Or you can say with authorization, and that would require a password.

02:33.260 --> 02:37.190
But I want to point out here, it does specifically say supervised only.

02:37.190 --> 02:40.430
So if your devices are already supervised, they can't be removed.

02:40.430 --> 02:42.330
If your devices aren't supervised.

02:42.350 --> 02:43.880
It's going to be removed anyways.

02:44.510 --> 02:48.170
So I'm going to say that they can always be removed for right now.

02:49.630 --> 02:54.350
What you'll probably want to do if you're providing supervised devices, which likely if you're on boarding

02:54.350 --> 03:00.320
all these devices into Apple configurator, that's kind of the idea you would want to do with authorization

03:00.320 --> 03:05.300
that will allow your technicians or yourself to remove them if you need to, to apply a new one.

03:05.600 --> 03:10.760
But keep your users from from removing any of these settings that you place on them.

03:11.780 --> 03:19.160
And then you can also have an automatically disable, remove or essentially expire these at a specific

03:19.160 --> 03:20.470
date as well.

03:21.880 --> 03:26.020
So we're going to go ahead and leave these as default for the moment, so then we can start looking

03:26.020 --> 03:27.870
through what are some of the things that we can set up.

03:27.880 --> 03:32.860
So I'll start with restrictions, and I highly recommend that you guys go through and look at all of

03:32.860 --> 03:38.800
these, because there's a lot that you can do in here, a lot more than I have time to kind of run through

03:38.800 --> 03:40.720
and you have time to watch me do in the video.

03:41.040 --> 03:45.460
It's far, far better for you to download configurator and play around with this yourself to see what

03:45.460 --> 03:46.870
might work best in your environment.

03:46.870 --> 03:49.630
But I will give you just a few pointers on some things.

03:49.630 --> 03:51.280
So I'm going to hit restrictions.

03:51.290 --> 03:53.530
I'm just going to hit configure.

03:53.530 --> 03:55.420
And this allows me to configure this.

03:55.420 --> 04:00.310
And you can see here I have one payload listed here, a payload as essentially a setting.

04:00.640 --> 04:02.710
So you'll see this as you start to configure these.

04:02.980 --> 04:07.330
If I change my mind and I'm like, oh, wait, I don't want to do any of this, you can always hit the

04:07.330 --> 04:11.110
minus right here and then I'll remove it so you can see it goes back to not configured.

04:11.110 --> 04:14.320
So really safe to just go in here and play with this.

04:14.650 --> 04:20.750
So you see there is a lot of granular control here over all of the different settings that you can do.

04:20.790 --> 04:24.610
Now, I want to point out that there are a little notes here.

04:24.610 --> 04:28.030
Some of these are only available if the devices in supervised mode.

04:28.600 --> 04:31.840
So you may want to say allow adding VPN capabilities.

04:31.990 --> 04:36.460
Well, I don't want anybody adding any VPN connections to these devices.

04:36.730 --> 04:43.240
If you aren't on board your device as supervised, this will not apply and won't even matter if this

04:43.240 --> 04:44.010
is checked or not.

04:44.320 --> 04:45.730
And that's the case for any of these.

04:45.730 --> 04:47.150
I say supervised only.

04:47.590 --> 04:53.800
So you want to make sure that you're applying these profiles to devices that are supervised if you plan

04:53.800 --> 04:56.620
to use the restrictions that are require supervision.

04:58.090 --> 05:03.250
So there's just a ton of stuff in here I'm going to keep all the defaults here and I'm going to basically

05:03.250 --> 05:03.970
say.

05:06.350 --> 05:09.970
You know, require a pass code on first airport, airplane parent.

05:10.760 --> 05:13.720
I don't care, I just said it a check one of these to make it different.

05:14.540 --> 05:18.470
But you can go through this and see how how you which ones of these you may want to set up.

05:18.650 --> 05:19.730
And there are different tabs.

05:19.730 --> 05:21.470
So you have to look through this as well.

05:21.890 --> 05:27.030
So you have the option here as well to turn off things like game center or the iTunes store.

05:28.130 --> 05:36.380
You can choose when to accept cookies and if these are supervised only you can also go in here and adjust

05:36.380 --> 05:39.820
which apps are allowed as well as far as restricting app usage.

05:40.460 --> 05:41.120
So.

05:43.250 --> 05:45.530
You can choose the app, search for it.

05:46.460 --> 05:52.340
But for now, I'm just going to leave that out, we'll just allow a lapse and then same thing with media

05:52.340 --> 05:55.730
content and you can do the content ratings as well.

05:55.820 --> 06:02.210
So a lot of what we had shown in a previous lesson on the restrictions you can set up directly on the

06:02.210 --> 06:02.810
iPad.

06:02.990 --> 06:11.930
You can now do this one time in Apple configurator and apply this configuration setting to all the devices

06:12.440 --> 06:13.530
that will save you some time.

06:14.240 --> 06:16.070
Another one I want to show is wi fi.

06:17.830 --> 06:24.100
A lot of organizations have wireless networks that are, quote unquote, enterprise, which are a lot,

06:24.250 --> 06:27.440
maybe a little bit harder for the average user to join.

06:27.460 --> 06:28.960
Maybe you have certificates.

06:28.960 --> 06:35.770
Maybe you have to use a specific kind of wireless protocol you can onboard all of that in here.

06:36.100 --> 06:44.890
And you can provide a much easier experience for users on your supervised devices or even unsupervised

06:44.890 --> 06:49.640
devices, for that matter, to join the wireless network at your organization.

06:50.050 --> 06:51.790
So I'm going to put one in here.

06:58.690 --> 07:04.690
And so this is the idea of our network, our student network, and this is not a broadcast network,

07:04.700 --> 07:10.150
we actually don't want anyone on this network except those that are using the iPads that we provide.

07:10.180 --> 07:12.280
So it's actually a hidden network.

07:12.280 --> 07:13.480
So I'm going to choose that.

07:13.480 --> 07:15.100
I'm going to choose to join it.

07:15.910 --> 07:22.180
And it's currently I don't have a captive portal, but if I did have a captive portal, I have an option

07:22.180 --> 07:25.680
here as well to bypass the captive network detection.

07:25.960 --> 07:32.860
So instead, I would have if I uncheck this and I had a captive portal, I would force my users to have

07:32.860 --> 07:40.000
to go to Safari or Chrome or some other browser on the device to log into the captive portal.

07:41.250 --> 07:49.830
I've got no proxy, but I do have wireless encryption and I actually have to enterprise, so I'm going

07:49.830 --> 07:51.920
to select that and now I've given protocol.

07:51.940 --> 07:54.560
So this is where this becomes more difficult for your end users.

07:54.810 --> 07:58.170
And this is actually a network here.

07:58.620 --> 08:03.360
And I have the option here to put in the username and password.

08:03.780 --> 08:10.080
And so I've actually got a service account that I've set up on my wireless network just for onboarding

08:10.080 --> 08:10.740
iPads.

08:11.130 --> 08:12.540
So it's going to be.

08:13.830 --> 08:16.080
And now I can put on my password here.

08:20.460 --> 08:21.880
And that looks good.

08:21.900 --> 08:28.350
So that will allow everyone to join the device and then if I have certificates, I don't have a certificate

08:28.350 --> 08:33.710
I need to add it will actually install a certificate when it first connects to the network.

08:33.720 --> 08:38.970
But if your wireless network requires a certificate, you can also add your trust certificate names

08:38.970 --> 08:39.560
here as well.

08:40.610 --> 08:48.170
So this will allow you to greatly reduce the headache that comes to onboarding devices onto like a WPA

08:48.170 --> 08:49.370
to enterprise network.

08:49.550 --> 08:50.810
That's the one that you operate.

08:51.860 --> 08:54.290
So the last thing I want to show is Web clips.

08:55.400 --> 08:56.560
Go ahead and configure.

08:57.500 --> 09:02.420
So one of the things that you probably have people come to you and say, hey, I really want an app.

09:02.420 --> 09:03.710
They're going to tell you they want an app.

09:03.710 --> 09:08.000
It's probably what they really want is a shortcut, but they'll tell you they want an app to a particular

09:08.000 --> 09:08.810
website.

09:08.840 --> 09:14.840
Or you may want to provide a link to maybe your help desk or something right from the home screen of

09:14.840 --> 09:19.360
the iPad, rather than having to configure safari bookmarks and all these other things.

09:19.370 --> 09:22.940
So there's really a cool way to do this using this Web clips.

09:23.300 --> 09:27.570
So you can see I've got a couple of requirements here.

09:27.620 --> 09:32.870
So first, we have to name we have to provide a label that's going to be the name of the icon.

09:32.880 --> 09:37.310
I'm going to call it Help Desk here and then you need to have your URL.

09:37.310 --> 09:43.030
And I'm just going to do support dot my company dot com.

09:44.150 --> 09:46.430
You can choose whether you want it to be removable or not.

09:47.000 --> 09:51.170
So I'm going to leave it as removable in case something like, I don't know, we're going to use that

09:51.170 --> 09:53.780
or whatever, but you may actually want to keep it on there.

09:53.780 --> 09:58.010
If it's something where you feel like you're going to keep adding it all the time, you can choose an

09:58.010 --> 09:58.480
icon.

09:58.490 --> 10:02.530
So I'm just going to go ahead and do this help desk icon that I've got.

10:04.070 --> 10:08.510
You can choose whether you want it to be pre composed or not that basically will turn on or off the

10:08.510 --> 10:10.520
added visual effects that iOS puts on it.

10:10.520 --> 10:17.420
If you're in any kind of a iOS developer, you'll have come across this before and Xcode and then full

10:17.420 --> 10:20.900
screen is it displays that as a full screen application.

10:20.900 --> 10:26.840
So that might be helpful if you're looking at using that access or single app mode on the device.

10:26.840 --> 10:30.560
But we're going to leave those unchecked and now.

10:31.840 --> 10:33.770
I've got these as listed here.

10:33.790 --> 10:43.120
So what will happen when I install this mobile config profile is it's going to set up my genetic information

10:43.120 --> 10:43.420
here.

10:43.900 --> 10:50.110
It's going to provide this payload where I basically just required a passcode the first time using airplay.

10:51.050 --> 10:56.300
It's going to join it to my wireless network automatically using this service account and password and

10:56.300 --> 11:04.250
the and the proper protocols, and it's going to apply my helpdesk link as an icon on the home screen.

11:05.240 --> 11:12.530
So I'm going to go ahead and save this and we'll call it my company, that mobile config.

11:14.310 --> 11:19.680
So I've saved that profile now what's really cool about this whole config profile at this point is I

11:19.680 --> 11:25.110
could basically put it on our website, put it in iCloud drive, email it to the user.

11:25.110 --> 11:30.870
Anyway, I want to manually distribute this mobile config profile to get it onto a device that would

11:30.870 --> 11:32.670
then need to have these settings set up.

11:33.270 --> 11:34.450
So you have the option to do that.

11:34.470 --> 11:39.630
The other thing I want to talk about real quick before I finish up my little lesson on mobile config

11:39.630 --> 11:46.530
profiles is you want to start to strategize the best way to configure this and what you want your devices

11:46.530 --> 11:47.040
to look like.

11:47.100 --> 11:51.930
So what I mean by that is so I want all my devices to look exactly the same.

11:52.170 --> 11:59.220
Do I need some devices that are configured with less settings and less restrictions and some with more?

11:59.220 --> 12:02.090
Or do I have specific things that are unique for a department?

12:02.310 --> 12:13.020
So, for example, I might want Wi-Fi and, you know, maybe no restrictions and my mandatory general

12:13.020 --> 12:20.090
information to be the same and my helpdesk icon, I may want that on every single iPad in my organization.

12:20.130 --> 12:20.520
Right.

12:20.530 --> 12:21.890
So I'm going to go ahead and save this.

12:21.890 --> 12:23.520
So that's my company, not Momoka thing.

12:24.090 --> 12:27.300
That one gets applied to all devices regardless.

12:27.420 --> 12:31.830
Now, I may also want just to have iPads for the math department.

12:32.100 --> 12:39.330
And the math department also wants in addition to this particular helpdesk icon that I want on there,

12:39.330 --> 12:45.600
they have a list of five other math related websites that they want added to the home screen as well.

12:46.020 --> 12:51.210
You could put that in all of them and just tell everybody, hey, ignore the math ones or delete the

12:51.210 --> 12:53.310
math ones that are removable after all.

12:53.640 --> 12:54.970
But that's not very nice.

12:55.410 --> 12:56.310
That's not very easy.

12:56.930 --> 12:58.380
And we we can do better than that.

12:58.380 --> 13:03.990
So we can create another one and we can just do me a new profile again.

13:04.410 --> 13:08.370
And this one, we're going to basically call this one math.

13:09.810 --> 13:11.160
We'll call it math profile.

13:11.160 --> 13:11.460
Right.

13:11.850 --> 13:17.280
And we'll change this again to my company and all that good stuff.

13:17.610 --> 13:20.480
And we can put these things in here as well.

13:22.280 --> 13:29.240
And math department may be right and that kind of thing, right, and then we can just skip all the

13:29.240 --> 13:35.210
other stuff because we've already got it on the other Profilet, we go right to Web clips, we configure

13:35.210 --> 13:39.820
and now we can start putting on here, you know, math mathematic.

13:39.830 --> 13:46.100
I have no idea if that's a place, but we could just, you know, put in here WW math dot com and we

13:46.100 --> 13:50.390
can drop an icon in here and, you know, we can add another one.

13:50.570 --> 13:53.300
And so you just keep going right down the list.

13:53.300 --> 13:57.590
Put those five math related websites in that the math department wanted.

13:58.020 --> 14:01.580
Save this one as.

14:03.260 --> 14:09.560
You know, math profile, right, and hit save now what I can do on those math iPads is I can go ahead

14:09.560 --> 14:12.770
and lay down my company and then I can lay down math profile.

14:12.770 --> 14:15.500
And for everybody else, I just lay down my company.

14:15.860 --> 14:23.030
So start to think about how you may want to layer these mobile config profiles to not require one monolithic

14:23.030 --> 14:26.560
profile or to manage a ton of different monolithic profiles.

14:26.960 --> 14:33.680
So it's that way if something changes, let's say, for example, the wi fi changes, you only have

14:33.680 --> 14:39.770
to go and change one profile that provided Wi-Fi rather than having to keep up with 20, 30, 40, 100

14:40.130 --> 14:43.930
different mobile config profiles that all have the wi fi information listed in there.

14:44.240 --> 14:45.560
So that makes sense.

14:45.810 --> 14:50.150
That's what you want to start to think about, because you can layer multiple profiles in on top of

14:50.150 --> 14:53.360
each other to make unique experiences per device group.

14:56.780 --> 14:58.250
That's mobile config, big profile.

14:59.480 --> 15:06.710
In the next lesson, we'll talk about how to add those profiles to prepared devices and build blueprints

15:06.980 --> 15:08.870
for deploying those and managing them.