Why not iPad?

Rogers, in ‘The Diffusion of Innovation’, suggests that some of the reasons why new ideas spread or not is because of:

  • Relative advantage
  • Compatibility
  • Complexity
  • Trialability
  • Observability

In my school (UK state primary) we have a successful 1:1 iPad programme. But nearly all other schools in the area don’t. Why might that be? Here are some back of an envelope thoughts…

Relative advantage

I suppose that the greatest competitor of iPad in schools is not chromebooks or anything else, but rather just not having them. Schools have survived for centuries and millennia without a computer for every child. What are the advantages of having this magical device over just not bothering? Ofsted aren’t looking for it, SATS don’t require them, secondary schools aren’t demanding the skills and experience and I don’t think parents would pay for them.

Compatibility

Most schools have SIMS, Windows PCS, ‘smart’ boards and then a smattering of Chromebooks, laptops and perhaps some iPads. iPad plays very nicely with Microsoft (if you’re in the cloud) and Google (with 1:1 devices) but a lot less so with a legacy technology stack. Adopting iPad involves updating lots of other things too.

Complexity

Managing iPad in a school can be easy and a lot less IT-reliant at scale. However, you have to have all of the pieces in place: MDM, Apple School Manager, Managed Apple IDs and Automated Device Enrollment. If schools and IT teams aren’t familiar with the technology, this can seem like a big obstacle.

Trialability

iPad really starts making a difference when every child gets one. But how do you ‘trial’ that? For them to be used effectively, staff need professional learning, which is harder to do with just a subset of teachers. But trialing is what schools want and need to do.

Observability

iPad needs a learning platform. It’s possible to use Microsoft Teams, Google Classroom and indeed Showbie or perhaps Apple Schoolwork. But without this, the work that is produced has nowhere to go and so no one can really see the difference that it makes.

All of the above — I guess — must at least be considered for technology rollouts to be successful.

Managing Macs like they’re iPads

Over the last year, we have been migrating all of our iPads over to Jamf School, which has gone really rather well. Jamf School’s focus on education really pays off I believe, making lots of things you might need to do or manage in a school really easy. Given this wonderful success, could we move over our Mac fleet as well, migrating those computers from from Jamf Pro?

The case for moving the iPads was easy: it was a little bit cheaper (which adds up when you’re doing a school-wide 1:1 project), it had some neat education features like Jamf Teacher, and it was the direction that Jamf seemed to be taking things in the education space. What about then for the Mac?

In terms of price, Jamf School costs the same whether you’re managing an Apple TV, an iPad or a Mac, so this makes for nearly a 50% saving over Jamf Pro. Whilst that doesn’t add up to huge amounts of money as we don’t have the same number of Macs as we do iPads, every little helps in these days of inflation.

But what about functionality? Jamf Pro is a mature and fully-featured product, with a long history of wrangling the consumer-centric Mac into some sort of enterprise compliance, and has all sorts of hooks and tricks for getting Macs to do what you want. Whereas Jamf School is basically just the MDM side with a basic scripting add-on and a Jamf School ‘self service’ menubar extension that allows users to install apps, profiles, documents and natty wallpapers.

The question then became, could we set up our Macs the way we wanted them, basically using the same tools available for managing iPads? Here is a bit of my adventure and some things I’d love for Jamf to fix!

Adventure Highlights

  • Plugging the Macs into Device Enrollment was pretty straight forward. This allows Macs to be supervised over the air, with users unable to remove the supervision profile. One neat thing about this is that we could preload asset numbers and device names into Jamf School, meaning that we didn’t need to run any fancy scripts post install to gather that information. Rather than manually adding in the Mac’s location in the school once the device was enrolled, I included that in the machine’s name instead.
  • Getting Jamf Connect working wasn’t quite as straight forward as on Jamf Pro. It basically just involved installing the various Jamf Connect packages and then building a configuration profile using the tool that Jamf provide.
  • Mac App Store app installation is super easy. 3rd-party apps were less straight forward, depending on how complex the installer packages were. I was able to sort out most common apps (Chrome, Office etc) with help from support when I got stuck.
  • Creating configuration profiles was reasonably straightforward. And joy of joys, I was able to create a profile for the dock within Jamf School (looking at you Jamf Pro). For custom profiles, I found iMazing to be a very powerful tool.

Wish List

Here are some features I’d love for Jamf to add:

  • Better Jamf Connect integration. A single button in settings would be sweet!
  • Better 3rd party app management. And it turns out that my wish is their command, as Jamf have just added App Installers, a list of packages that Jamf maintains and updates. Amazing!
  • Onboarding screens. The highly skilled out there are able to weave together beautiful onboarding screens when first setting up a Mac. I’ve had a look, but it seems to require a lot of scripting, so I would love it if Jamf could build such a thing into their product. I can but dream…

Is it worth it?

Having been through the switch, which did involve wiping and setting up again all of the Macs in the school, I would say that it has been worth while. Managing all of our devices in one place is great, and the simplicity of Jamf School is also a bonus. If you have a simpler Mac set up then Jamf School is definitely worth a look.

Ventura, Safari and Dock Master

Apple don’t like Mac admins tinkering with the dock. For Apple, the dock is a space for the user to customise and tweak to their heart’s desire, not for some technical overlord to control.

But in a school setting, setting the contents of the dock is actually really handy. If people are moving around the school and could potentially log into any given Mac, having all the dock items in the same place makes it more familiar for staff.

Unfortunately, Jamf Pro doesn’t really offer quite the right tools for doing this. It is possible to add and remove dock items using ‘policies’, but this is prone to error and still allows users to move things around however they like. Or you can create a ‘profile’ for the dock, but only if it includes default apps and not things like Keynote, Word or Slack.

Thankfully, Michael Page has created ‘Dock Master’, an online tool that allows for the creation of customisable dock profiles with whichever apps your heart desires. Just set it up as you want, download the profile and then upload that to your MDM of choice.

When Ventura was released, I started upgrading some Macs to it and then noticed that Safari would have a little alias arrow in the left corner of the app icon in the dock. Very strange!

After a little bit of digging, I discovered that this was because Safari actually now lives in

System/Cryptexes/App/System/Applications/Safari.app

and not in the Applications folder at all. So once I put in the correct path in Dock Master, it all worked fine. Yay!

An Ode to Jamf School

We’ve been using Jamf Pro (formerly Casper Suite) at school since 2015 to manage our Macs and iPads. And it’s been generally great, and certainly better than any other MDMs on offer.

However, upon visiting and presenting at BETT earlier this year, it became clear that Jamf were positioning their Jamf School product (formerly Zuludesk, acquired by Jamf in 2019) as the best solution to use in education. After chatting with some Jamf engineers and then their sales team, it turned out that they were perfectly happy to give us complementary licences for Jamf School for the year for us to try it as we were already paying for Jamf Pro and then we could migrate our devices from Jamf Pro at our own pace.

And trialing it is what we’ve done. Moving MDM is not an insignificant task, as every device has to be reenrolled (involving a wipe and fresh setup), but as we were refreshing our KS2 iPads and tweaking our KS1 setup (no more ‘shared iPad’ mode), this seemed like a good opportunity.

And the verdict? We love it!

So much so that I am going to write a blog post where I literally count the ways in which Jamf School is so great…

  1. It’s easy to get started. There’s a friendly onboarding process that gets you plugged into all of Apple’s systems from the outset, such as Apple School Manager, sorting out push certificates etc.
  2. Authentication with Microsoft is also easy. Compared with Jamf Pro, sorting out authentication with a 3rd party provider is really straightforward and lets you add that to the device enrolment workflow.
  3. Syncing accounts with Apple School Manager is simple. Once ASM is plugged in, all of the various student and teacher accounts can be imported into Jamf School, complete with class groupings and everything.
  4. Making groups is fun. In Jamf School, when you make a static or smart group, assigning apps and profiles to that group is part of the creation process. It’s a small thing, but it’s so much quicker as you just ‘click, click, click’ to add the apps you want, rather than going to each app individually and changing the scope.
  5. Making profiles is more straightforward. Rather than just presenting profile options in all their complexity, profile creation is organised in a way that makes more sense for a school. For example, designing Home Screen layouts includes a lovely drag and drop GUI that shows what it will look like as you create it.
  6. The Jamf Teacher/Jamf Student apps are cool. Rather than the Self Service app in Jamf Pro, Jamf Teacher combines the classroom control functionality and resource/app/books catalogue into one place. Which is nice.
  7. There is a plethora of payload variables on offer. Jamf Pro had a few ways of pulling in device/user information in places, but Jamf School has way more of this. One particularly handy place this is implemented is with device naming. Rather than just having the option of a the device serial number, we can craft our own custom naming schema, with the default being the useful ‘iPad of %FullName%’. It’s a little thing, but it makes AirDrop in a school of hundreds actually doable as students can easily see the iPad of their classmate, rather than just the serial number.
  8. Student photos on Apple Classroom becomes a thing. Ever since Apple Classroom came out, it’s been possible to put your student’s photos to appear when showing which child has which iPad. However, for most MDMs it’s required hosting the photos of the students on a private web server, which is way beyond my competence level. But with Jamf School, you can just upload the photos to the child’s profile and then they appear automagically in Apple Classroom. Or even the teacher can take a photo in the Jamf Teacher app and then they appear in Apple Classroom too. Cool huh?
  9. Different app settings in one place. In Jamf Pro, if I wanted to have an app automatically install for one group but be a manual install for another group, this was possible but involved adding an app multiple times to the catalogue. Whereas in Jamf School you can just pick the distribution method when you pick the group for the app.
  10. The App catalogue just shows the apps you have licences for. Rather than having to add apps by searching the entire App Store catalogue, Jamf School just shows you all the apps you have volume purchase licences for. And if you don’t want to use any given app any more, you can just hide it from the list. It’s so easy AND tidy!
  11. Assigning books just works. Want to add a book? It will already be in the catalogue of books if you have a licence for it and then you just scope it to the users you want to have it. Jamf School sorts out inviting all the Managed Apple IDs with a simple tick of a box.
  12. You can put devices in groups, enter their asset tag number and rename them before they are enrolled. This is hugely powerful because you no longer need to think of sneaky ways to get a device to end up back in a group should it ever be wiped or deleted from Jamf School.

I probably could go on.

All in all, it’s been an experience with the continual delight of ‘hey, that’s a much better way of doing things’. Admittedly, some ways of doing things is different to Jamf School (such as the idea of automatically reinstalling apps if a user deletes them – the correct method is to remove it via the Jamf Teacher or Jamf Student app). But once you begin thinking in a Jamf School kinda ways, it becomes much easier!

USB-C and the 10th Generation iPad

On Tuesday, Apple announced (via a press release rather than some fancy online event) the latest iteration of iPad, the 10th generation iPad.

It has some nice things going for it:

  • Rounded corner edge-to-edge display
  • Touch ID on the sleep/wake button
  • Fancy new magical keyboard, making use of the old-school magnetic connector on the side of the iPad and with Microsoft Surface-style kickstand
  • Front-facing webcam on the landscape edge rather than on the portrait top
  • Chip speed bump
  • USB-C charging

However, it also has some rather key downsides:

  • Quite a lot more expensive
  • Not compatible with the 2nd generation Apple Pencil with its magnetic pairing and charging, but rather support for 1st generation Apple Pencil with the use of a handy dongle

This seemingly strange choice around Apple Pencil support has broken the internet with people completely baffled as to why Apple wouldn’t go the whole hog and do the magnetic charging/pairing Apple Pencil 2 thing.

The reason for me is to do with education. Apple needs to have a cheap and affordable iPad in order to keep a toehold in schools. The 9th generation iPad is a complete steal, with a great feature set at a very sensible price. However, it’s still stuck in the old ‘home button + lightning port’ paradigm which Apple is moving away from everywhere.

But making that move to a home-buttonless iPad isn’t going to be immediately easy. I’m still impressed with how the 9th generation iPad has the same feature-set as the original iPad Pro (Apple pencil support + Smart Connector support). However, it took many iterations to add these features step-by-step in a way that kept the price low and still differentiated with the more expensive iPad models.

So the same is for the 10th generation iPad: they’ve added the new screen and shape and Touch ID location and USB-C connectivity as the more expensive iPads, but at a price that schools can afford. Or at least will be able to afford in a year or two once Apple have figured out how to make them more cheaply.

So what about the Apple Pencil fiasco? A dongle to charge us a hilariously inelegant solution in many ways. I believe that the answer lies in a little announcement from Logitech of a new USB-C Crayon. It’s the updated Apple Pencil that’s Apple can’t make themselves but is perfect for schools.

So where’s the new Apple Pencil for the new iPad? It’s been released by Logitech instead!

Digital lending libraries

When the iPad was launched in 2010, Apple also announced iBooks, an ebook reader with corresponding digital store. It made a lot of sense, especially as the iPad is about the size and weight of a large book.

Despite this great start, digital books in schools have never really taken off. I feel that part of this is the technical distribution challenge and the other is the cost. With 1:1 iPads and a decent MDM, we have sort of solved the first problem and have been able to give out digital texts at my school. However, book licenses are not re-assignable in Apple Books, which makes the whole thing only workable with free titles.

So I wondered: might a digital lending library be possible? And after a bit of searching, I discovered one…

Hello Sora!

Overdrive have created and app and digital service called Sora. Once it’s set up for your school, it offers an ebook reader that works on iPad and the web, including the facility to sync annotations and titles across devices and even play audiobooks.

The best thing though is a subscription they offer in the UK called Ebooks Now. Once paid up, you get access to large range of digital texts that can be ‘borrowed’ by students in school. They keep a close eye on which titles are being read or otherwise, swapping out unpopular titles and keeping the selection as fresh as possible.

Bubble Books

When we returned from the first COVID lockdown in September 2020, they there were all sorts of concerns about restricting the risk of viral transmission with shared resources or spaces. So things like a school lending library were out of the question!

Instead I proposed that we get Sora at school, making the most of our 1:1 iPad programme by offering a digital lending library to our students.

It was really easy to get set up, and Overdrive even allowed us to authenticate users with our on-premises Active Directory (and later swapping to Azure for cloudy credentials). Once logged in, children could browse our school’s digital collection, borrow or reserve books and then read to their hearts’ content!

Reading the results

There’s been lots of benefits. Here’s a few…

  1. Lockdown library. When we had to switch again to remote learning in January 2021, children were still able to log into Sora to borrow and read books at home. With no other way to provide books to our students, this was a fantastic way to keep our children reading.
  2. Lending leader. As an admin, I’m able to see the number of titles that have been loaned by kids in our school. And in the last year, that number was 47,111! Which I think is not too bad…
  3. Idle moments. Because we are 1:1 iPad, teachers are able to make use of the ‘down’ time in the classroom to do reading on Sora. Obviously reading an ‘analogue’ book is just as good, but it does mean children can listen to audiobooks easily too, as well as change or renew books without having to leave their seat.

So Sora definitely comes with a thumbs up from me!

Using Explain Everything as an Interactive Whiteboard

For my ‘One Best Thing’ project from the 2015 Apple Distinguished Educators Institute, I wrote a little book about using Explain Everything as an interactive whiteboard (imaginatively titled ‘Using Explain Everything as an Interactive Whiteboard’).

As the book is now six years old, I’ve done a bit of a refresh, updating screenshots and converting it from an iBooks Author ‘iBook’ to an ePub in Pages.

It’s now been published and can be downloaded here. Enjoy!

STEM Week ‘escape room’ Showbie Group challenge…

Back in November, we had a ‘STEM’ week at school, which was an opportunity to celebrate the subjects of Science, Technology (Computing), Engineering (Design Technology) and Maths and the interconnections between them all. As a 1:1 iPad school, what better way to do this than setting up a virtual ‘escape room’ challenge using Showbie Groups?

Showbie has had ‘groups’ for a while now, which are basically a bit like a mix between an assignment and a class discussion, and has its own little ‘groups’ section in the UI separate from classes. They are created by a teacher, are joinable by both parents and students, and can be set to ‘announcements only’, thus preventing everyone else from posting in them (should you so desire). To join them, all you need is a 5-character Showbie Group code.

From this came the germ of an idea: students would be given a URL within Showbie to join the starting Showbie Group, which would explain the rules of the game as well as the code for the first subject’s Showbie Group, e.g. Science. Each subject would have its own group and challenge, with the outcome of the challenge revealing a-5 character code that would take you to the next subject’s Showbie Group. Once all of the tasks and subjects had been completed, children would then have successfully won the ‘escape room’ challenge.

We decided to differentiate by year groups/phases, as a Year 1 child would need a different level of challenge to a Year 2 child, as would lower Key Stage 2 (Years 3-4) and upper Key Stage 2 (Years 5-6). This required the creation of quite a few different Showbie Groups – 21 to be precise (4 different levels of challenge, 4 subject each plus a ‘welcome’ landing group, with a shared ‘celebration’ victory group)!

With this all this set up, each subject then began devising their activity and challenges. My computing team and I took on the T in technology and we came up with iPad tasks as follows.

Task 1: Pages

In Pages, we created increasingly difficult puzzles that mostly involved changing the colour of the text within a coloured box to reveal one of the characters in the Showbie Group code. We tried to include some instructions on what to do, to make it not too hard and not too easy.

Year 2 computing puzzle – I do admit it’s a lot of selecting and changing the font colour…

Task 2: Keynote

In Keynote, we wanted to make use of children’s skills in selecting, moving and rotating objects to make a literal jigsaw puzzle. And rather than just show the required Showbie Group code character, why not include a homophone instead? The hardest part was subtracting and combining shapes to create suitable ‘jigsaw’ outlines, before using them to mask over part of an image. A little fiddly, but certainly good fun.

Upper Key Stage 2 puzzle – the wise amongst you will figure out it’s a ‘Bee’ (therefore the letter B) before needing to actually piece the puzzle together!

Task 3: GarageBand

For this task, we wanted to use audio in some way. In Years 1 and 2, we just recorded something as a Showbie voice note, but for Key Stage 2 we made it more tricky by including a GarageBand project file. Years 3 and 4 had to know how to turn up the volume on a specific track to hear back the Showbie Group code and Years 5 and 6 had to reverse and speed up my dulcet tones for their answer. Certainly more tricksy!

Upper Key Stage 2 puzzle – with a nice little clue in the name of the track that ‘sdrawkcab ma I’…I am backwards!

Task 4: iMovie

This was possibly the most difficult task for children, particularly the older ones. For Key Stage 1, we just had a first-person video of me wandering around the school until I zoomed into the next character of the Showbie Group code. Lower Key Stage 2 had an iMovie project with a the Showbie Group code character inserted as a cutaway halfway through, which wasn’t too difficult. Upper Key Stage 2 had the real challenge, which was an iMovie project of a first-person shot down a corridor with no Showbie Group code character to be seen. What children had to do was select the clip in the timeline and then extend it backwards to reveal the missing character: I gave no clues that this is what you needed to do, so most people didn’t get it!

Year 1 – a flavour of what the ‘Technology’ Showbie Group looked like…

Task 5: Numbers

The final task for each year group/phase was a little Numbers spreadsheet that, once the correct characters were entered, would reveal the final character for the Showbie Group code. This was a fun little document to make, and was a useful check that children had solved the previous puzzles before allowing them to move onto the next Showbie Group. We made it harder/easier by the number of possible characters that appeared in each dropdown box and whether it gave feedback by changing colour if you selected the correct character. It would have been quite easy to hack the spreadsheet to reveal the correct code, but I’m not sure our students knew enough Numbers formulas for that!

And that’s how you crack the code!

All in all, I think children had a lot of fun completing all the tasks, solving the puzzles and engineering their way out of the ‘escape room’. It was a rather time-consuming little project, but worthwhile I feel.

Jamf Connect

Since, like, forever, we have had our Macs at school bound to our Active Directory. Initially this was to try and match the experience people were used to with logging into PCs, with a shared drive and a network ‘home’. But as we started to migrate to the cloud, the jobs of the trusty (or not) Windows server were increasingly given away elsewhere, e.g. using Google Drive for our shared drives and so on. This left the Macs just using network accounts purely to authenticate users. Was there a way to log onto the Macs using cloud credentials?

Defining the benefits

‘Moving to the cloud’ is something that is spoken of as an untrammelled good, but it’s useful to articulate the advantages. What would be the benefit of moving away from logging in on-premises Active Directory?

  1. A service is the cloud is a service that is someone else’s problem if it breaks. Before we moved to Google Drive, all of the school’s really important documents just lived on a hard drive on a server in a cupboard. Whilst the data was backed up, it still was a rather fragile single point of failure. If the running of the server is handed over to people who actually know what they’re doing (e.g. Microsoft or Google), this is one less thing for a school to worry about.
  2. A job that’s handled by the cloud is one less job for an on-premises server. Hopefully, if enough jobs can be given away, we can get rid of the server altogether!
  3. Unifying the sign-in experience. We use Microsoft accounts in an ever-increasing variety of places, such as with federated Managed Apple IDs and as part of the initial setup process on an iPad, so if teachers are used to using the Microsoft account every day on the Macs, this will help them become more familiar with it.
  4. Giving a more reliable experience. Whilst binding to AD has been part of the Mac since OS X and before, it feels like directory access is something that randomly breaks as the OS updates or upgrades. So if we just move beyond it, this removes one more point of failure.
  5. Allowing remote users to log into their Macs. Since the COVID pandemic, there’s been an increasing number of users in school who need to be able to log into their Macs when not on the school network. If the Mac is still bound to the AD, this isn’t necessarily possible.
  6. Moving with where things are going. Back in 2015, we moved from managing our Macs with a Mac Server running Workgroup Manager (those were the days) to an MDM approach with Jamf Pro. Workgroup Manager continued ‘working’ for several more years of macOS updates after that before being discontinued with Yosemite, but it was good to be ahead of the curve and avoid running in a brick wall. Moving away from binding to AD feels like the same sort of thing.

Enter Jamf Connect

So, what to replace network accounts with? In 2018, Jamf acquired NoMAD, which was an open-source alternative to using Apple’s directory tools for authenticating users. It then turned into Jamf Connect, a paid solution that offers it’s own login screen and a menu bar tool. How does it work?

  • Installation of Jamf Connect requires a ‘jump start’, a remote support session from a Jamf technician to set it all up in your environment. A great way to get it all working!
  • There is a Jamf Connect Configuration Tool that is required to set up the different settings, such as which identity provider you’re going to use as well as a plethora of different options.
  • We then set up the login screen (complete with custom wallpaper) so that users were required to sign into the Mac using their Microsoft account. If an existing AD account was already there, this was converted from a ‘mobile‘ account to a standard Mac user account. The login process then asks for the user to enter their password for a second time, which then unlocks the account on the Mac itself.
  • Once logged in, we configured it so that the Jamf Connect menu bar item was automatically logged in with the Microsoft account, which then kept the local Mac password in sync with the cloud password.

Once we had installed the Jamf Connect software and configuration options, and told staff what to expect on their new login screen, it seemed to work just fine!

Things to watch out for

It wasn’t entirely a plain sailing from this point however. The way Macs are set up at school is that, whilst a particular Mac may only be used by a subset of users, it could potentially be logged into by any member of the staff team. If a user had changed their password since logging into a Mac and then returned to that Mac, the local password would be the old one. When using network accounts, the Mac would happily log in using the new password and then would prompt the user for the old password to update the keychain password. If the user didn’t know their old password, the old keychain would be replaced with a new password.

With Jamf Connect, this scenario gets more complicated. If the user’s account is still a ‘mobile’ account and has not been converted to a ‘standard’ account as part of the initial login with Jamf Connect, the Mac can still talk to Active Directory to at least still let the user into the local account before it is then ‘demobilised’. (Please see Jamf’s documentation for more information about this.) For this reason, it’s important to not unbind the Macs from the Active Directory until you’re sure there are no remaining ‘mobile’ accounts on it. I found some handy ‘extension attribute’ scripts that will tell you which Macs on Jamf Pro still have network accounts on them.

If a user’s account is a normal ‘standard’ account, either because they’ve demobilised an existing network account or have just signed in fresh with Jamf Connect, and they then change their password outside of using the Mac and return to the Mac, there thankfully is a solution to getting back into this account. I found a handy blog post that explains the commands you can use to change the password on a given user account. I turned this into a script that can be run from Self Service, which prompts the user for the username of the account you’re trying to change the password of. You need to actually be logged into a machine to do this, which can be done with a local admin account or something like that. In the script I made it change the password to something that only your tech team can know, preventing any unscrupulous users changing the password of another account and then trying to log in! The next time the user logs in via Jamf Connect, they can then enter the temporary password as the known local account password, which Jamf Connect will then change to the user’s cloud password once they’re logged in.

Below is the script in question:

#!/bin/bash
#Freddie Cox for Knox County Schools
#Edited by Tim Lings
#2021
set -x

sleep 1

userName=`/usr/bin/osascript <<'EOT'
 tell application "System Events"
    activate
    set userName to text returned of (display dialog "Please enter affected username:" default answer "" with icon 2)
end tell
EOT`

#Reset local password
/usr/bin/dscl . -passwd /Users/"$userName" temporarypassword

One last thing we discovered is that some users had figured out that they could click ‘local account’ the login screen and then login with their normal AD credentials, rather than having to put in their cloud Microsoft account. It is possible to set the configuration for the Jamf Connect login window using ‘DenyLocal’ to prevent this happening (with the option to also specify local admin logins that you still want to allow).

Back to School

Ah, September. The time of year when the school that everyone has so diligently and careful taken apart, sorted out and tidied away in July has to be put back together again in a matter of days because all of the children are starting school again.

The same applies with technology in schools. With our 1:1 iPad programme, September is when we have to setup new iPads for our students. Depending on the refresh cycle, this can be anything from three to six year groups that need doing. Thankfully, this year it was only Years 1-3, as we had just started a new lease with Key Stage 1 iPads and the Year 3s needed the iPads that Year 6 had finished with at the end of term.

This year, we (my technician and I) successful got all the iPads up and running by the end of day two of term…which I think was pretty good going! We managed the four classes in Year Three in one day, involving students setting up the iPads themselves, and got all eight Key Stage 1 classes ready, which we set up for the students in our bespoke Using Shared iPad Mode In The Wrong Way approach, in a day and a half.

Which I think is pretty good going! And much better than last year, which took three or four times as long.

So, what was different this year?

  • Having a technician again. For various reasons, the previous year I was left bereft of an IT technician, which makes a huge difference when it comes to deployment. Another pair of capable hands saves so much time.
  • Network upgrades. Our network has 802.11ac wireless access points and a 10gig fibre backbone but the actual cabling into some classrooms was shockingly old. In the last year we’ve rectified this with CAT 6a cabling upgrades. Which makes things much faster, or at least not noticeably slow!
  • Federated Managed Apple IDs. We’ve linked up our Microsoft accounts with the school Apple IDs, which means users have the same password that is used in other systems. Reducing complexity is always worth it.
  • Single sign on with Jamf Pro. We’ve turned on single sign on using Microsoft accounts with our MDM (Jamf Pro), which means that users are using the same account to authenticate with the MDM as they are with their Apple ID. One less thing to remember — “just type it all in again!”
  • Single sign on in other places too. We’ve also made use of student Microsoft accounts with logins for Showbie (our learning platform), Mathletics (for practising maths skills) and Sora (our digital lending library). It helps students become more familiar with their Microsoft account credentials and, I think, reduces complexity again.

When dealing with a school of iPads, making the effort to smooth out the speed bumps is always worth it in the long term. For technology to be an effective tool in the classroom, it’s got to ‘just work’ as much as possible, so it fades into the background and instead supports learning.