Sorry for a long email to the list but I wanted to share some thoughts about 1) AppleTVs in our environment; and 2) Profile Manager (PM) enhancements. Please disregard if not applicable to you.
1) Corey, I submitted Apple Support Case 383488445 for an AppleTV losing the ability to connect to our district 802.1x wireless after disconnecting power, even though it worked great once a profile was pushed through Configurator.
Our network is using hardware MAC filtering, Active Directory (AD) credentials to associate with wireless and AD credentials to authenticate with our current web filter (iPrism). Because the AppleTV needed the latest software update to work with Configurator it had to connect to the Internet. The easiest solution might have been to take it home and do it there because our district web filter requires either AD credentials from login on PC computers or web page authentication and the AppleTVs don't have a browser. They are being used in classrooms to project iPads but they have no Internet. Fortunately we set up a hidden wireless SSID district-wide with limited Internet for the purpose of enrolling iPads to PM before their MAC addresses are registered. I use a Keyboard Maestro script to copy the MAC address to register it in the other system. Using the hidden network got the AppleTV updated (with required time sync) and then Configurator pushed the profile to associate to the same wireless SSID used by the iPads. It is still working fine at one school and I warned them to never unplug power!
2) I tell our district technicians we went the cheap way after doing a full evaluation of Casper Suites. Casper was working great on a virtual Linux server with Apple Push Notifications but would add about $10 per device per year to maintain so we balked. Many nice features are missing like reporting, smart groups, self service portal and more. We are using Apple's Mobile Device Management (MDM) called "Profile Manager" (PM) running on a Mac mini Server and so far it is serving our growing needs (almost 1000 iPads, many iPhones and the Configurator Macs) without huge annual maintenance costs. Since it primarily supports iPads (iOS) and no Androids it is named iMDM. In our "all PC" district, sites are allowed to buy MacBooks to enable the Supervised layered model using Configurator. We're still waiting to see if our new web filter (iBoss) will smoothly support Global Proxies...
To provide multiple optional user downloadable profiles (Exchange setup, Web Filter Logout Web Clip, MyDevices Web Clip, and PM Web clip) from PM's "MyDevices" portal it seemed like a clumsy process but is working. Unlike Configurator where you can apply multiple profiles at once I had to create separate User Groups in Server for each profile, then added our AD "Domain Users" group as a member. That allowed me to configure one unique profile per User Group for optional downloading by users.
Profile Manager feature enhancements desired:
- Heirarchical Device Group listings (like Active Directory) instead of all sub groups included in one big list
- Alphabetized Device Group Members content with more info listed
- Column headers to allow me to pick which direction the data is sorted by and if there were more columns to be able to pick which one to sort
- Data export for simple reports
- Instructions to access the PostgresSQL data being collected
- The default profile set in Server is not used so make it hide-able. I changed the name to all dashes but still looks unprofessional when users see it at the top of the list in MyDevices.
- Users are told to install "Trust Profile for " and they ask "should I trust that with a blank at the end?"
- Consolidate redundant tasks like "Update Info" in the growing "Active Tasks" list
- Setting a profile to not allow apps to be installed doesn't remove if a profile passcode is required (may be only with Configurator and may be with all passcoded profiles)
- Removing a profile from PM doesn't remove it from the device
- Allow multiple different profiles to be applied to a device or group, like in Configurator, instead of one big one
- Allow (or explain how) to set multiple Wi-Fi SSIDs in one profile with an order of precedence, like dragging in Network System Preference on a Mac, but for iOS
- Set a temporary profile, e.g., Wi-Fi that expires
- Neither PM or Configurator allow us to set an iOS Restriction like can be set locally on the device for "Don't Allow Changes to Accounts"
- The "Add Devices" window is tiny so only 5 devices can be seen. Searching for the devices enrolled that were improperly named just "iPad" is painfully slow when 400 devices have "iPad" as part of their names!
- I would like to limit admin users access to their Device Groups only instead of everything in PM and the whole server! To allow admin access to PM requires the users be added to the Server's admin group. Making custom server groups in Workgroup Manager doesn't work according to Enterprise Support.