MDM: Behind the scenes 02

Basically, MDMs are management tools to provide IT staff and teachers the ability to ensure students are making the most out of their iPad and Mac devices, in a secure and effective way. This can also minimize distractions during the use of the Apple technology, so students and teachers can focus on what’s most important: improving learning. In addition, IT staff gain unique tools to protect and manage device inventory, and remotely set up them. An MDM can be a powerful and beneficial tool to both IT staff and teachers. With its power come many contributing variables, and it’s important to know what goes on behind the scenes when using an MDM solution.

To explain… it all begins with the Apple Push Notification service (APNs) Certificate, which is exactly why this is the first step when setting up your Mosyle Manager account. This certificate establishes a trusted connection between your devices and Mosyle’s domain. Only through the push certificate will iPads and Macs receive commands created in the Mosyle Manager platform.

After you create your APNs Certificate, you can begin enrolling and managing your devices! First, enroll your devices with Mosyle’s MDM server using one of the several enrollment options: DEP, Apple Configurator 2, manual enrollment, automated enrollment, and more. When you enroll into the MDM server, a configuration profile is installed on each device which links it to the Mosyle server. With the combination of the APNs Certificate + enrollment, you’re ready to start managing - push apps, install restrictions, define Home Layouts, change wallpapers, and several other functionalities useful when configuring your iPads, for example.

You can now begin creating management profiles and selecting the devices or users you want them to be applied.

When you save the profile, Mosyle’s server queues up the commands for each of your devices, and sends a notification to each Apple device via the Apple Push Notification service (APNs). Once the device receives the notification, it checks in and connects with the Mosyle server to download (and act upon) the command. Take a look at the image below and the following explanation:

However, sometimes the MDM server can’t reach the devices, and in a majority of these cases there’s a common issue: your network. When talking about setting up and configuring iOS and macOS devices, consistent and dependable access to a wireless network is extremely critical. Proxys, firewall ports, DHCP leasing time, and simultaneous connections, can be just a few reasons why your devices are unable to reach the Mosyle or Apple servers.

So, we asked our developers to join former Apple System Engineers to help us provide you with some best practices and some tips that are critical to your institution’s network.

After this guide, you’ll see some huge improvements in your network and the communication between Mosyle and your Apple devices!

Tip #1 / Create smaller Install App profiles

When configuring Install App profiles, we recommend to set up smaller profiles. If you need to install 20 applications on students iPads, create 4 profiles with 5 apps. One install app profile with 20 apps each with 50Mb, to be installed on 30 student iPads creates 30GB of data to download at the same time.



Sending the command to install apps in chunks can greatly reduce the amount of data to be downloaded at the same time. Smaller Install App profiles will not only optimize your Network, but also reduces the volume of data being processed by the iPads - minimizing chances of failure.