WWDC 2017 – What’s new in Apple MDM

Last week, Apple once again hosted WWDC in San Jose and made numerous exciting announcements for their products. Of course, my main interest lied in new MDM capabilities and improvements with Apple device management, specifically around Apple School Manager.

Thursday, June 8th, Apple unveiled those new capabilities. Some of the highlights are outlined below.


  •  Apple TV is now supported with Apple’s Device Enrollment Program (DEP). If you use Apple TV’s in your district or university, management of these devices just got a lot easier. Supervision is no longer default, but still available.
  • All devices can now be added to DEP, even those purchased outside of supported channels (ie directly from Apple). Requires iOS 11. (FINALLY!!)
  • New panes will be able to be skipped which includes the keyboard chooser and Apple Watch migration screens on iOS devices
  • Lots of new security enhancements for MDM

Apple School Manager


  • No longer in preview since last month
  • New streamlined interface
  • Improved search, filtering and navigation
  • Activity view to track background actions
  • Create up to five Administrator accounts
  • Support for PowerSchool SIS



  • Integrated, updated UI
  • Easier management of purchases
  • License transfer between locations
    • ASM shows number of available licenses
    • Available licenses can be transferred
    • Assigned licences cannot be transferred


  • iOS
    • Require tether for MDM commands
      • This combined with caching server will help make iPad deployments in schools go faster.
    • Software updates on
      • Passcode locked devices (supervised)
      • Non-DEP devices (supervised)
    • Preserved data plan when erasing device – new
    • Lost and Found (supervised)
      • Lost mode sound
      • Location accuracy
      • System app removal – new
    • Data Protection
      • Restrict Wi-Fi networks configured by profiles (iOS 10.3)
        • Exempts carrier profiles – new (iOS 11)
      • Allow VPN creation – new
    • Classroom
      • Unprompted app and device lock – new
      • Automatic joining of classes – new
    • AirPrint
      • Custom port
      • iBeacon discovery (supervised)
      • Credential storage in KeyChain (supervised)
      • Allow AirPrint (supervised)
    • Assessments
      • Activity continuation
      • Universal clipboard
      • Dictation
      • Smart punctuation
      • Classroom screen observation
    • Restrictions are going to require supervision coming in 2018. This means that only supervised devices will get restrictions! Be sure to take advantage of new DEP settings to ensure all your devices are supervised!
  • Classroom
    • Classroom 2 (shipped this past Spring)
      • Teacher created classes
      • Document transfer between teacher and students
      • Mute devices
    • Classroom 2.1 (new this week)
      • Managed class behavior for teacher-created classes on supervised devices
      • Student activity view
  • Content Caching
    • Built into macOS High Sierra
    • Tethered caching UI

You can watch the whole session only here: https://developer.apple.com/videos/play/wwdc2017/304/

I was a little disappointed overall from the announcements, but there are some good things in there to help the life of school administrators of macOS, iOS, and tvOS devices. There was a lot of “coming soon”, “later this year”, “next year” talk, so hopefully we will see how much Apple and third-party MDM vendors can get accomplished. Look here for more details and guides as the new features are released to general public.


MMS 2017 Review

MMS 2017 is over, and as always, it lived up to the hype. I promised a review of the conference the month before last, so here it is.

This year marked my fourth MMS to attend. I swear each year gets better as the sessions consistently get better, the schedule becomes more streamlined, I know where all the good places to eat are, inside jokes increase, and most importantly, I have more friends to catch up with and meet.

During the conference, a fellow attendee tweeted the following:

Spot on, Julia! MMS is a chance to catch up with the people who help you solve daily problems in your work environment. It’s a chance to meet them, learn from them, pick their brain, thank them, and simply enjoy their company – they’ll enjoy yours as well!

This particular year I made a stronger effort to network and in the process made a lot of new friends. MMS is made for the community, by the community, and I tried to embrace that as fully as I could. The conversations were great and I learned more during those conversations than a lot of the sessions. Not because the sessions weren’t incredible, but because the conversations were meaningful and validating. There are more people in the same boat than you realize, and it shines when we are all thrown in the same conference center at once!

Some important takeaways:

  • After a great session on how to begin and improve user groups, many folks were inspired, myself included! I’m on the board for the DFWSMUG and hopefully we can get some more consistent meetings scheduled soon. Stay tuned.
  • Women in System Center – this is cool! When this gets going, let me know how I can spread the word more, and I will!
  • Peer-to-peer technologies are important to the future of Microsoft, Windows, and your enterprise/school district. Embrace them! I had the great pleasure attending “2Pint Friday at MMS” sponsored by 2Pint Software. Fantastic session with some really cool tech. Again, their product is free for education (except required support), so be sure to put it into your budget! I will be implementing over the next couple of weeks at my district. I’ll be sure to write up something on my experience implementing on this blog.
  • In the Focus Group: Education and IT session there was a lot of discussion over Office 365 Device-based Activation. See my previous blog on how to deploy Office 365 Device-based Activation with SCCM if you’re interested. Don’t forget to mention to your TAM you want an easier process. 🙂 We also discussed other Office 365 issues, Office 365 vs G Suite, compliance, old hardware/software, and more.
  • The Hackathon was a major highlight again this year with the ConfigMgr product team demoing some amazing *possible* features they have been working on. CTGlobal and Cireson also demo’d code that could make lots of sysadmin’s lives easier. Thanks for sharing your skills and passion with us, guys!

A big thank you to all the speakers and sponsors who make this conference possible, especially Brian Mason and Greg Ramsey. I would say your hard work doesn’t go unnoticed, but it kind of does because of how effortless you make putting a conference of this size look and feel together. Thanks for everything you guys do.

Mark your calendar down for MMS 2018! The price of admission is nothing compared the knowledge, experience, and friends you leave with.

Until next year, MMS-er’s.

Microsoft EDU Event – Learn what’s next.

As many of you are aware today Microsoft hosted it’s “Learn what’s next.” education-focused event in New York City. Microsoft is putting a strong focus on education, mostly to compete with Google and Chromebooks in the classroom.

Microsoft announced the following during the event:

  • Office as modern universal Windows Apps (coming soon)
  • Windows 10 S
    • Streamlined for simplicity
    • Secure
    • Superior Performance
    • Runs only Store apps
    • Allows USB Provisioning for shared cart scenarios
    • Must be managed by Intune for Education
    • Runs on cheaper hardware options – all major OEM’s have jumped on board
  • Microsoft Intune for Education – broadly available today
    • Not a full-fledged replacement for Intune
    • Doesn’t manage iOS or Android devices/apps.
    • No integration with ConfigMgr yet
  • Code Builder for Minecraft EDU
  • View Mixed Reality
  • Microsoft Teams is getting new classroom collaboration tools
  • Surface Laptop
    • Beautiful device
    • High price-tag (starts at $999)

All in all the event was good, and it’s great to see Microsoft pushing forward in the education market. I continue to have hope for the future of their products in every classroom. After the event ended I still found myself wanting a little bit more from them. My main concern is the lack of apps in the Store and sub-par management for larger school districts and universities that consider Window 10 S. Hopefully with Joe Bellfiore’s return, they will continue to invest in education and stay true to their words “Technology should help, not hinder, teachers in the classroom” and “When technology and education come together, possibility becomes reality.” Regardless, I’m excited for the energy and momentum Microsoft provided today. I look forward to what’s next.

MMS 2017 – See you there!

If there is one conference I try to make every year, it’s the Midwest Management Summit aka MMS. For those who aren’t familiar with the conference, it’s hosted by the Minnesota System Center User Group at the Mall of America. The conference is 4 days of exceptional content focusing on systems management presented by Microsoft MVP’s, real-world professionals, and even some folks from Microsoft’s own product groups. Recently this year’s conference sold out (again). Awesome!

Here is my current schedule, tentative to change at any moment:


One session I am particularly excited for is the Focus Group: Education and IT which allows attendees who are employed in K-12 or Higher-Ed to collaborate and share their experiences and knowledge. Nash Pherson (@kidmystic) will be leading this discussion (trust me, he’s good). If you’re in K-12/Higher-Ed and will be at MMS 2017, I would encourage you to register for this focus group. Always great discussion.

I will also be attending 2Pint Friday that sponsor 2Pint Software is hosting. Check out the details here: https://2pintsoftware.com/event/2pint-friday-mmsmoa/ There are a few tickets left! Attendance of the special session is free, so if you have the time, join! If you haven’t had the opportunity to check out their technology, spend some time and do so. They are very kind and make their products free for education customers (minus support) that could alleviate some shared headaches. Shout-out to those guys! We are looking to implement their solutions over the summer.

I’m hoping to interact with and meet a lot of new people this year, and of course walk away with a heap of new knowledge and tips and tricks to implement in my own environment. I always welcome discussions about K-12 technology and struggles therein. My plan is to post a full review of the conference when I return. See you soon, MMS-ers!

Managing GAFE with PowerShell

Real talk. Google is taking over the education market. Sorry Apple and Microsoft, it’s the truth. Don’t stop trying though…us education customers need all the help we can get! We like free and simple, btw (that’s why Google is wining in this space).

However, with simplicity comes a lack of sophistication. As a technology professional, part of my job is automating the mundane tasks so that I can focus on the large and fun projects. You know what isn’t easy to do in GAFE? Bulk operations. This is where there is severe lack of sophistication on the management side. Keep working, Google.

A few years ago,  I began learning PowerShell and it has since become my command-line of choice. Tasked with needing to perform some bulk operations in our Google environment, I was exploring how to perform certain functions via command-line, if something like that existed. Fortunately, Google has an API, but unfortunately they do not have a propriety command-line tool, nor does their Admin Console allow for bulk operations.

Luckily, a gentleman by the name of Jay Lee, created a tool called GAM. GAM is a command line tool for Google G Suite Administrators to manage domain and user settings quickly and easily. Perfect! Continue reading

Step by Step Guide to Deploying Office 365 Pro Plus with Device Based Activation with SCCM


Office 365 Pro Plus has been around a few years, and is commonly referred to as the Click-to-Run version. I’m not going to go into too much depth about how Office 365 Pro Plus differs from the standard (old) MSI based install as you can read that on the very detailed Technet document located here: Overview of Office 365 ProPlus. Definitely worth a read to see if this is a good fit for your environment. TL/DR: An Office 365 subscription is required (free for education customers) and the end user experience is the same as MSI based install, but adds the same incredible features as C2R, including update strategy!

Due to Office 365 Pro Plus being a subscription product, it requires an Office 365 account to activate and use the product after install. Most school districts do not have a one-to-one deployment of PC’s, but adopt a shared model, meaning multiple students use the same PC throughout the day. Before device-based activation came along, if the IT dept deployed Office 365 Pro Plus in a shared environment, every time a student logs in to a computer, they would have to activate Office 365 Pro Plus with their Office 365 account, taking away one of the students’ installs on five devices. After the fifth PC they log in to, Office would be unable to activate, and therefore useless for the students.

Thankfully, Microsoft understood this concern and finally brought education customers a specially designed method of activating Office 365 Pro Plus in a shared environment! In fact, they understood signing in to Office at all was disruptive of instructional time, so they designed this method to prevent the students from having to put in any credentials at all! It’s a win-win for education customers, but does take some time to plan and configure. Lets dig in. Continue reading

Microsoft End of Summer New Releases

Wow! What an incredible two weeks it has been for system admins all around the world! Microsoft has dropped numerous updated products at the end of the summer for 2016! Let’s take a look!

Windows 10 Anniversary Update (1607)

Microsoft released it’s second major update to Windows 10, right outside a year after the initial launch of Windows 10 (hence the ‘Anniversary Update’ title). Some highlights include:

  • Windows Ink
  • Microsoft Edge Extensions
  • Dark Theme UI
  • Bash in Windows (!!)

Some important unique features to education include:

You can now get the ISO download on VLSC and MSDN for deployment. From my understanding no need for an update to MDT is needed, so MDT 2013 Update 2, should suffice for deployment, however a new Windows ADK is needed. Look for a blog post on that coming soon!

For more information on what’s new for IT Pros in the anniversary update, check out this TechNet Blog. Continue reading