Apple Shared ipad - privacy-compliant use in anonymous guest mode

Can Apple Shared iPad be used with Managed Apple IDs and Relution?

In addition to Relution's own shared device mode with user-specific apps, integrated file shares and the Relution camera function for secure file storage, Relution also supports Apple's own Shared iPad mode, which can be used with a user login using Managed Apple IDs and thus offers an ideal supplement for the use of iPads as class sets.

Shared iPad mode is activated during automatic enrollment via the Device Enrollment Program (DEP) profile:

After enrollment, the user login is done using the Managed Apple ID and the corresponding password. The user administration of Managed Apple IDs is done in Apple School Manager. When setting up personal data, it is best to consult a data protection officer.

Can user-specific apps be distributed via Relution when users log in with Managed Apple IDs?

In Relution, specific apps can be assigned to the user via auto-deployments, which are automatically installed on the device after the user logs on via the assigned Managed Apple ID:

To make this possible a user must be created in Apple School Manager. The corresponding Managed Apple ID is then linked to the Relution user via the e-mail address. The corresponding Managed Apple ID is stored in the respective user’s profile:

After logging on to the Shared iPad with the corresponding Managed Apple ID, the apps are installed for the user via auto deployment:

Can apps also be made available on the device for all user logins with Managed Apple ID?

In addition to the user-related auto-deployment of apps, app compliance in a policy allows apps to be distributed user-independently on shared iPads and thus be available to all users.

Can system apps also be installed on the device?

When installing system apps on an Apple Shared iPad, please make sure that the checkbox "Allow uninstall of apps" under Apps "General" in the applied policy about configuration restrictions is checked. Otherwise some system applications cannot be installed.

Can apps be uninstalled on the device?

Uninstalling apps is generally prohibited in Shared iPad mode.

How do I log off the device?

To log out of the Shared iPad mode you have to press the Lock Button (usually on the top right of the body). Afterwards the "Logout" button appears in the lower right corner:

When using the Shared iPad mode, personal data is generated during the user session. This data is stored in the iCloud together with generated content, such as documents or images. Especially in connection with schools and sensitive student data, this is a grey area according to the current state of data protection regulations. If necessary, it is advisable to consult the responsible data protection officer.

Can student devices be controlled with a teacher's shared iPad?

Currently, you cannot use the Classroom app in Shared iPad mode because of Apple restrictions. Teachers can only use iPads with the Classroom app without the Shared iPad mode. Student tablets in Shared iPad mode, on the other hand, can be controlled via the Classroom app, provided the students log on with a Managed Apple ID. The Managed Apple ID must be stored in the Apple School Manager and assigned to the corresponding user in Relution.

Can an Apple Shared iPad also be used as a guest?

With the guest access, Apple offers a way to use iPads without personalized user profiles and storage of data in the iCloud. Logging on to the device is "anonymous", i.e. without entering user data. Guest mode can be accessed via the "Guest" button at the bottom right of the start screen and is entered by pressing the Home button:

How can apps be made available to guest users on the tablet?

No user-specific apps or content can be provided on the devices, as there is no user login in anonymous guest mode. However, in Relution, apps can be installed on the tablets via an applied policy and are generally available to all users. The desired apps must be added in the configuration "App Conformance" under "Required Apps":

The apps are available to every user, whether known or anonymous, by default on the device:

Can an Apple Shared iPad be used without local data storage on the device?

Data generated in guest mode is only stored for the duration of the session. If data needs to be saved, it must be stored outside the device. The Relution app offers the possibility to use integrated file shares, for example on the school server for secure data storage. These must be configured in Relution, see Relution Files.

To log out of the guest mode you have to press the lock button on the top right of the housing. Afterwards the "Logout" button appears at the bottom right:

Can student devices in guest mode be controlled via the Classroom App?

If a Shared iPad is used anonymously by students via guest access, it cannot be controlled by the teacher via the Classroom App. This requires login with a Managed Apple ID so that Relution can identify the user and establish a class context (see Managed Apple IDs above).

Which configurations are possible for the Shared iPad mode via Relution?

iPads with OS version 13.4+ that are operated in Relution as DEP devices in Apple Shared iPad mode can be preconfigured via a policy. The configuration "Settings shared iPad" offers the following setting options:

• Define storage quota per user
• Define number of users
• Allow guest session only (no login via managed Apple ID possible)
• Define timeout for guest session (login without managed Apple ID)
• Timeout for user session (login with managed Apple ID).