Home
Insight10.08.2021

Apple Shared ipad - privacy-compliant use in anonymous guest mode

Can Apple Shared iPad be used with Managed Apple IDs and Relution?

In addition to Relution's own shared device mode with user-specific apps, integrated file shares and the Relution camera function for secure file storage, Relution also supports Apple's own Shared iPad mode, which can be used with a user login using Managed Apple IDs and thus offers an ideal supplement for the use of iPads as class sets.

Shared iPad mode is activated during automatic enrollment via the Device Enrollment Program (DEP) profile:

Relution interface with settings to enable the Apple Shared iPad mode via a DEP profile, including support for Managed Apple IDs

After enrollment, the user login is done using the Managed Apple ID and the corresponding password. The user administration of Managed Apple IDs is done in Apple School Manager. When setting up personal data, it is best to consult a data protection officer.

iPad screen with the login mask for entering the Managed Apple ID and the corresponding password used for user login after enrollment in Apple School Manager
iPad screen with an input mask for entering a code to log in with a Managed Apple ID

Can user-specific apps be distributed via Relution when users log in with Managed Apple IDs?

In Relution, specific apps can be assigned to the user via auto-deployments, which are automatically installed on the device after the user logs on via the assigned Managed Apple ID:

Relution interface with the ability to assign user-specific apps via auto-deployments, which are automatically installed on Apple devices upon login with a Managed Apple ID

To make this possible a user must be created in Apple School Manager. The corresponding Managed Apple ID is then linked to the Relution user via the e-mail address. The corresponding Managed Apple ID is stored in the respective user’s profile:

Relution user profile with the ability to link and store a Managed Apple ID created in Apple School Manager via the email address

After logging on to the Shared iPad with the corresponding Managed Apple ID, the apps are installed for the user via auto deployment:

Start screen of an iPad with installed app icons provided via auto-deployment after login with the respective Managed Apple ID.

Can apps also be made available on the device for all user logins with Managed Apple ID?

In addition to the user-related auto-deployment of apps, app compliance in a policy allows apps to be distributed user-independently on shared iPads and thus be available to all users.

Can system apps also be installed on the device?

When installing system apps on an Apple Shared iPad, please make sure that the checkbox "Allow uninstall of apps" under Apps "General" in the applied policy about configuration restrictions is checked. Otherwise some system applications cannot be installed.

Relution policy configuration with the option "Allow App Uninstallation" under "Restrictions," which must be enabled for the installation of system apps on an Apple Shared iPad

Can apps be uninstalled on the device?

Uninstalling apps is generally prohibited in Shared iPad mode.

How do I log off the device?

To log out of the Shared iPad mode you have to press the Lock Button (usually on the top right of the body). Afterwards the "Logout" button appears in the lower right corner:

iPad screen with the "Sign Out" option in the bottom right, displayed after pressing the Lock Button in Shared iPad mode
iPad screen with the login mask and the option to select guest access via the "Guest" button at the bottom right of the start screen and enter using the Home button

When using the Shared iPad mode, personal data is generated during the user session. This data is stored in the iCloud together with generated content, such as documents or images. Especially in connection with schools and sensitive student data, this is a grey area according to the current state of data protection regulations. If necessary, it is advisable to consult the responsible data protection officer.

Can student devices be controlled with a teacher's shared iPad?

Currently, you cannot use the Classroom app in Shared iPad mode because of Apple restrictions. Teachers can only use iPads with the Classroom app without the Shared iPad mode. Student tablets in Shared iPad mode, on the other hand, can be controlled via the Classroom app, provided the students log on with a Managed Apple ID. The Managed Apple ID must be stored in the Apple School Manager and assigned to the corresponding user in Relution.

Can an Apple Shared iPad also be used as a guest?

With the guest access, Apple offers a way to use iPads without personalized user profiles and storage of data in the iCloud. Logging on to the device is "anonymous", i.e. without entering user data. Guest mode can be accessed via the "Guest" button at the bottom right of the start screen and is entered by pressing the Home button:

iPad screen with the login mask for entering the Managed Apple ID and the corresponding password used for user login after enrollment in Apple School Manager
Welcome screen on an iPad in guest mode with a message stating that data will not be saved after logout

How can apps be made available to guest users on the tablet?

No user-specific apps or content can be provided on the devices, as there is no user login in anonymous guest mode. However, in Relution, apps can be installed on the tablets via an applied policy and are generally available to all users. The desired apps must be added in the configuration "App Conformance" under "Required Apps":

Relution interface with the "App Compliance" configuration and the option to add apps as "Required Apps" to make them available to all users in anonymous guest mode on tablets

The apps are available to every user, whether known or anonymous, by default on the device:

iPad screen with app icons made available by the "App Compliance" configuration under "Required Apps" for all users, whether known or anonymous, by default

Can an Apple Shared iPad be used without local data storage on the device?

Data generated in guest mode is only stored for the duration of the session. If data needs to be saved, it must be stored outside the device. The Relution app offers the possibility to use integrated file shares, for example on the school server for secure data storage. These must be configured in Relution, see Relution Files.

To log out of the guest mode you have to press the lock button on the top right of the housing. Afterwards the "Logout" button appears at the bottom right:

Notification on an iPad in guest mode asking whether the session should really be ended, along with a message stating that all data will be deleted upon logout
iPad screen with the login mask and the option to select guest access via the "Guest" button in the bottom right of the start screen and enter using the Home button

Can student devices in guest mode be controlled via the Classroom App?

If a Shared iPad is used anonymously by students via guest access, it cannot be controlled by the teacher via the Classroom App. This requires login with a Managed Apple ID so that Relution can identify the user and establish a class context (see Managed Apple IDs above).

Which configurations are possible for the Shared iPad mode via Relution?

iPads with OS version 13.4+ that are operated in Relution as DEP devices in Apple Shared iPad mode can be preconfigured via a policy. The configuration "Settings shared iPad" offers the following setting options:

  • Define storage quota per user
  • Define number of users
  • Allow guest session only (no login via managed Apple ID possible)
  • Define timeout for guest session (login without managed Apple ID)
  • Timeout for user session (login with managed Apple ID).
Start screen of an iPad with a login mask and the option to select guest access via the "Guest" button in the bottom right and start using the Home button.