We are ramping up our MDM solution and we have run into a snag… We primarily use IOS devices. Our preliminary thought is to provide the end user with their device, have them walk through the initial welcome screens of the device, and download the IBM Tivoli app and configure them. Before they do this, the device does not exist in the MDM management console. Is there a way to create an automatic group that will auto add them to a computer group? Are there any best practices documents for MDM? How are you folks handling devices?
If you use authenticated enrollment, devices will report the Active Directory path of the credentials that were used to enroll the device. You can also configure MDM to ask your users fully customizable questions during device enrollment.
For our deployment, I set the automatic groups’ relevance to check the AD path of the enrolled user as well as some other properties/values retrieved from the enrollment questions. Once I’m able to categorize all the devices into automatic groups, then it makes profile deployment that much easier by targeting by automatic groups instead of individual devices or “computers by property”. This has helped make device management much more efficient and automatic.
The second paragraph, we are still looking into. We have default automatic groups for all iOS devices that will get a standard policy of security settings, Like encryption, WiFi and ActivSynch settings… I will have to research more on the relevance for the Active Directory path…
If you are just looking at automatic groups, then this would be set up like other TEM automatic groups and you could set it up with the properties “Device Type” contains “mobile” and “OS” contains “ios”
Thank you, everyone… Here is an example of the Relevance:
( version of client >= “6.0.0.0” ) AND ( exists true whose ( if true then ( exists ( operating system ) whose ( it as string as lowercase contains “iOS” as lowercase ) ) else false ) )