This article explores various FAQs for iOS device management.
In this article:
- General
- Provisioning
- Android and iOS Differences
- Apps
- Kiosk Mode and iOS Devices
- Other iOS Device Feature Availability
- DEP Sync
General
Which iOS devices does Esper support?
Esper supports iOS devices (iPhones® and iPads®). We support a minimum iOS version of 11, but some features may require later versions.
Esper does not support MacOS, watchOS, tvOS, or visionOS.
Will iOS be available for the Templates experience?
iOS will only be available for the Blueprints experience, specifically Blueprints 2.0.
Can iOS devices and Android devices be in the same blueprint? What about groups?
Android and iOS devices can coexist in the same blueprint and be present in the same groups. Some settings and actions will be exclusive to Android or iOS devices.
Can I add a passcode to my devices?
Passcodes interfere with our device management, so we recommend not adding a passcode. You can clear the passcode from the console if one was applied accidentally. Go to Devices & Groups, click on the device, go to its Settings, and select Clear Passcode.
Certain passcode configurations can also reset devices or erase device data which may lead to unexpected behavior.
I can't see the Devices & Groups alias names column anymore.
We've updated this section, so you shouldn't run into this issue any longer.
You can also enable alias names (and other columns) in Devices & Groups > Views > Customize List view. You may need to press Default to refresh the list.
Provisioning
Does my iOS device require a factory reset before it can be added to Esper?
Yes, a device needs a factory reset. In some iOS settings, this is called "erase all content and settings".
How do I provision an iOS device?
You can provision an iOS device using either of these methods:
- Apple Business Manager
- Direct Profile via Apple Configurator
- Apple Business Manager via Apple Configurator
If someone incorrectly chooses “unsupervised” within their Apple configurator, how does one change that setting back to “supervised”?
You’ll need to supervise a device with Apple Configurator. After factory resetting the device and connecting it to your computer, open the Apple Configurator app and go through the steps in Prepare Device. Then select Supervise Device.
See Provisioning with Direct Profile for more information.
Android and iOS Differences
What are the differences between Android and iOS? How might an Android feature work differently from an iOS feature?
In this table, we show the difference in behavior between Android and iOS for blueprint settings. To see a full list of Android blueprint settings, see Creating a Blueprint.
Blueprint Settings |
||||
Feature | Blueprint Options for Android | Android Behavior | Blueprint Options for iOS | iOS Behavior |
Device Mode |
|
Available for all supported devices. Includes a failsafe if a Kiosk Mode app isn't available on the device. |
|
For Supervised devices only. |
Launcher |
|
Enables the admin to switch between launchers. | Not Available | Not Available |
Permissions | Runtime Permissions
|
Enables the admin to choose how runtime permissions function for end users. | Not Available | Not Available |
Allow Local App Install | Enable or Disable | Enables or disables a device user from installing apps locally. | Enable or Disable | Blocks app installation by hiding the Apple App Store. |
Allow Application Uninstall | Enable or Disable | Enables or disables a device user from uninstalling apps. | Enable or Disable | Available for iOS 4+ Supervised devices. |
Allow Bluetooth | Enable or Disable | Enables or disables the user from using Bluetooth. | Enable or Disable | Enables or disables the device user from modifying the Bluetooth’s state. If off, the Bluetooth can’t be turned on. If on, the Bluetooth can’t be turned off. |
Allow Near-Field Communication (NFC) | Enable or Disable | Enables or disables NFC on the device. | Enable or Disable | Only supported on Supervised iOS 14.2+ devices. |
Wi-Fi | Add or delete Wi-Fi access points. | Strict Wi-Fi Access Point Sync is only applicable to Android. | Add or delete Wi-Fi access points. | Available |
Allow SMS | Enable or Disable | Allows the device user to send and receive SMS. | Enable or Disable | Only on Supervised iOS 5+ devices. |
Restrict Incoming and Outgoing calls | Enable or Disable | Allow | Not Available | Not Available |
Ethernet Settings | None or EAP-TLS | Connects to ethernet. | Not Available | Not Available |
Safe Mode Login | Enable or Disable | Enables safe mode login. | Not Available | Not Available |
Factory Reset | Enable or Disable | Enables the device user to perform a factory reset on the device. | Enable or Disable | Only supported on Supervised iOS 8+ devices. |
Screen Timeout | Enable or Disable | When enabled, the screen times out according to the set time. Set timeout from five seconds to two hours. | Not Available | Not Available |
Lockscreen | Enable or Disable | When enabled, a lockscreen can be set with an optional password. | Not Available | Not Available |
Screenshot | Enable or Disable | Allows the device user to take a screenshot. | Enable or Disable | Only supported on iOS 9+ devices. |
Wallpaper | Upload to home and lock screen | Allows the device to display a wallpaper. | Upload to home and lock screen | Two issues affect iOS 16 and 17 devices. If you notice that your wallpaper isn’t applying, try restarting the device and converging it to the blueprint again. Both lock and home screen will have the same wallpaper the first time they’re set, and you can separate them afterward. |
Esper Settings | Enable or Disable | When enabled, allows the user to modify device settings through the Esper Settings app. | Not Available | Not Available |
Configurations | Paste json | If a setting in the json is present, it will override other settings in the blueprint. | Paste plist | If a setting in the plist is present, it will override other settings in the blueprint. |
Files | Upload files | Enables the admin to add files to the device | Not Available | Not Available |
Hotspot & USB Tethering | Enable or Disable | Allows the device user to share a mobile connection via a USB or Wi-Fi. | Enable or Disable |
Allows the device user to share a mobile connection via a USB or Wi-Fi. Only supported on iOS 12.2+ devices. |
Camera | Enable or Disable | Allows the device user access to the camera. | Enable or Disable | Allows the device user access to the camera. |
Google Services | Enable or Disable | Allows access to the Google Play Store for GMS devices. | Not Available |
Not Available Access to the Apple App Store is enabled through a VPP token in Apple MDM Management. |
Allow Siri Assistant | Not Available | Not Available | Enable or Disable | Enable access to Siri voice commands. |
Sound | Volume Control | Change the volume for:
|
Not Available | Not Available |
System Updates | Set system update frequency | Choose from the following frequencies:
|
Not Available | Not Available |
Time Zone | Choose a timezone. | Set the device’s timezone. | Enable or Disable | Forces the devices to synchronize time and date based on their location. Only supported on iOS 12+ devices. |
This table shows the differences and similarities between iOS and Android Quick Actions.
Quick Actions
|
||
Feature | Android Availability | iOS Availability |
Device Lockdown | Available | Not Available |
Device Mode Switch between Kiosk Mode and Multi-App Mode. |
Available | Not Available |
Ping | Available | Available |
Screen Lock | Available | Available |
Shutdown | Not Available | Available |
Reboot | Available | Available |
Beep | Available (Template experience only) | Not Available |
Factory Reset | Available | Available |
Send Message | Available | Not Available |
Clear Passcode | Not Available | Available |
This table shows other feature-by-feature comparisons.
Other Features |
||
Feature | Android Availability | iOS Availability |
Alias Names | Available | Available (as of DevRel 135) |
Tags | Available | Available (as of DevRel 135) |
Content Management | Available | Not Available |
Apps |
Available:
|
Available:
|
Alerts | Available | Not Available |
Geofence | Available | Not Available |
Pipelines | Available | Not Available |
Remote Viewer | Available |
Available:
|
Remote Control | Available: See Remote Viewer and Control for a complete list of requirements |
Not Available |
Reports | Available | Not Available |
Esper Software Updates | Available | Not Available |
APIs | Available (where noted) | Available (where noted) |
SDK | Available | Not Available |
EAST | Available | Not Available |
Esper CLI | Available | Not Available |
Device Provisioner | Available | Not Available |
Secure Remote ADB | Available | Not Available |
Are there any special behaviors that affect Android devices differently than iOS devices?
A few behaviors are specific to iOS devices:
- Clear Passcode
A device cannot be provisioned, or receive a converge command if it has a passcode. To remove a passcode, turn off the passcode in the device by going to Settings > Face ID (or Touch ID) & Passcode > Turn Passcode Off or click on Clear Passcode in Quick Actions.
- Install App
There is option to pause the download on a VPP app installation manually on the device. We recommend not pausing the download.
- Missing unlock_token field error
If you see this error in your device's event feed, it means it had errors during the supervise process. Try supervising the device again. See iOS Onboarding with Direct Profile (QR Code) for more information.
- Duplicate SSIDs or Wi-Fi names
If you have iOS devices with two Wi-Fi access points that have identical names but different passwords, the device will try to connect to the former Wi-Fi access point. This happens if you try to update the Wi-Fi configuration in a blueprint. This may cause connection issues or failures, so we suggest using unique names for your Wi-Fi access points.
Are there any plans to make more features available for iOS devices?
Yes. Follow our release notes for the latest developments or submit a feature request.
Apps
Can I remove pre-installed applications from iOS devices?
Preinstalled apps cannot be removed from iOS devices. However, we do change the app's state to hidden so that they do not appear on the device.
I want to use in-house applications. Which app deployment method should I choose?
If your organization uses in-house apps, these apps will need to be signed. Keep in mind that Esper does not handle IPA file signing.
Developers can maintain signing using the following methods:
- Use ABM Custom App Deployment via Apple’s Volume Purchasing Program (VPP)
- Use Apple Developer Enterprise Program (ADEP)
- Deploy in-house apps hosted by Esper. Developers will need to apply and adhere to Apple’s eligibility requirements. Review Apple’s documentation, specifically the “Use MDM to distribute the app” section, for the latest requirements for deploying in-house apps.
Ensure your organization is regularly updating and signing these types of applications. If an application suddenly stops working, one reason could be its certificates are expired or invalid.
Kiosk Mode and iOS Devices
Kiosk Mode for iOS devices differs from Android devices. Here's a breakdown of those differences:
1. Apps need to be closed manually after switching out of Kiosk Mode
In a blueprint, if you change the Device Mode setting from Kiosk to Multi-App, and then converge the device to the new blueprint settings, someone will have to close out of the former kiosk app.
2. Kiosk Mode devices cannot be shut down manually
If users press and hold the power button while a device is in Kiosk Mode, they won't get an option to shut down the device. However, admins can use the Esper console to send a Shutdown command to the device.
3. Change to Multi-App mode before updating apps
For the most consistent results, devices should be changed to Multi-app mode during app updates. Apply Multi-App mode through a blueprint, and then push the app update through a second blueprint update.
Other iOS Device Feature Availability
Does Esper support Shared iPad Mode?
Not currently.
Can I select setup options for an iPad or iPhone?
You can select the setup options while provisioning via a QR-code or Manual ABM Provisioning with Apple Configurator. If provisioning through Automatic ABM, all setup steps are skipped.
We recommend skipping the passcode option as this will interfere with provisioning and blueprint converge actions.
DEP Sync
The DEP Sync keeps failing.
If you've tried a DEP sync a few times and it keeps failing, your MDM server may have been deleted from ABM. There may be a delay between when it was deleted and when you synced that showed success initially, but will eventually fail.
To resolve, download and re-upload the new token from ABM and upload it to your tenant by going to Apple ABM Management and clicking Renew Token.