How does a school manage a few hundred iOS devices for only a few hundred dollars? During MacIT Conference, Derick Okihara demonstrated the pros and cons of using Apple’s Profile Manager from his experience managing the Mid-Pacific Institute school. You can download the presentation slides here.
If you are looking for advice on managing Apple iOS devices, join the community at EnterpriseiOS for more tips and information.
Why Use Apple’s Profile Manager
- It’s dirt cheap. Profile Manger is included in Lion Server which is $50-$80 flat. Contrasted with other MDM providers that charge an annual fee.
- It does MOST of what you want in an MDM solution.
- It’s a First Party solution. You can call Apple for support.
Why NOT Use Apple’s Profile Manager
- Large installs of devices – thousands of devices will require a more robust MDM solution.
- A required MDM solution isn’t available – see below and the complete comparison of MDM solutions.
How does Apple’s Profile Manager Measure Up?
- App installs – You can push free Apps or in-house developed Apps to users. You can NOT push paid or volume purchased Apps to users.
- Policy setting – Yes.
- Security – Restrictions, VPN profiles, remote wipes.
- Asset Tracking – Lion server will track the device.
- Remote Control – Nope.
- Backup – Nope. The only Apple way of doing backup is through iTunes right now.
- Firmware / OS updates – Nope.
What Do You Need to Run Apple’s Profile Manager?
- Lion Server running on a Mac with Core 2 Duo or later, 2GB+ of RAM. A Mac mini for less than 1,000 devices is a very affordable solution.
- Internet connection with certain ports open. You may need to troubleshoot push notifications.
- Working DNS – Not just an IP address.
- Open Directory Master – Server that holds user accounts.
- Certificates – You’ll need the following certificates: SSL/TLS Certificate (purchased from a registrar, StartCom offers the only free certificate for iOS devices), Apple Push Notification Service Certificate (free from Apple with an Apple ID), Code Signing Certificate (you can use the Lion server but a best practice is to purchase one from one of these authorities for around $300)
Lion Server Profile Manager Setup Tips and Best Practices
- Change your Administrator account name to something besides the default of “diradmin” because someone could guess it.
- Don’t use a comma in your organization name, it’ll cause the install to fail.
- Don’t use your personal Apple ID because your certificate will be tied to it. Create a new one for the institution. If the person whose Apple ID leaves you won’t be able to manage it anymore.
- If you use disable the App store your users won’t be able to sync Apps via iTunes either.
- If you use content restrictions, all Apps that allow web browsing are rated 17+.
- You can run Profile Manager on an iPad because it’s a web app.
Resources
- Managing iOS Devices with OS X Lion Server by Arek Dreyer ($4.99)
- Enterprise iOS
- Apple’s iOS4 Education Deployment Guide (even outdated, it’s helpful and a lot of it applies to business as well).
- Apple’s Profile Manager Help
If you are looking for advice on managing Apple iOS devices, join the community at EnterpriseiOS for more tips and information.


You state in this article “App installs – You can push free Apps or in-house developed Apps to users. You can NOT push paid or volume purchased Apps to users.”
I have a MacBook Air (Maverick) and purchased OS X Server (latest version). Profile Manager gives me the option to use DEP and VPP. So, if it allows me to use VPP, it appears that I can push paid (or VPP) apps to iPads. So, this statement is incorrect. Please advise. jw
Hi Jonathan. Thanks for the correction. This presentation’s information is from January 2013 and the tools have been updated since.
Hi, I am thinking of using Apple’s Profile Manager to set up a couple hundred iPads for our company. Our employees are located all around the world so I am wondering if you know if at any time the iPads need to be physically connected to the Mac via USB to set them up at any time or can it all be done remotely. Thanks for any help you can offer!
Brian
Hi Brian,
Check out Ground Contrl (https://www.groundctl.com). They have a solution for setting up management on iPads in multiple locations. Good luck!