Prepare Shared iPad
After you’ve configured Shared iPad with the number of users and set up content caching, you can learn how to use Shared iPad.
Updates and upgrades to iPadOS and apps for Shared iPad
To minimise downtime, updates and upgrades to iPadOS and apps should occur during off hours to minimise impact to your users and the network.
Updates and upgrades to iPadOS on Shared iPad can be initiated only by:
The mobile device management (MDM) solution that the Shared iPad is enrolled in
When physically connected to a Mac using Apple Configurator for Mac
When physically connected to a Mac using the Finder
Updates to apps on Shared iPad can be initiated only by the MDM solution that the Shared iPad is enrolled in.
Important: Because of changes in the file system, users of Shared iPad must be removed before updating to iPadOS 17. MDM solutions can use the DeleteUser
command to accomplish this. For more information, see the Apple Support article Upgrade a Shared iPad to iPadOS 17.
Content caching
Content caching is extremely important for Shared iPad. If you configure content caching to cache iCloud data (including iCloud Photos and CloudKit-enabled apps), Shared iPad saves data to iCloud through the caching service. When a user’s data is cached by macOS 10.13 or later, Shared iPad can download the data locally instead of from iCloud.
When a user signs out of Shared iPad, that data is held locally and appears automatically in iCloud. When that user signs in to a different Shared iPad, their data is downloaded from iCloud or by other apps from the App Store that use cloud-based storage.
It’s recommended that you plan for users to return to the same device each time. With the use of intelligent caching by Shared iPad and the Classroom app, a user can sign out one day and sign back the following day to the same iPad they last used. This lets them quickly pick up where they left off because their data is still on the same iPad.
App space considerations
Before you consider how many users can sign in to Shared iPad, first make sure it’s configured with all the apps and documents you require so you can view how much storage space remains for the users. For example, if you have an iPad with 128 GB of storage, first load your required apps and documents and then view the remaining storage. If some of the apps are used for high-volume tasks such as editing video, keep the number of users low.
User space considerations
When you set up a new Shared iPad using iPadOS 13.4 or later, you can configure it using your MDM solution to specify the maximum storage allocated for each user, or you can set the maximum number of users that can be stored on a device at one time. If neither configuration is set, Shared iPad automatically sets the maximum number of users to 10. And then, after iPadOS is installed, Shared iPad allocates storage based on the device’s capacity:
Devices with a storage capacity of 32 GB: 10 GB for the system, 8 GB for apps and media. The remaining storage is divided among the number of defined users, with 1 GB minimum per user.
Note: Photos won’t sync with a Managed Apple Account account for quotas of 1 GB. Only use 1 GB as a minimum when necessary.
Devices with a storage capacity 64 GB or greater: 10 GB for the system, 16 GB for apps and media. The remaining storage is divided among the number of defined users, with 2 GB minimum per user.
Note: If additional space is needed for a new user, the local data for the oldest user is removed.
Using the above minimum values helps guarantee a good user experience, although these minimum values shouldn’t be a limiting factor for most deployments. For example, if you specify a value of five users on a 128 GB iPad, each user has approximately 20.4 GB of local storage, as shown in the iPad on the right in the diagram below.
If you don’t know how many users or the exact number and size of apps and data each app stores, configure Shared iPad with the default setting. After you understand how much storage is used per user, your MDM solution may be able to:
Configure a reserve request
Specify the number of users, which divides the local storage evenly for the number of users you requested
Reset reserve requests or the specified number of users (users must first be cleared from device)
For more information, see the SharedDeviceConfiguration command settings at the Apple Developer website.
Tip: It’s recommended that you set the maximum storage value for users as low as possible to maximise the number of cached users, minimise communication with iCloud and provide a faster sign-in experience.
Choose and deploy apps
It’s important to choose optimised content-creation apps for Shared iPad. These apps are designated in the Apps and Books section of Apple School Manager. Simply look for the “Optimised for Shared iPad” badge under the app’s description.
Apps with this designation save user-generated content to iCloud, where it can be accessed by other Shared iPad devices and on iCloud.com.
Apps without this designation may work on Shared iPad as long as they don’t exclusively store important data locally. App file management and data storage should be tested in your environment to avoid any issues.
For apps that might be used by Shared iPad users, it’s recommended that you deploy those to all Shared iPad devices. This minimises traffic caused by app installation during school hours and doesn’t require user interaction during installation. Because users can’t delete apps on Shared iPad, you can use MDM to show or hide certain apps. In this way, you can customise what users see.
Saving passwords
Users can’t save passwords using Safari AutoFill unless a user configuration profile specifying the allowed domain for the AutoFill feature is installed on the iPad. For more information, see Domains settings on the Apple Developer website.
Configuration profiles
If you use Shared iPad, you can use your MDM solution to install:
Device and device group profiles
User and user group profiles
Important: In iPadOS 16.6 or earlier with Shared iPad, user profiles like Mail, Exchange ActiveSync or CalDAV get installed only if they don’t contain sensitive information such as a passcode or password, which requires the profile to be encrypted.
For more information, see MDM payload list for Shared iPad devices.
Remote authentication
In iPadOS 16.1 or later, Shared iPad defaults to using the local passcode for existing users on the device, and so requires no network connection. MDM administrators can also choose to enforce remote authentication always or by setting a certain number of days, providing the flexibility to determine when remote passcode changes take effect on existing cached sign-ins.
Default domains
In iPadOS 16.1 or later, MDM administrators can include default domains (for example, townshipschools.org) to make signing in to Shared iPad even easier. After entering the user name portion of a Managed Apple Account, users can select their account’s domain from a list in the QuickType keyboard.
MDM commands
The table below lists MDM commands available for Shared iPad.
Setting | Minimum supported operating system | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Await user configuration | iPadOS 17 | Fully configures Shared iPad for a particular user after they sign in. This ensures that the device is ready to go when the user is presented with the Home Screen. | |||||||||
Default domains | iPadOS 16.1 | A list of domains that the Shared iPad sign-in screen displays. The user can pick a domain from the list to complete their Managed Apple Account. | |||||||||
Delete user | iOS 9.3 | Deletes the user from Shared iPad. | |||||||||
Log out user | iOS 9.3 | Forces the current user to logout. | |||||||||
Maximum number of users | iPadOS 13.4 | Specifies the expected number of users. | |||||||||
Passcode grace period | iPadOS 13.1 | Sets the amount of time, in seconds, the screen must be locked before unlock attempts require the passcode. | |||||||||
Passcode policy | iOS 5 | Sets the passcode policy for Shared iPad. | |||||||||
Set the quota size | iPadOS 13.4 | Sets the amount of available space, in megabytes, for each user. | |||||||||
Set time zone | iPadOS 14 | Sets the time zone name. | |||||||||
Set Wallpaper | iOS 9.3 | Sets the Wallpaper for the Lock Screen, Home Screen or both. | |||||||||
Sign-in grace period | iPadOS 16.1 | Specifies a grace period, in days, for when Shared iPad sign-in requires network authentication. Setting this to 0 requires network authentication each time. | |||||||||
Skip language and locale set-up for new users | iPadOS 16.2 | Specifies whether the Language & Locale pane is skipped for new users of Shared iPad. | |||||||||
Submit app analytics | iPadOS 13.1 | Enables or disables submitting app analytics. | |||||||||
Submit diagnostics | iOS 9.3 | Enables or disables submitting diagnostics. | |||||||||
Temporary session only | iPadOS 14.5 | Allows for a temporary session. | |||||||||
Temporary session timeout | iPadOS 14.5 | Logs out the temporary session after a specified period of time. | |||||||||
User session timeout | iPadOS 14.5 | Logs out the user session after a specified period of time. |
Shared iPad and 802.1X networks
To use Shared iPad with an 802.1X network, you must install a configuration profile with certificate and network payloads using Apple Configurator for Mac or MDM. After the device configuration profile is installed, Shared iPad connects to the 802.1X network regardless of whether a user is signed in. There are two preferred methods of getting the configuration profile on Shared iPad:
Use your MDM solution: Manually join a Wi-Fi network or connect a compatible USB Ethernet adapter (like the one sold from Apple) and an Apple USB Camera adapter during Set-Up Assistant. iPad devices enrolled in Apple School Manager or Apple Business Manager receive a configuration profile with Wi-Fi and Certificates payloads from your MDM solution after completing Set-Up Assistant and restarting Shared iPad.
Use Apple Configurator for Mac: Use automated enrolment to deliver a configuration profile with Wi-Fi and Certificates payloads.
Note: The Apple USB Camera adapter may not be available in all countries or regions.