By using the Shared iPad for Business profile, an iPad can be used by multiple users. Users must sign in to the Shared iPad using a managed Apple ID. A local account is created for each user that signs into the Shared iPad. This is synced with the user’s iCloud and is password protected. There is also a guest account that is used to create a temporary user session. Unlike a managed user account, when you log out of the guest account, the session data is deleted.
When signing in for the first time, the user must enter the managed Apple id password (created manually) or create a shared iPad passcode (federated account). This depends on how the account was created in Apple Business Manager. Next, the language and location must be set.
By default, when configuring a Shared iPad in Intune, a maximum of 10 cached users is set. Depending on the storage of the device, when configuring there will be 10GB reserved for the system and 8GB (32GB) or 16GB (64GB or more) reserved for apps and media. The remaining available data will be shared by the number of defined users with a minimum of 1 GB (32GB) or 2 GB (64GB or more) per user.
Create Enrollment profile
Before you can configure the Shared iPad enrollment profile in Intune, you will need to setup an Automatic Device Enrollment. I wrote a blog about this a few months ago that you can find here. I also have configured Federated Authentication in Apple Business Manager (More info here).
1. Login to the MEM admin center and go to “Devices” -> “iOS/iPadOS” -> “iOS/iPadOS enrollment” or click here. Select “Enrollment program tokens”
2. Select the Enrollment token you want ot use for the shared profile by clicking on the name.
3. Select “Profiles” and press “+ Create profile” -> “iOS/iPadOS” to create a new enrollment profile.
4. Enter a Name and (optional) Description. Press “Next” to continue.
5. Setup the Management Settings, in this step you can adjust the management options aand also set the “Maximum cached users” (See storage). I will be using the settings in the table. Press “Next” to continue.
|Maximum cached users||10|
|Sync with computers||Allow all|
|Apply device name template||No|
6. Enter a Department and Department Phone. I hide all the settings so the user is not bothered by them. Press “Next” to continue.
7. Review your settings and press “Create” to create the new enrollment profile.
8. Assign the profile to a synced device from Apple Business Manager. Select “Devices” and mark the device you want to assign the new profile. Press “Assign profile” and select the new “Shared iPad profile” to finish assignment press “Assign”
9. For the Shared iPad profile to work it’s not necessary to add any Configuration profiles or Applications. But you might want to consider that to restrict the device or do some additional setup.
Demo Shared iPad Intune
After you turn the device on a few steps need to be performed by the end user before the device can be used. You will need to setup language, region and network. In this demo I am using a federated apple business manager, these steps are different from a non federated apple business manager.
10. After these initial steps you will recieve a notification that the device is remotely managed. Press “Next” to continue. It will take some minutes and the device will reboot
11. Once the device has rebooted the Shared iPad is ready for use. Users can add their profile by entering their managed Apple ID and pressing “Sign in”.
12. Because the Apple Business Manager is federated with Azure the user will be redirected to https://login.microsoftonline.com for authentication. Press “Continue” to go to the authentication page.
13. Enter the password and press “Sign in”
14. A cached profile for the user will be created on the iPad. This will take some time.
15. The user will get a question to select the language used for his/her profile. This language setting only applies to this user. Other users may use a different language.
16. Just as with the language the user now needs to select the country or region.
17. Review the settings and press “Continue”
18. The final setting is to create an iPad passcode. This is the password Tim will need to enter to use his profile. The passcode is saved online and can be reset in Apple Business Manager.
19. The startscreen of Tim will be shown and the profile is ready for use. In the top left of the screen you can see which user is currently logged in. In this case
20. By pressing the power button you will see the lockscreen.
21. Recent users
22. By pressing Guest user somebody without an account can login. The data within the session will not be saved after signing out.
Shared iPad users
23. When you signin with an user whom has already used a Shared iPad.
24. Instead of being redirected to https://login.microsoftonline.com for authentication. You will get the question to enter the Shared iPad Passcode (only for federated users).
25. The Language and location will be loaded from their profile and A cached profile for the user will be created on the iPad.