Deploy iPad with mobile network connections
In addition to providing Wi-Fi connectivity while in school, many school districts are also helping their students learn from anywhere by deploying iPad devices with mobile network connectivity.
Overview
Deployments that include mobile network devices differ from Wi-Fi deployments in a number of important ways and therefore introduce new elements to consider:
Subscriber Identity Module (SIM) type
Service Provider selection
Mobile device management (MDM) support
Content filtering
For more information, see the video Planning for Mobile Data Connectivity.
eSIM versus physical SIM
Mobile data activation requires either a SIM or an eSIM provided by the service provider. eSIMs are preferred for a number of reasons, but your local provider may not support them at the scale your organisation needs. Service Provider selection should also take into account coverage for where users live, work or attend school, as well as any location where devices are initially configured.
Service Provider selection
Some iPad devices have mobile network coverage. To make best use of that coverage when planning deployment, make sure you have the right network provider for your needs.
Because eSIMs are software based, they afford much more deployment flexibility and are also easier to secure; administrators can trigger eSIM installation remotely and restrict a user’s ability to remove it from their device. If there’s a need to change the mobile service provider for devices after they’ve been deployed to users, a mobile device management (MDM) command lets you do that without any user interaction. There are other advantages to using an eSIM. For example, if permitted, the user can also change to use the previous eSIM in Settings > Network Provider.
When selecting a service provider, ask the following:
After an agreement is signed, what is the time period to create and make available the eSIMs so they can be assigned to supported iPhone and iPad devices?
Does your network provider support the Apple Lookup Service (ALS) for automating eSIM installation?
Does your network provider allow users to transfer eSIMs between two iPad devices?
What is the URL for your service provider’s eSIM server (known as an SM-DP+ server)?
Ensure access to the network provider eSIM server is available through firewalls.
The network providers eSIM server host name is used when installing eSIMs using MDM.
Regarding mobile network coverage and capacity, can the service provider:
Provide a survey of mobile phone towers close to where the devices are provisioned and where remote learning may be taking place?
Note: Because service providers may be sensitive to the number of devices simultaneously queuing for eSIM provisioning, many of them request that automated provisioning events be communicated to them.
Content filtering
Devices deployed outside a school’s network may require adjustments to content filtering strategies. Those devices use mobile service provider networks and home or public Wi-Fi. If existing content filtering solutions rely on the use of onsite networks (owned by the school) to provide content filtering, a new approach is required. Routing all traffic back through the school’s network (by using VPN or global proxy configurations) is an option, although this may require upgrading the school’s internet connection or other infrastructure.
Cloud-based filtering solutions may be better suited to mobile devices, as those don’t require data to travel back and forth through the school’s network.
On-device content filtering with apps that leverage the Apple Network Extensions framework provide the best user experience, because very little traffic is sent from the device and content filtering controls are managed locally.
When using content filtering, consider that VPN/PAC file-based filtering solutions don’t filter Personal Hotspot traffic. A restriction can be added to a configuration profile to prevent the use of Personal Hotspot.
Note: Some service providers (for example, T-Mobile in the United States) have an IPv6-only mobile network. Any content filtering solution should be assessed for compatibility with IPv6-only networks.
Deploy iPad devices with eSIMs
To deploy iPad devices at scale with eSIMs, you must gather device identifiers, send this information to the service provider, enrol the devices in an MDM solution, then send the MDM command to activate the eSIMs.
Gather the requested identifiers (Serial number, IMEI, EID) using one of the following methods:
From your Apple sales team.
By scanning the barcodes on the product boxes.
By tethering devices to a Mac and using Apple Configurator or the
cfgutilcommand-line tool to export the serial number and IMEI. You’ll still need to obtain the EID for each device using one of the other methods listed here.If devices are already deployed, MDM has the ability to query for the serial number, IMEI and (in iOS 14 or later and iPadOS 14 or later) the EID.
Send the information to the service provider and get the eSIM server URL from the service provider.
After the service provider confirms the eSIMs are ready, enrol the iPad devices in an MDM solution.
Use the MDM solution to send a Refresh Mobile Data Plans command that includes the service provider’s eSIM server URL to activate the eSIM. See your MDM solution’s documentation for steps to complete this step.