Deploy iPad with mobile data connections
In addition to providing Wi-Fi connectivity while in school, many education authorities are also helping their students learn from anywhere by deploying iPad devices with mobile data connectivity.
Overview
Deployments that include devices with mobile data differ from Wi-Fi deployments in a number of important ways and therefore introduce new elements to consider:
Subscriber Identity Module (SIM) type
Network provider selection
Mobile device management (MDM) support
Content filtering
For more information, see the video Planning for Cellular Connectivity.
eSIM versus physical SIM
Mobile data activation requires either a SIM or an eSIM provided by the network provider. eSIMs are preferred for a number of reasons, but your local provider may not support them at the scale your organisation needs. Network provider selection should also take into account coverage for where users live, work or attend school, as well as any location where devices are initially configured.
Network provider selection
Some iPad devices have mobile data coverage. To make best use of that coverage when planning deployment, make sure you have the right network provider for your needs.
Because eSIMs are software based, they afford much more deployment flexibility and are also easier to secure; administrators can trigger eSIM installation remotely and restrict a user’s ability to remove it from their device. If there’s a need to change the network provider for devices after they’ve been deployed to users, a mobile device management (MDM) command lets you do that without any user interaction. There are other advantages to using an eSIM. For example, if permitted, the user can also change to use the previous eSIM in Settings > Mobile Data.
When selecting a network provider, ask the following:
After an agreement is signed, what is the time period to create and make available the eSIMs so they can be assigned to supported iPhone and iPad devices?
Does your network provider support the Apple Lookup Service (ALS) for automating eSIM installation?
Does your network provider allow users to transfer eSIMs between two iPad devices?
What is the URL for your network provider’s eSIM server (known as an SM-DP+ server)?
Ensure access to the network provider’s eSIM server is available through firewalls.
The network provider’s eSIM server host name is used when installing eSIMs using MDM.
Regarding mobile coverage and capacity, can the network provider:
Provide a survey of mobile phone masts close to where the devices are provisioned and where remote learning may be taking place?
Note: Because network providers may be sensitive to the number of devices simultaneously queuing for eSIM provisioning, many of them request that automated provisioning events be communicated to them.
Content filtering
Devices deployed outside of a school’s network may require adjustments to content filtering strategies. Those devices use mobile data networks and home or public Wi-Fi. If existing content filtering solutions rely on the use of on-site networks (owned by the school) to provide content filtering, a new approach is required. Routing all traffic back through the school’s network (by using VPN or global proxy configurations) is an option, although this may require upgrading the school’s internet connection or other infrastructure.
Cloud-based filtering solutions may be better suited to mobile devices, as those don’t require data to travel back and forth through the school’s network.
On-device content filtering with apps that leverage the Apple Network Extensions framework provide the best user experience because very little traffic is sent from the device and content filtering controls are managed locally.
When using content filtering, consider that VPN/PAC file-based filtering solutions don’t filter Personal Hotspot traffic. A restriction can be added to a configuration profile to prevent the use of Personal Hotspot.
Note: Some providers have an IPv6-only mobile network. Any content filtering solution should be assessed for compatibility with IPv6-only networks.
Deploy iPad devices with eSIMs
To deploy iPad devices at scale with eSIMs, you must gather device identifiers, send this information to the network provider, enrol the devices in an MDM solution, then send the MDM command to activate the eSIMs.
Gather the requested identifiers (Serial number, IMEI, EID) using one of the following methods:
From your Apple sales team.
By scanning the barcodes on the product boxes.
By tethering devices to a Mac and using Apple Configurator or the
cfgutilcommand-line tool to export the serial number and IMEI. You’ll still need to obtain the EID for each device using one of the other methods listed here.If devices are already deployed, MDM has the ability to query for the serial number, IMEI and (in iOS 14 or later and iPadOS 14 or later) the EID.
Send the information to the network provider and get the eSIM server URL from the provider.
After the network provider confirms the eSIMs are ready, enrol the iPad devices in an MDM solution.
Use the MDM solution to send a Refresh Data Plans command that includes the network provider’s eSIM server URL to activate the eSIM. See your MDM solution’s documentation for steps to complete this step.