Deploy iPad with cellular connections
In addition to providing Wi-Fi connectivity while in school, many school districts are also helping their students learn from anywhere by deploying iPad devices with cellular connectivity.
Overview
Deployments that include cellular devices differ from Wi-Fi deployments in a number of important ways and therefore introduce new elements to consider:
Subscriber Identity Module (SIM) type
Carrier selection
Mobile device management (MDM) support
Content filtering
For more information, see the video Planning for Cellular Connectivity.
eSIM versus physical SIM
Cellular activation requires either a SIM or an eSIM provided by the carrier. eSIMs are preferred for a number of reasons, but your local carrier may not support them at the scale your organization needs. Carrier selection should also take into account coverage for where users live, work or attend school, as well as any location where devices are initially configured.
Carrier selection
Some iPad devices have cellular coverage. To make best use of that coverage when planning deployment, make sure you have the right carrier for your needs.
Because eSIMs are software based, they afford much more deployment flexibility and are also easier to secure; administrators can trigger eSIM installation remotely and restrict a user’s ability to remove it from their device. If there’s a need to change the cellular carrier for devices after they’ve been deployed to users, a mobile device management (MDM) command lets you do that without any user interaction. There are other advantages to using an eSIM. For example, if permitted, the user can also change to use the previous eSIM in Settings > Cellular.
When selecting a carrier, ask the following:
After an agreement is signed, what is the time period to create and make available the eSIMs so they can be assigned to supported iPhone and iPad devices?
Does your carrier support the Apple Lookup Service (ALS) for automating eSIM installation?
Does your carrier allow users to transfer eSIMs between two iPad devices?
What is the URL for your carrier’s eSIM server (known as an SM-DP+ server)?
Ensure access to the carriers eSIM server is available through firewalls.
The carriers eSIM server host name is used when installing eSIMs using MDM.
Regarding cellular coverage and capacity, can the carrier:
Provide a survey of cell towers close to where the devices are provisioned and where remote learning may be taking place?
Note: Because carriers may be sensitive to the number of devices simultaneously queuing for eSIM provisioning, many of them request that automated provisioning events be communicated to them.
Content filtering
Devices deployed outside of a school’s network may require adjustments to content filtering strategies. Those devices use cellular carrier networks and home or public Wi-Fi. If existing content filtering solutions rely on the use of onsite networks (owned by the school) to provide content filtering, a new approach is required. Routing all traffic back through the school’s network (by using VPN or global proxy configurations) is an option, although this may require upgrading the school’s internet connection or other infrastructure.
Cloud-based filtering solutions may be better suited to cellular devices, as those don’t require data to travel back and forth through the school’s network.
On-device content filtering with apps that leverage the Apple Network Extensions framework provide the best user experience, because very little traffic is sent from the device and content filtering controls are managed locally.
When using content filtering, consider that VPN/PAC file-based filtering solutions don’t filter Personal Hotspot traffic. A restriction can be added to a configuration profile to prevent the use of Personal Hotspot.
Note: Some carriers (for example, T-Mobile in the United States) have an IPv6-only cellular network. Any content filtering solution should be assessed for compatibility with IPv6-only networks.
Deploy iPad devices with eSIMs
To deploy iPad devices at scale with eSIMs, you must gather device identifiers, send this information to the carrier, enroll the devices in an MDM solution, then send the MDM command to activate the eSIMs.
Gather the requested identifiers (Serial number, IMEI, EID) using one of the following methods:
From your Apple sales team.
By scanning the barcodes on the product boxes.
By tethering devices to a Mac and using Apple Configurator or the
cfgutilcommand-line tool to export the serial number and IMEI. You’ll still need to obtain the EID for each device using one of the other methods listed here.If devices are already deployed, MDM has the ability to query for the serial number, IMEI, and (in iOS 14 or later and iPadOS 14 or later) the EID.
Send the information to the carrier and get the eSIM server URL from the carrier.
After the carrier confirms the eSIMs are ready, enroll the iPad devices in an MDM solution.
Use the MDM solution to send a Refresh Cellular Plans command that includes the carrier’s eSIM server URL to activate the eSIM. See your MDM solution’s documentation for steps to complete this step.