Capacities
The capacities listed below are the ones that are currently actively supported by Telepod.
Any idea to enrich Telepod capacities or being able to adopt Telepod ? Feel free to send a feature request via the form available on the Introduction page.
| Key points | |
| Telepod Setup license Workflows supported |
• Setup : a new device is set up, possibly from the backup of another device acting as a model • Backup : a device acting as a model is backed up, so other new devices can be set up |
| Telepod Setup Enmasse license Workflows supported |
• Setup : a new device is set up, possibly from the backup of another device acting as a model • Setup en masse : simultaneous setup of multiple devices, possibly from the backup of another device acting as a model • Backup : a device acting as a model is backed up, so other new devices can be set up |
| Telepod Switch license Workflows supported |
• Migration : a device is migrated from one MDM to another MDM • Replacement : – Device switching : a current device is replaced by a new device, managed by the current MDM – MDM switching : a current device is replaced by a new device, managed by the new MDM • Setup : a new device is set up, possibly from the backup of another device acting as a model • Backup : a device acting as a model is backed up, so other new devices can be set up |
| Enrollment methods | • Depending on the workflow, the prepared iOS device can be enrolled in an MDM using Device Enrollment (no-ADE capable device) or Automated Device Enrollment (ADE capable device) • In the context of Device Enrollment, enrollment can be managed via an enrollment profile, an enrollment URL or an Apple Configurator URL |
| Supervision | • In the context of Automated Device Enrollment, device supervision is enabled through the appropriate enrollment profile ; with iOS 13 and later, supervision is forcibly enabled • In the context of Device Enrollment, device supervision is enabled using a Supervision identity (private key and certificate) or a Supervision certificate (certificate only) |
| Execution | |
| Starting | • Telepod is executed on demand on a Mac host from the Self Service of the MDM in which the computer is enrolled • When the MDM does not offer this type of execution, an alternative is to run Telepod on demand from the Telepod application (administrative privileges required) or a Munki instance • The workflow to be executed is selected from a list if several are available |
| Allowed time slots | • Telepod execution can be restricted to allowed time slots, aimed to reflect the availability of the IT Support • A slot is defined for each day by one or several ranges of time • Each slot is intended to be associated with a specific time zone, except the fallback slot that applies to all Mac hosts which time zone is not supported |
| Disallowed processes | Telepod can forcibly kill listed processes to ensure that another tool cannot interfere with the operations it performs on a device |
| Power management | • Telepod execution can require that the device be connected to AC Power • Telepod can be allowed to be executed while the device is on Battery Power and optionally only if the battery charge exceeds a required minimum |
| Activation Lock | Telepod detects that the device to be prepared is locked to owner and invites the user to clear the Activation Lock, so the workflow can proceed |
| Prohibited pairing | • Telepod detects that the device is not allowed to pair with the Mac host because pairing is prohibited by an MDM profile • In this situation, Telepod attempts to force the pairing using a Supervision identity |
| Operating System restoration | • OS restoration can be set to “always”, “if available”, “if required” or “never” • Always : OS is restored regardless regardless of the current version installed • If available : OS is restored if an update is available • If required : OS is restored if the current version is lower than the OS version of the device used to create the backup to be restored • Never : OS is not allowed to be updated • Telepod knows which most recent OS version can be installed on a connected device • When a device is updated, the latest version of iOS or iPadOS is installed |
| Storage requirements | • Telepod attempts to check that the internal storage offers the free space required to backup a device • If allowed, Telepod can delete the backups of other devices to free up space |
| Slack / Microsoft Teams Integrations | • Telepod can report to a dedicated channel the successive status of a running workflow • Messages can be customized with strings, expected variables and emojis • This integration requires the implementation of Slack Incoming Webhooks and Microsoft Teams Incoming Webhooks |
| Configurations | |
| Privileges [Backup] [Replacement] |
Allow to delete the backups of other devices : to delete if necessary the local backups of other devices to free space for the backup of the connected device |
| Privileges [Replacement] [Setup] [Setup en masse] |
Allow to restore a backup on another device class : to allow to restore a backup made from a device of a device class (e.g. iPad) on a device of another device class (e.g. iPhone) |
| Settings [Backup] |
Require the current device to be confirmed : to require the confirmation that the connected device is the device to be backed up |
| Settings [Migration] |
Require the current device to be confirmed : to require the confirmation that the connected device is the device to be migrated |
| Settings [Replacement] |
• Action on the current device after it has been backed up : no action / unenroll / erase • Action on the current device after the new device is enrolled : no action / unenroll / erase • Delete the backup of the current device after the new device is enrolled : yes / no • Require the current device to be confirmed : to require the confirmation that the connected device is the current device to be replaced • Require the new device to be confirmed : to require the confirmation that the connected device is the new device to be restored with the backup of the current device • Restore the Operating System : never / if required / always |
| Settings [Setup] |
• Require the new device to be confirmed : to require the confirmation that the connected device is the new device to be prepared • Restore the Operating System : never / if required / if available / always |
| Settings [Setup en masse] |
• Refresh using Return to Service : to trigger a “Device refresh” task using Return to Service when requirements are met, instead of a “Device restore” task • Restore the Operating System : never / if required / if available / always |
| Backup password [Backup] [Replacement] |
• The backup password used to encrypt the local backup of the device can be set in the configuration of the workflow or entered interactively • Once the first encrypted local backup of the device has been completed, the backup password is escrowed on the device and subsequent backups are encrypted based on this last • Telepod does not interfere with the backup password already defined on the device • Telepod asks the user to type the backup password if it is unknown when it is required |
| Copy of inventory values [Migration] [Replacement] [Setup] [Setup en masse] |
• The copy of inventory values is based on the declaration of mappings that associate carefully the name of a source attribute with the name of a destination attribute • In the context of a workflow of type Migration, the value of the source attribute is pulled from the inventory of the device enrolled in the current MDM • In the context of a workflow of type Replacement configured for a device switching, the value of the source attribute is pulled from the inventory of the replaced device enrolled in the current MDM • In the context of a workflow of type Replacement configured for an MDM switching, the value of the source attribute is pulled from the inventory of the replaced device enrolled in the previous MDM • In the context of a workflow of type Setup and Setup en masse, the value of the source attribute is pulled from the existing inventory of the device if it was previously enrolled in the MDM • All migrated values are eventually treated as strings |
| Device Use Agreement [Migration] [Replacement] [Setup] [Setup en masse] |
The organization can ask the user to accept on the Mac host certain agreement conditions to use the device(s) |
| Configuration profiles [Migration] [Replacement] [Setup] [Setup en masse] |
• A Wi-Fi configuration profile can be installed silently after the new device has been prepared and before it is enrolled (onboarding network expected) • Other configuration profiles can be installed after the new device is enrolled ; the installation does not require a user interaction if the new device is supervised |
| Documents [Migration] [Replacement] [Setup] [Setup en masse] |
Documents can be installed silently after the new device is enrolled |
| Wallpaper [Migration] [Replacement] [Setup] [Setup en masse] |
• The Home screen and the Lock screen can be installed silently after the new device is enrolled • The device class and serial number can be added to the specified text displayed in the middle of the Lock screen |
| Language and Region [Setup en masse] |
• The language and region are configured at the workflow level for all devices prepared • The language and region can possibly be customized per device from values retrieved from a Placeholders CSV table stored inside the Content package |
| Automatic opening of an application [Backup] [Migration] [Replacement] [Setup] [Setup en masse] |
An app can be opened once Telepod is exited |
| Automatic opening of a Web page [Backup] [Migration] [Replacement] [Setup] [Setup en masse] |
A Web page can be opened by the default Web browser of the logged in user once Telepod is exited |
| Device renaming | |
| Renaming methods | • Prompt : the user is prompted to enter the device name • Template : the device name is composed with arbitrary text and Product Name and/or Serial Number informations • CSV : the device name is retrieved from a Placeholders CSV table stored inside the Content package |
| Device name case | A lowercase or uppercase conversion can be enforced whatever renaming method is used |
| Device name lenght | A maximal lenght can be enforced whatever renaming method is used |
| FileWave specific capacities | |
| Built-in fields and custom fields | • The user can be prompted to enter an arbitrary text for the “Building” field or the “Comment” field or the “Department” field or the “Enrollment Username” field or the “Location” field or a pre-defined custom field • The user can be prompted to select values from menus mapped to built-in fields or custom fields • These values are stored in the device’s inventory |
| MDM command | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled |
| Hexnode UEM specific capacities | |
| Built-in attributes | • The user can be prompted to enter an arbitrary text for the “Asset Tag” field or the “Department” field or the “Description” field or the “Notes” field • The user can be prompted to select values from menus mapped to built-in attributes • These values are stored in the device’s inventory |
| MDM command | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled |
| Jamf Pro specific capacities | |
| Built-in attributes and Extension attributes | • The user can be prompted to enter an arbitrary text for the “Asset Tag” field or the “Building” field or the “Department” field or the “Room” field or the “Site” field or a pre-defined extension attribute field • The user can be prompted to select values from menus mapped to built-in attributes or extension attributes • These values stored in the device’s inventory may be used as criteria for Smart groups (Classic API) |
| Automated menu filling | The menus used to select a site, a building or a department can be dynamically filled by the items available for these objects (Classic API) |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM (Classic API) • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled (Classic API) • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (Classic API) • Setup en masse : a Return to Service command can be sent to provide the device with all the information it needs to be erased and re-enrolled using Automated Device Enrollment (Jamf Pro API) |
| Jamf School specific capacities | |
| Asset Tag and Notes | The user can be prompted to enter the Asset Tag and Notes that are stored in the device’s inventory and may be used as criteria for Smart groups |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed |
| JumpCloud specific capacities | |
| Description | The user can be prompted to enter the Description that is stored in the device’s inventory (API v1) |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM (API v1) • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled (API v1) • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API v2) |
| Meraki Systems Manager specific capacities | |
| Tags and Notes | The user can be prompted to enter the Tags and Notes that are stored in the device’s inventory (API v1) |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API v1) |
| Microsoft Intune specific capacities | |
| Notes | The user can be prompted to enter the Notes that are stored in the device’s inventory (API Graph Beta) |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API Graph Beta) |
| Miradore specific capacities | |
| Built-in attributes and Custom attributes | • The user can be prompted to enter an arbitrary text for the “Category” field or the “Location” field or the “Organization” field or the “Tags” field or the “Email” field or the “User’s full name” field or a pre-defined custom attribute field • The user can be prompted to select values from menus mapped to built-in attributes or custom attributes |
| Automated menu filling | The menus used to select a category, a location, an organization or an email can be dynamically filled by the items available for these objects |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled |
| Mosyle Business specific capacities | |
| Asset Tag and Tags | The user can be prompted to enter the Asset Tag and Tags that are stored in the device’s inventory and may be used as criteria for Smart groups (API v1) |
| MDM command | Replacement : an erase command can be sent to the current device after the new device is enrolled (API 1) |
| Mosyle Manager specific capacities | |
| Asset Tag and Tags | The user can be prompted to enter the Asset Tag and Tags that are stored in the device’s inventory and may be used as criteria for Smart groups (API v2) |
| MDM command | Replacement : an erase command can be sent to the current device after the new device is enrolled (API 2) |
| SimpleMDM specific capacities | |
| Custom attributes | • The user can be prompted to enter an arbitrary text for a pre-defined custom attribute • The user can be prompted to select values from menus mapped to custom attributes • These values are stored in the device’s inventory and may be used as key values inside Configuration profiles (API v1) |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled (API v1) |
| VMware Workspace ONE UEM specific capacities | |
| Built-in attributes and Custom attributes | • The user can be prompted to enter an arbitrary text for the “Asset Number” field or a new note within the “Notes” array or a pre-defined custom attribute field • The user can be prompted to select values from menus mapped to custom attributes • These values are stored in the device’s inventory (REST API) |
| MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled (REST API) |
| Software dependencies | |
| Graphical user interface | • Telepod relies on swiftDialog or DEPNotify to provide a graphical user interface • swiftDialog or DEPNotify is dynamically downloaded from the editor’s website |
| Apple Configurator | • Apple Configurator 2 must be installed on the Mac host prior the execution of Telepod • No user interaction with Apple Configurator 2 is required |
| Device model identification | • The conversion of the device type to the device model is based on this project • The table is automatically downloaded from GitHub each Telepod is executed |
| Implementation | |
| Localization | • Telepod is fully localizable to match the preferred language of the logged in user • The localization is mostly based on building a custom PO file from a template POT file • A PO file for French language is provided |
| Configuration | • Telepod is configured with one property list file for the main settings and the workflows made available to the Mac host • This file is received from the MDM as a Configuration profile and Telepod waits for its reception before proceeding |
| Content | • Content is pictures, files, identities, certificates and bundles referenced in the Telepod configuration file(s), wrapped in an signed package • The Content package is installed from the MDM and Telepod waits for its installation before proceeding |
| Distribution point | • Backups can be stored centrally in a distribution point, so they are globally available • The distribution point must be accessible with SMB or FTP protocol by a service account • The backups retrieved from the distribution point are cached on the Mac host • Caching relies on a synchonization process, so the cached backup always reflects the latest version available in the distribution point when the workflow is executed |
| Logs | • By default, Telepod is executed silently and does not produce Logs • The production of Logs, used for debugging purposes and stored only locally on the Mac host, must be explicitly requested |
| Trust | • Telepod-Core and Telepod-App are signed and notarized, so you are confident that these softwares have been checked for any malicious code • Agnosys can sign your Telepod-Content package if necessary as part of a support action |
| macOS compatibility | Telepod is currently compatible with macOS 14 (Sonoma), macOS 13 (Ventura), macOS 12 (Monterey) and macOS 11 (Big Sur) |
| Processor compatibility | Telepod is compatible with Apple silicon and Intel processors |
