Top

Telepod – Capacities – EN

Capacities

The capacities listed below are the ones that are currently actively supported by Telepod.

Any idea to enrich Telepod capacities or being able to adopt Telepod ? Feel free to send a feature request via the form available on the Introduction page.

Key points
Telepod Setup license
Workflows supported
• Setup : a new device is set up from the backup of another device acting as a model
• Backup : a device acting as a model is backed up, so other new devices can be set up
Telepod Switch license
Workflows supported
• Replacement :
– Device switching : a current device is replaced by a new device, managed by the current MDM
– MDM switching : a current device is replaced by a new device, managed by the new MDM
• Setup : a new device is set up from the backup of another device acting as a model
• Backup : a device acting as a model is backed up, so other new devices can be set up
Enrollment methods • The prepared iOS device can be enrolled in an MDM using Device Enrollment (no-ADE capable device) or Automated Device Enrollment (ADE capable device)
• In the context of Device Enrollment, enrollment can be managed via an Apple Configurator URL, an enrollment profile or an enrollment URL (from most preferred method to least preferred method)
Supervision • In the context of Automated Device Enrollment, device supervision is enabled through the appropriate enrollment profile ; with iOS 13 and later, supervision is forcibly enabled
• In the context of Device Enrollment, if the backup to be restored comes from a supervised device, device supervision is enabled using a Supervision identity (private key and certificate) or a Supervision certificate (certificate only)
Execution
Starting • Telepod is executed on demand on a Mac host from the Self Service of the MDM in which the computer is enrolled
• When the MDM does not offer this type of execution, an alternative is to run Telepod on demand from a Munki instance
• The workflow to be executed is selected from a list if several are available
Allowed time slots • Telepod execution can be restricted to allowed time slots, aimed to reflect the availability of the IT Support
• A slot is defined for each day by one or several ranges of time
• Each slot is intended to be associated with a specific time zone, except the fallback slot that applies to all Mac hosts which time zone is not supported
Disallowed processes Telepod can forcibly killed listed processes to ensure that another tool cannot interfere with the operations it performs on a device
Power management • Telepod execution can require that the device be connected to AC Power
• Telepod can be allowed to be executed while the device is on Battery Power and optionally only if the battery charge exceeds a required minimum
Activation Lock Telepod detects that the device to be prepared is locked to owner and invites the user to clear the Activation Lock, so the workflow can proceed
Prohibited pairing • Telepod detects that the device is not allowed to pair with the Mac host because pairing is prohibited by an MDM profile
• In this situation, Telepod attempts to force the pairing using a Supervision identity
iOS Update • Telepod detects that the connected device must be updated, so its system version is greater than or equal the system version associated to the datas to be restored
• Telepod knows which most recent OS version can be installed on the connected device
• When a device is updated, the latest version of iOS or iPadOS is installed
Storage requirements • Telepod attempts to check that the internal storage offers the free space required to backup a device
• If allowed, Telepod can delete the backups of other devices to free up space
Slack / Microsoft Teams Integrations • Telepod can report to a dedicated channel the successive status of a running workflow
• Messages can be customized with strings, expected variables and emojis
• This integration requires the implementation of Slack Incoming Webhooks and Microsoft Teams Incoming Webhooks
Configurations
Privileges
[Backup] [Replacement]
Allow to delete the backups of other devices : to delete if necessary the local backups of other devices to free space for the backup of the connected device
Privileges
[Replacement] [Setup]
Allow to restore a backup on another device class : to allow to restore a backup made from a device of a device class (e.g. iPad) on a device of another device class (e.g. iPhone)
Settings
[Backup]
Require the current device to be confirmed : to require the confirmation that the connected device is the device to be backed up
Settings
[Replacement]
• Action on the current device after it has been backed up : no action / unenroll / erase
• Action on the current device after the new device is enrolled : no action / unenroll / erase
• Delete the backup of the current device after the new device is enrolled : yes / no
• Require the current device to be confirmed : to require the confirmation that the connected device is the current device to be replaced
• Require the new device to be confirmed : to require the confirmation that the connected device is the new device to be restored with the backup of the current device
• Restore the Operating System : never / if required / always
Settings
[Setup]
• Require the new device to be confirmed : to require the confirmation that the connected device is the new device to be restored with the backup
• Restore the Operating System : never / if required / always
Backup password
[Backup] [Replacement]
• The backup password used to encrypt the local backup of the device can be set in the configuration of the workflow or entered interactively
• Once the first encrypted local backup of the device has been completed, the backup password is escrowed on the device and subsequent backups are encrypted based on this last
• Telepod does not interfere with the backup password already defined on the device
• Telepod asks the user to type the backup password if it is unknown when it is required
Copy of inventory values
[Replacement] [Setup]
• The copy of inventory values is based on the declaration of mappings that associate carefully the name of a source attribute with the name of a destination attribute
• In the context of a workflow of type Replacement configured for a device switching, the value of the source attribute is pulled from the inventory of the replaced device enrolled in the current MDM
• In the context of a workflow of type Replacement configured for an MDM switching, the value of the source attribute is pulled from the inventory of the replaced device enrolled in the previous MDM
• In the context of a workflow of type Setup, the value of the source attribute is pulled from the existing inventory of the device if it was previously enrolled in the MDM
• All migrated values are eventually treated as strings
Device Use Agreement
[Replacement] [Setup]
The organization can ask the user to accept certain agreement conditions to use the device
Configuration profiles
[Replacement] [Setup]
• A Wi-Fi configuration profile can be installed silently after the new device has been restored and before it is enrolled (onboarding network expected)
• Other configuration profiles can be installed after the new device is enrolled ; the installation does not require a user interaction if the new device is supervised
Automatic opening of an application
[Backup] [Replacement] [Setup]
An app can be opened once Telepod is exited
Automatic opening of a Web page
[Backup] [Replacement] [Setup]
A Web page can be opened by the default Web browser of the logged in user once Telepod is exited
Device renaming
Renaming methods • Prompt : the user is prompted to enter the device name
• Template : the device name is composed with arbitrary text and Product Name and/or Serial Number informations
• CSV : the device name is retrieved from a Serial Number / Device name CSV table stored inside the Content package
Device name case A lowercase or uppercase conversion can be enforced whatever renaming method is used
Device name lenght A maximal lenght can be enforced whatever renaming method is used
Hexnode UEM specific capacities
Built-in attributes • The user can be prompted to enter an arbitrary text for the “Asset Tag” field or the “Department” field or the “Description” field or the “Notes” field
• The user can be prompted to select values in up to four fully customizable menus mapped to built-in attributes
• These values are stored in the device’s inventory
MDM command An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled
Jamf Pro specific capacities
Built-in attributes and Extension attributes • The user can be prompted to enter an arbitrary text for the “Asset Tag” field or the “Building” field or the “Department” field or the “Room” field or the “Site” field or a pre-defined extension attribute field
• The user can be prompted to select values in up to four fully customizable menus mapped to built-in attributes or extension attributes
• These values stored in the device’s inventory may be used as criteria for Smart groups (Classic API)
Automated menu filling The menus used to select a site, a building or a department can be dynamically filled by the items available for these objects (Classic API)
MDM commands • An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled
• An erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (Classic API)
Jamf School specific capacities
Asset Tag and Notes The user can be prompted to enter the Asset Tag and Notes that are stored in the device’s inventory and may be used as criteria for Smart groups
MDM commands • An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled
• An erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed
JumpCloud specific capacities
Description The user can be prompted to enter the Description that is stored in the device’s inventory (API v1)
MDM commands • An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled (API v1)
• An erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API v2)
Meraki Systems Manager specific capacities
Tags and Notes The user can be prompted to enter the Tags and Notes that are stored in the device’s inventory (API v1)
MDM commands • An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled
• An erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API v1)
Microsoft Intune specific capacities
Notes The user can be prompted to enter the Notes that are stored in the device’s inventory (API Graph Beta)
MDM commands • An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled
• An erase command can be sent to the current device after the new device is enrolled (API Graph Beta)
Mosyle Business specific capacities
Asset Tag and Tags The user can be prompted to enter the Asset Tag and Tags that are stored in the device’s inventory and may be used as criteria for Smart groups (API v1)
MDM command An erase command can be sent to the current device after the new device is enrolled (API 1)
Mosyle Manager specific capacities
Asset Tag and Tags The user can be prompted to enter the Asset Tag and Tags that are stored in the device’s inventory and may be used as criteria for Smart groups (API v2)
MDM command An erase command can be sent to the current device after the new device is enrolled (API 2)
SimpleMDM specific capacities
Custom attributes • The user can be prompted to enter an arbitrary text for a pre-defined custom attribute
• The user can be prompted to select values in up to four fully customizable menus mapped to custom attributes
• These values are stored in the device’s inventory and may be used as key values inside Configuration profiles (API v1)
MDM commands • An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled
• An erase command can be sent to the current device after the new device is enrolled (API v1)
VMware Workspace ONE UEM specific capacities
Built-in attributes and Custom attributes • The user can be prompted to enter an arbitrary text for the “Asset Number” field or a new note within the “Notes” array or a pre-defined custom attribute field
• The user can be prompted to select values in up to four fully customizable menus mapped to custom attributes
• These values are stored in the device’s inventory (REST API)
MDM commands • An unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled
• An erase command can be sent to the current device after the new device is enrolled (REST API)
Software dependencies
Graphical user interface • Telepod relies on DEPNotify to provide a graphical user interface
• DEPNotify is dynamically downloaded from the editor’s website
Apple Configurator • Apple Configurator 2 must be installed on the Mac host prior the execution of Telepod
• No user interaction with Apple Configurator 2 is required
API calls JQ is invoked to parse JSON datas received from the MDM if applicable
• JQ is automatically downloaded from GitHub
• JQ is required with Hexnode UEM, JumpCloud and VMware Workspace ONE
• With other supported MDM solutions, if JQ is not available, standard Shell commands are used as a fallback
Device model identification • The conversion of the device type to the device model is based on this project
• The table is automatically downloaded from GitHub each Telepod is executed
Implementation
Localization • Telepod is fully localizable to match the preferred language of the logged in user
• The localization is mostly based on building a custom PO file from a template POT file
• A PO file for French language is provided
Configuration • Telepod is configured with one property list file for the main settings and the workflows made available to the Mac host
• This file is received from the MDM as a Configuration profile and Telepod waits for its reception before proceeding
Content • Content is pictures, files, identities, certificates and bundles referenced in the Telepod configuration file(s), wrapped in an signed package
• The Content package is installed from the MDM and Telepod waits for its installation before proceeding
Distribution point • Backups can be stored centrally in a distribution point, so they are globally available
• The distribution point must be accessible with SMB or FTP protocol by a service account
• The backups retrieved from the distribution point are cached on the Mac host
• Caching relies on a synchonization process, so the cached backup always reflects the latest version available in the distribution point when the workflow is executed
Logs • By default, Telepod is executed silently and does not produce Logs
• The production of Logs, used for debugging purposes and stored only locally on the Mac host, must be explicitly requested
Trust • Telepod-Core is signed and notarized, so you are confident that the software has been checked for any malicious code
• Agnosys can sign your Content package if necessary as part of a support action
macOS compatibility Telepod is currently compatible with macOS 13 (Ventura), macOS 12 (Monterey) and macOS 11 (Big Sur)
Processor compatibility Telepod is compatible with Apple silicon and Intel processors