Working with a school district that owns approximately 5000 Apple iPads. At this time, the school district does not have an MDM system in place. The school district also does not have an inventory of the MAC addresses for the iPads they own. For each classroom cart containing 25-30 iPads, there is an Apple Macbook loaded with Apple Configurator used to administer the iPads for the classroom.
Question 1: What would be a recommended method suited for large scale iPad deployment to issue a certificate from a Microsoft CA for each iPad?
1) Create a unique user object for each iPad in Active Directory and manually enroll each iPad using the ISE onboard process? Each iPad certificate would have a unique CN and the MAC address as the SAN.
2) Create a unique user object representing a single classroom in a school where the naming convention as an example could be, <Facility ID>-IPAD-<Classroom Identifier> and manually enroll each iPad using the ISE onboard process? Each iPad in a single classroom would have a certificate with the same CN and the MAC address as the SAN.
3) Not use the ISE enrollment process, and have the organization purchase an MDM and use the MDM to generate a certificate and WiFi EAP-TLS profile for each iPad to authenticate?
4) A different method?
Question 2: Does Apple configurator (or another commercial software utility) have the capability to simplify the enrollment process without having to manually touch thousands of iPads, or will this be a large team effort to get this done.
If leverage the same username, then you are bound to a device registration limit by user.so be sure to set limit to match class size if you were to employ this option (Administration > Device Portal Management > Settings). Using MS CA is also fine. Need to decide who will manage certs and if expect certs for individual users or classes to be managed out of AD or ISE. In case of AD CA, you must revoke certs from its interface vs ISE. If ISE is CA, then certs are issued and optionally revoked automatically when devices reported as Stolen.