Capabilities
The capabilities listed below are the ones that are currently actively supported by Telepod.
Any idea to enrich Telepod capabilities or being able to adopt Telepod ? Feel free to send a feature request via the form available on the Introduction page.
Licenses | |
Telepod Setup Workflows supported |
• Setup : a device is configured, possibly from the backup of another device serving as a template • Sorting : devices are inspected in batches, mainly for inventory and battery diagnostic • Backup : a device is backed up, then the backup is used as a template for other devices |
Telepod Setup Enmasse Workflows supported |
• Setup : a device is configured, possibly from the backup of another device serving as a template • Setup en masse : devices are configured in batches, possibly from the backup of another device serving as a template • Sorting : devices are inspected in batches, mainly for inventory and battery diagnostic • Backup : a device is backed up, then the backup is used as a template for other devices |
Telepod Switch Workflows supported |
• Migration : a device is migrated from one MDM to another MDM • Replacement : – Device switching : a current device is replaced by a new device, managed by the current MDM – MDM switching : a current device is replaced by a new device, managed by the new MDM • Setup : a device is configured, possibly from the backup of another device serving as a template • Sorting : devices are inspected in batches, mainly for inventory and battery diagnostic • Backup : a device is backed up, then the backup is used as a template for other devices |
Telepod Sorting Workflow supported |
• Sorting : devices are inspected in batches, mainly for inventory and battery diagnostic |
Execution | |
Starting | • Telepod is executed on demand on a Mac host from the Self Service of the MDM in which the computer is enrolled • When the MDM does not offer this type of execution, an alternative is to run Telepod on demand from the Telepod application (administrative privileges required) or a Munki instance • The workflow to be executed is selected from a list if several are available |
DFU mode activation [Setup en masse] [Sorting] |
• This capability requires a Mac host with Apple silicon and iOS devices with a USB-C connector • The DFU Mode activation pane appears during the workflow initialization and lists all devices connected while it remains open, marking devices detected in DFU Mode with a « DFU » icon • Connect a device to the Mac host’s DFU port to put it into DFU Mode ; once it shows up in the list as being in DFU Mode, transfer it to the hub before connecting the next device • Once all desired devices are in DFU Mode and connected to the hub, proceed to start the workflow • Any device connected to the hub in DFU Mode will have its operating system forcibly restored to the latest version |
Allowed time slots | • Telepod execution can be restricted to allowed time slots, aimed to reflect the availability of the IT Support • A slot is defined for each day by one or several ranges of time • Each slot is intended to be associated with a specific time zone, except the fallback slot that applies to all Mac hosts which time zone is not supported |
Disallowed processes | Telepod can forcibly kill listed processes to ensure that another tool cannot interfere with the operations it performs on a device |
Power management | • Telepod execution can require that the device be connected to AC Power • Telepod can be allowed to be executed while the device is on Battery Power and optionally only if the battery charge exceeds a required minimum |
Automatic opening of an application | An app can be opened once Telepod is exited |
Automatic opening of a Web page | A Web page can be opened by the default Web browser of the logged in user once Telepod is exited |
User support | • The Help pane can display both a message and an image, with the message being localizable in multiple languages • The image displayed can either be a standard image or a QR code, which can be shown in any RGB color • When scanned from a mobile device, the QR code should either redirect to a support page or open a pre-filled email addressed to the support team ; the pre-filled email includes a subject, a body, and optional information such as the computer name, serial number, model name, hardware UUID, and macOS version |
Safeguards | |
Activation Lock | Telepod detects that the device to be prepared is locked to owner and invites the user to clear the Activation Lock, so the workflow can proceed |
Prohibited pairing | • Telepod detects that the device is not allowed to pair with the Mac host because pairing is prohibited by an MDM profile • In this situation, Telepod attempts to force the pairing using a Supervision identity |
Storage requirements | • Telepod attempts to check that the internal storage offers the free space required to backup a device • If allowed, Telepod can delete the backups of other devices to free up space |
Integrations | |
Slack / Microsoft Teams Integrations | • Telepod can report to a dedicated channel the successive status of a running workflow • Messages can be customized with strings, expected variables and emojis • This integration requires the implementation of Slack Incoming Webhooks, or a Teams workflow of the type « Post to a channel when a webhook request is received » |
Device physical location [Setup en masse] [Sorting] |
• The device pane can display dynamically on which hub and on which port of this hub the selected device is physically connected • When using non-manageable hubs or unsupported manageable hubs, a CSV file referencing the available slots in the USB tree must be created manually following provided instructions |
Reporting | |
Battery data | • Telepod can report battery cycle count and battery health (full charge capacity relative to design capacity) • An alert message is sent via Slack / Microsoft Teams integrations when a certain number of battery cycles is exceeded or when the battery health falls below a certain percentage, both values being freely defined at workflow level |
Database and exports [Setup en masse] [Sorting] |
• Each time a device is prepared, its entry in the main database in XML format is updated with the latest informations collected, including the history of the battery data • A file in CSV format can be automatically produced from this main database when the workflow is stopped, containing either the records of all the devices, or only the records of the devices prepared during the last workflow |
Tasks | |
Operating System restoration | • OS restoration can be set to « always », « if available », « if required » or « never » • Always : OS is restored regardless regardless of the current version installed • If available : OS is restored if an update is available • If required : OS is restored if the current version is lower than the OS version of the device used to create the backup to be restored • Never : OS is not allowed to be updated • Telepod knows which most recent OS version can be installed on a connected device • When a device is updated, the latest version of iOS or iPadOS is installed |
Backup password [Backup] [Migration Back to my device] [Replacement] |
• The backup password used to encrypt the local backup of the device can be set in the configuration of the workflow or entered interactively • Once the first encrypted local backup of the device has been completed, the backup password is escrowed on the device and subsequent backups are encrypted based on this last • Telepod does not interfere with the backup password already defined on the device • Telepod asks the user to type the backup password if it is unknown when it is required |
Enrollment methods | • Depending on the workflow, the prepared iOS device can be enrolled in an MDM using Device Enrollment (no-ADE capable device) or Automated Device Enrollment (ADE capable device) • In the context of Device Enrollment, enrollment can be managed via an enrollment profile, an enrollment URL or an Apple Configurator URL |
Supervision | • In the context of Automated Device Enrollment, device supervision is enabled through the appropriate enrollment profile ; with iOS 13 and later, supervision is forcibly enabled • In the context of Device Enrollment, device supervision is enabled using a Supervision identity (private key and certificate) or a Supervision certificate (certificate only) |
Inventory values [Migration] [Migration Back to my device] [Replacement] |
• Inventory values are copied based on the declaration of mappings that associate carefully the name of a source attribute with the name of a destination attribute • In the context of an MDM Switching, the value of the source attribute is pulled from the inventory of the device enrolled in the current MDM • In the context of a Replacement, the value of the source attribute is pulled from the inventory of the replaced device • All values are treated as strings |
Inventory values [Setup] [Setup en masse] |
• Inventory values are provisioned based on the declaration of attributes that are read from the MDM and written to the same MDM • The value of an attribute is pulled from the existing inventory of the device if it was previously enrolled in the MDM • In the context of a workflow of type Setup en masse, the uploaded values can possibly be retrieved per device from a Placeholders CSV table stored inside the Content package • All values are treated as strings |
Device Use Agreement [Migration] [Migration Back to my device] [Replacement] [Setup] [Setup en masse] |
The organization can ask the user to accept on the Mac host certain agreement conditions to use the device(s) |
Configuration profiles [Migration] [Migration Back to my device] [Replacement] [Setup] [Setup en masse] |
• A Wi-Fi configuration profile can be installed silently after the new device has been prepared and before it is enrolled (onboarding network expected) • Other configuration profiles can be installed after the new device is enrolled ; the installation does not require a user interaction if the new device is supervised |
Documents [Migration] [Migration Back to my device] [Replacement] [Setup] [Setup en masse] |
Documents can be provisioned silently in built-in apps or apps installed by the MDM after the new device is enrolled |
Wallpaper [Migration] [Migration Back to my device] [Replacement] [Setup] [Setup en masse] |
• The Home screen and the Lock screen can be installed silently after the new device is enrolled • The device class, the serial number and a username can be added to the specified text displayed in the middle of the Lock screen |
Digital signage [Setup] [Setup en masse] |
• Customized texts can be inlaid into wallpapers used for home screen and lock screen • The font and color of the text are configured at the workflow level for the prepared device(s) • Digital signage data is defined in a dedicated pane for the Setup workflow, and uploaded via a CSV file for the Setup en masse workflow |
Language and Region [Setup en masse] |
• The language and region are configured at the workflow level for all prepared devices • The language and region can possibly be customized per device from values retrieved from a Placeholders CSV table stored inside the Content package |
Battery charging [Setup en masse] [Sorting] |
• The battery charging task waits for the charge to reach a targeted level before its status is set to completed • The maximum waited battery charge is 100% for an iPad or an iPod, whereas it is 80% for an iPhone because Optimised Battery Charging is enabled by default |
Shutdown [Setup en masse] [Sorting] |
The device can be switched off once preparation is complete |
Device renaming | |
Renaming methods | • Prompt : the user is prompted to enter the device name • Template : the device name is composed with arbitrary text and Product Name and/or Serial Number informations • CSV : the device name is retrieved from a Placeholders CSV table stored inside the Content package |
Device name case | A lowercase or uppercase conversion can be enforced whatever renaming method is used |
Device name length | A maximal length can be enforced whatever renaming method is used |
Configurations | |
Privileges [Backup] [Migration Back to my device] [Replacement] |
Allow to delete the backups of other devices : to delete if necessary the local backups of other devices to free space for the backup of the connected device |
Privileges [Replacement] [Setup] [Setup en masse] |
Allow to restore a backup on another device class : to allow to restore a backup made from a device of a device class (e.g. iPad) on a device of another device class (e.g. iPhone) |
Settings [Backup] |
Require the current device to be confirmed : to require the confirmation that the connected device is the device to be backed up |
Settings [Migration] |
Require the current device to be confirmed : to require the confirmation that the connected device is the device to be migrated |
Settings [Migration Back to my device] |
• Delete the backup of the pivot device after the device to be migrated is enrolled : to delete the user data stored on the Mac host as soon as the migration is completed • Require the current device to be confirmed : to require the confirmation that the connected device is the device to be migrated • Restore the Operating System : never / if required / if available / always |
Settings [Replacement] |
• Action on the current device after it has been backed up : no action / unenroll / erase • Action on the current device after the new device is enrolled : no action / unenroll / erase • Delete the backup of the current device after the new device is enrolled : yes / no • Require the current device to be confirmed : to require the confirmation that the connected device is the current device to be replaced • Require the new device to be confirmed : to require the confirmation that the connected device is the new device to be restored with the backup of the current device • Restore the Operating System : never / if required / if available / always • Set up the new device as a personal device : to set up the new device as a personal device that must remain unsupervised and unenrolled at the end of the workflow ; the use case is a user bringing a personal device to IT Support for a data transfer from their corporate device when leaving the organization |
Settings [Setup] |
• Require the new device to be confirmed : to require the confirmation that the connected device is the new device to be prepared • Restore the Operating System : never / if required / if available / always |
Settings [Setup en masse] |
• Refresh using Return to Service : to trigger a « Device refresh » task using Return to Service when requirements are met, instead of a « Device restore » task • Restore the Operating System : never / if required / if available / always |
Settings [Sorting] |
• Restore the Operating System : never / if available / always |
FileWave specific capabilities | |
Built-in fields and custom fields | • The user can be prompted to enter an arbitrary text for the « Building » field or the « Comment » field or the « Department » field or the « Enrollment Username » field or the « Location » field or a pre-defined custom field • The user can be prompted to select values from menus mapped to built-in fields or custom fields • These values are stored in the device’s inventory |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled • Setup en masse : a Return to Service command can be sent to provide the device with all the information it needs to be erased and re-enrolled using Automated Device Enrollment |
Hexnode UEM specific capabilities | |
Built-in attributes | • The user can be prompted to enter an arbitrary text for the « Asset Tag » field or the « Department » field or the « Description » field or the « Notes » field • The user can be prompted to select values from menus mapped to built-in attributes • These values are stored in the device’s inventory |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled |
Jamf Pro specific capabilities | |
Built-in attributes and Extension attributes | • The user can be prompted to enter an arbitrary text for the « Asset Tag » field or the « Building » field or the « Department » field or the « Room » field or the « Site » field or the « Username » field or a pre-defined extension attribute field • The user can be prompted to select values from menus mapped to built-in attributes or extension attributes • These values stored in the device’s inventory may be used as criteria for Smart groups (Jamf Pro API and Classic API) |
Automated menu filling | The menus used to select a site, a building or a department can be dynamically filled by the items available for these objects (Classic API) |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM (Classic API) • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled (Classic API) • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (Classic API) • Setup en masse : a Return to Service command can be sent to provide the device with all the information it needs to be erased and re-enrolled using Automated Device Enrollment (Jamf Pro API) |
Jamf School specific capabilities | |
Asset Tag and Notes | The user can be prompted to enter the Asset Tag and Notes that are stored in the device’s inventory and may be used as criteria for Smart groups |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed |
JumpCloud specific capabilities | |
Description | The user can be prompted to enter the Description that is stored in the device’s inventory (API v1) |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM (API v1) • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled (API v1) • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API v2) |
Meraki Systems Manager specific capabilities | |
Tags and Notes | The user can be prompted to enter the Tags and Notes that are stored in the device’s inventory (API v1) |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API v1) |
Microsoft Intune specific capabilities | |
Notes | The user can be prompted to enter the Notes that are stored in the device’s inventory (API Graph Beta) |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled ; a tentative to clear the Activation Lock is performed (API Graph Beta) |
Miradore specific capabilities | |
Built-in attributes and Custom attributes | • The user can be prompted to enter an arbitrary text for the « Category » field or the « Location » field or the « Organization » field or the « Tags » field or the « Email » field or the « User’s full name » field or a pre-defined custom attribute field • The user can be prompted to select values from menus mapped to built-in attributes or custom attributes |
Automated menu filling | The menus used to select a category, a location, an organization or an email can be dynamically filled by the items available for these objects |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled |
Mosyle Business specific capabilities | |
Asset Tag and Tags | The user can be prompted to enter the Asset Tag and Tags that are stored in the device’s inventory and may be used as criteria for Smart groups (API v1) |
MDM commands | • Replacement : an erase command can be sent to the current device after the new device is enrolled • Setup en masse : a Return to Service command can be sent to provide the device with all the information it needs to be erased and re-enrolled using Automated Device Enrollment or Device Enrollment (API 1) |
Mosyle Manager specific capabilities | |
Asset Tag and Tags | The user can be prompted to enter the Asset Tag and Tags that are stored in the device’s inventory and may be used as criteria for Smart groups (API v2) |
MDM commands | • Replacement : an erase command can be sent to the current device after the new device is enrolled • Setup en masse : a Return to Service command can be sent to provide the device with all the information it needs to be erased and re-enrolled using Automated Device Enrollment or Device Enrollment (API 2) |
SimpleMDM specific capabilities | |
Custom attributes | • The user can be prompted to enter an arbitrary text for a pre-defined custom attribute • The user can be prompted to select values from menus mapped to custom attributes • These values are stored in the device’s inventory and may be used as key values inside Configuration profiles (API v1) |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled (API v1) |
VMware Workspace ONE UEM specific capabilities | |
Built-in attributes and Custom attributes | • The user can be prompted to enter an arbitrary text for the « Asset Number » field or a new note within the « Notes » array or a pre-defined custom attribute field • The user can be prompted to select values from menus mapped to custom attributes • These values are stored in the device’s inventory (REST API) |
MDM commands | • Migration : an unenroll command can be sent to the device to unenroll it from the current MDM • Replacement : an unenroll command can be sent to the current device after it has been backed up or after the new device is enrolled • Replacement : an erase command can be sent to the current device after the new device is enrolled • Setup en masse : a Return to Service command can be sent to provide the device with all the information it needs to be erased and re-enrolled using Automated Device Enrollment (REST API) |
Software dependencies | |
Graphical user interface | • Telepod relies on swiftDialog or DEPNotify to provide a graphical user interface • swiftDialog or DEPNotify is dynamically downloaded from the editor’s website |
QR code generation | Telepod relies on libqrencode to generate the QR code which can be displayed in the Help pane |
Apple Configurator | • Apple Configurator 2 must be installed on the Mac host prior the execution of Telepod • No user interaction with Apple Configurator 2 is required |
Battery reporting | • The capability to report battery cycle count and battery health is based on the libimobiledevice library • The library is automatically installed via Homebrew when it is detected as missing at launch |
DFU Mode activation | Telepod relies on macvdmtool to put a device into DFU mode |
Digital signage | • The capability to overlay customized texts in wallpapers is based on the imagemagick and ghostscript library • These libraries are automatically installed via Homebrew when they are detected as missing at launch |
Device model identification | • The conversion of the device type to the device model is based on this project • The table is automatically downloaded from GitHub each time Telepod is executed |
Implementation | |
Localization | • Telepod is fully localizable to match the preferred language of the logged in user • The localization is mostly based on building a custom PO file from a template POT file • A PO file for French language is provided |
Configuration | • Telepod is configured with one property list file for the main settings and the workflows made available to the Mac host • This file is received from the MDM as a Configuration profile and Telepod waits for its reception before proceeding |
Content | • Content is pictures, files, identities, certificates and bundles referenced in the Telepod configuration file(s), wrapped in an signed package • The Content package is installed from the MDM and Telepod waits for its installation before proceeding |
Distribution point | • Backups can be stored centrally in a distribution point, so they are globally available • The distribution point must be accessible with SMB or FTP protocol by a service account • The backups retrieved from the distribution point are cached on the Mac host • Caching relies on a synchonization process, so the cached backup always reflects the latest version available in the distribution point when the workflow is executed |
Logs | • By default, Telepod is executed silently and does not produce Logs • The production of Logs, used for debugging purposes and stored only locally on the Mac host, must be explicitly requested |
Trust | • Telepod-Core and Telepod-App are signed and notarized, so you are confident that these softwares have been checked for any malicious code • Agnosys can sign your Telepod-Content package if necessary as part of a support action |
macOS support | Telepod supports macOS 15 (Sequoia), macOS 14 (Sonoma), macOS 13 (Ventura) and macOS 12 (Monterey) |
iOS and iPadOS support | Telepod supports versions 12 to 18 of iOS and iPadOS |
Processor support | Telepod supports Apple silicon and Intel processors |