Apple's new Return to Service feature—which Kandji now supports—is a boon to you as an admin because it solves several specific problems that had previously demanded onerous manual interventions. It'll save you time on resetting devices and readying them for new users—and it can even help you migrate your fleet from one MDM solution to another. That means you'll be freer to focus on more important business. Here's how.
Return to Service Use Cases
When do you want to use Return to Service? There are two primary use cases.
The first is managing single-purpose kiosk-type devices. Think iPad deployed in conference rooms to manage online meetings or those used in retail to help customers find products or check out.
The second is temporary ownership: a device assigned to one user for a period of time and then assigned to another. Shift workers who pick up a device at the beginning of their day and hand it back in before leaving is the classic example.
Other common cases: Some hospitals provide patients with bedside devices for the duration of their stays, allowing for things like video calls with family, care team members, or interpreters. Hotels often provide similar perks for their guests. In these and similar cases, Return to Service is an excellent workflow for iPad and iPhone devices assigned to a particular person for the short term.
(It's important to distinguish this use case from the iPad-only Shared iPad feature, in which multiple users share a single iPad repeatedly. In that case, users log in to Shared iPad with Managed Apple IDs; their separate accounts are persistent with their own data stores and settings saved from session to session.)
The advantage of Return to Service here is speed and convenience. Instead of hospital staff needing to reset devices manually after patients check out or hotel staff doing the same after guests leave, Return to Service allows you to remotely reset devices so they're quickly ready for the following user without the need to plug them in anywhere or having to interact with them physically. The workflow requires fewer IT hands to get devices back into service.
That, in turn, translates into savings in money and time. If you assume that manually reprovisioning can take 10 minutes per device, then multiply that time by the number of devices that need to be reprovisioned, then multiply that by your IT staff's hourly wages, you can see the potential to save real money.
Some organizations invest in specialized USB sync stations, which can execute the equivalent of Return to Service via an attached Mac on multiple devices simultaneously, essentially trading money for time. Return to Service eliminates the need for such specialized equipment and for someone on staff to collect the devices and plug them all in.
There are also the opportunity costs. Every time someone has to manually reset a device—to physically go to a device and tap on its screen during the setup process—that's likely a waste of their time. These people have other jobs, such as cleaning rooms, helping patients, or running a retail store. They can't do that if they're busy resetting iPhone or iPad devices.
Other Uses for Return to Service
Return to Service has other applications for IT that might not have been part of Apple's original design intention—but they're real and could significantly streamline common IT workflows.
Migrating to a New MDM
The first 'off-label' use case is a game changer: You can use Return to Service to easily migrate devices remotely from one MDM solution to another.
For that to work, you start by changing the device's assigned MDM server in Apple Business Manager to the new MDM. Then, once you've made sure all of your MDM settings—such as Automated Device Enrollment and app assignments—are ported over, you are ready to migrate devices.
When you trigger Return to Service (in Kandji's case, that means sending an Erase device command from a device record or taking advantage of the API), the device will erase itself and upon rebooting, will set itself up automatically: It will interrogate Apple's activation servers to know which MDM to enroll to, proceed with enrollment, install any profiles, apps and restrictions you specified and land at the home screen, fully configured and ready for use.
For devices that do not have user content stored locally, migrating iPhone and iPad can be as simple as:
- Assign devices to new MDM in Apple Business Manager;
- Port over MDM settings;
- Trigger Return to Service.
Return to Service will work over Wi-Fi, cellular, or Ethernet connections, giving you plenty of flexibility in your migration. If the old MDM does not support Return to Service, you might still use it to migrate by sending custom commands instead; you can use the sample in our API documentation (or Apple's own) to create the command payload. Here, for example, is a sample payload you would need to paste into your MDM's custom command UI:
<data>base64 encoded Wi-Fi profile data</data>
Quick Resets, Testing, and More
Return to Service can also be used to perform quick-and-dirty resets of single-user devices. Imagine a remote worker at a remote location away from access to IT resources. They are using a company-owned iPad or iPhone and are having problems with that device. Perhaps apps need to be fixed, or the device is just not in the state they want it to be. Assuming their data is all in the cloud, the easiest solution might be to reset the device entirely.
One catch in this workflow is if you require user authentication during enrollment to connect the user to the device in your management solution. If so, you'd need user input to complete the switch—obviating the remote workflow.
A good solution to this problem is to have Automated Device Enrollment settings specifically for this workflow, where you don't require authentication, and manually assign the device to the user after the reset. With Return to Service, you can. That was not possible before. There was no way to do a complete end-to-end, zero-touch reset for iPhone and iPad. Now there is.
Another RtS use case worth noting: You might have a software testing environment handled by one MDM server and want to transfer test devices to your production MDM environment when you're done. Return to Service could handle such chores for you.
There's also an interesting use case here for organizations that acquired some Apple devices before joining Apple Business Manager. Such devices couldn't have been enrolled by Automated Device Enrollment and so wouldn't be supervised. Solving this without Return to Service would have required manually interacting with each device.
Those organizations can now instead go to their carriers or authorized resellers and ask them to add the serial numbers of those devices to their Apple Business Manager accounts. Once synced to their MDM, those devices could then be pushed through Automated Device Enrollment, via Return to Service, and so put under supervision—entirely hands-off.
Return to Service via API
Of course, there may not seem to be that much difference between manually sending Erase device commands one at a time to individual devices and manually tapping through a reset sequence on the device itself. But when you think about the challenges that come with scale, the time saved becomes significant.
That's another advantage of Return to Service: It can be implemented via API.
So, for example, you could have a workflow in which, when a guest checks out of a hotel, the reservation system could send an API command to your MDM solution to issue a Return to Service to the device. Similarly, a hospital could issue an API call from its electronic medical records system to reset the iPad in a patient's room when they are discharged, ensuring all patient data is securely erased and the device is ready for the following user.
Thanks to the ability to run Return to Service by API, all sorts of automated workflows become available. We're excited to see the workflows that Kandji customers come up with.
Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform into enterprise-ready endpoints with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we're bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.