What steps should be taken when setting up a business-owned iPad for a regular employee?
I assume an Apple account should be created using that employee's corporate email address, but what happens if that person leaves the company? Can the apps and documents be kept for a different, future user in the same position?
Are there any additional concerns I need to address concerning planning, scalability, or security?
Get management software for them. Apple provide no program, just API hooks for others to build upon. Meraki have a cloud product we trialled and it seems good enough for most.
Don't set them up with individual accounts. This is a recipe for disaster - forgotten password, no way to distribute new apps to them. Set them up with a single apple account, with a very strong password. The using your management software you can push out bulk-purchased apps to all ios devices.
Disable installing apps if they have data cards (wifi only, your choice) - otherwise they can install YouTube and rip through 40gb of LTE data in a month causing massive bill shock.
If they have SIM cards, consider speaking to your provider to organise having your SIMs terminate at your end of a provider-level VPN. This way you can apply your corporate web policies on the devices and monitor usage (this will not work for iPads on wifi).
Prepare to replace them. We have software on about 500 iPads and Id say in 3 years, 50% have been replaced due to misuse (dropped into water, smashed, given to the kids) or warranty failures. No excess business insurance helps here.
What should be done rather depends on what you're trying to achieve. There should of course already be a corporate aim for deploying these devices, and this is what should be dictating the overall device allocation and management strategy.
Setting up the device with a unique apple ID for each user is essentially letting the user manage the device themselves... which is a legitimate choice but somewhat at odds with wanting to keep apps and documents on the device for the next person holding that role. This is not going to be a winning strategy when it comes to re-using apps and data already on the device between multiple users.
You might want to consider Mobile Device Management - this is still somewhat in its infancy... but then so is the business use of tablet devices... but MDM allows you to have at least some centralised control and management of corporate devices, which might prove useful if you consider these shared (in the sense that they're issued to whoever is holding a particular job/role at any one time) rather than more personally used devices (e.g. given to each user to use however they see fit for the job.
Have a nose at Good For Enterprise (GfE).
It's pretty damn good. It's main selling point is that the device-side is an encrypted "container" (to use their terminology), which talks to the Good NOC. You then allow a thin HTTPS connection from your site to the Good NOC.
GfE also has an MDM component, which hooks in to the Apple API for device lock-down, Etc.
