I have a situation where we need public library staff (i.e. non-IT admins) just enough control in order to manage a set of 21 iPads.
I initially set up a security group with dynamic membership, where deviceCategory == LibraryIPad. Each device was assigned to the same device category. The user was then granted permissions/scope to only be able to view and manage devices in that group.
All good until a device is wiped... at which point the device category is reset to 'unassigned' and the user loses visibility.
I then hoped i could try using the device serial number for the dynamic group membership, but that option doesn't exist.
Has anyone else found a way around this? It must be a common issue? I don't really want to give the library user permission to see all devices as they would potentially be able to initiate a remote wipe of any of...