Managing and securing iOS 4 devices at work
Beyond the security options, there are a number of ways to customize an iOS device for use with your company's network and resources. You can preconfigure access to Wi-Fi networks, VPN and e-mail servers. You can also pre-populate bookmarks for the mobile Safari browser to ensure that users can easily access internal (or external) Web-based resources. You can even specify Web pages or Web apps to appear as icons on a devices home screen for easier access.
In short, you can do a lot with configuration files to lock down an iPhone.
For more details about configuration profiles, check out Apple's documentation of the iPhone Configuration Utility. This is the free tool (available for Mac and Windows) that Apple developed for creating and testing configuration profiles. Apple also offers information about various management and deployment scenarios as well as overviews for iOS 4 business integration.
In addition to setting configurations through profiles, the MDM service allows you to query any managed device for more than 20 different pieces of data (including device- and carrier-specific details, as well as usage and verification that security policies are being enforced).
Beyond setting configuration profiles and querying devices, the MDM service allows you to take certain actions on managed devices. You can, for instance, force the device to lock and/or wipe all data. And you can temporarily remove a passcode (in case a remote user has forgotten it). If a passcode is required, the user will be required to create a new one.
You can also install or update configuration profiles as well as installed apps and enterprise application provisioning profiles and in-house apps. All this can be done in the background without user intervention, allowing you to make sure that software, configuration and security policies are in place.
(See below for a full list of the available management and monitoring capabilities of iOS 4.)
Enrolling iOS devices for management
Apple made the process of setting up device management pretty simple using SCEP. A user is instructed to visit a secure Web site and authenticate with his or her user account (typically an Active Directory account or some other LDAP-based directory service). This allows the iPhone to generate a certificate enrollment request and then an identity certificate for the device.
Using that identity certificate and the user's credentials to establish a secure connection, the device then processes the list of assigned configurations and presents them to the user. When the user agrees to the configurations, the device will download and install the related profiles and can be fully managed.
Management server options
Now that we've covered the what and the how of enterprise management, here's the list of vendors and the expected ship dates for their products:
- Absolute Manage: Expected availability in the third quarter of this year.
- Afaria by Sybase: iOS 4 beta program now in progress, with availability also expected in the third quarter.
- AirWatch: Availability listed as summer 2010.
- Good for Enterprise: Now available.
- MobileIron: Now available, and offering discounts to existing Good customers.
- Tangoe Mobile Device Manager: Now available.
- Tarmac by Equinux: Now available.
Note: Equinux is known for media and networking tools for Mac OS X and iOS. Tarmac is its first step into the realm of device management and is an iOS-specific solution. It lists a Mac as part of its system requirements, and overall it might be better for small and midsize organizations -- particularly those that have a strong Apple presence.
Apple's iOS 4
- Facebook blocks access to hidden iPad app
- LTE iPhone unlikely this year, says analyst
- Apple slams Amazon's Android e-store as 'inferior'
- Apple iOS: Why it's the most secure OS, period
- Apple launches iWork productivity apps for iPhone
- Analysts split on iPhone over-the-air-update buzz
- Apple's iOS 4.3 a welcome update for iPad, iPhone
- iOS 4.3 boosts first-gen iPad browser speed by 18%
- Update: Apple jumps gun, delivers early iOS 4.3 update for AT&T iPhone, iPad
- iPhone dev knocks Apple over vague new sub rules
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Macintosh White Papers | Webcasts