Skip the navigation

Managing and securing iOS 4 devices at work

August 11, 2010 06:01 AM ET

Beyond the security options, there are a number of ways to customize an iOS device for use with your company's network and resources. You can preconfigure access to Wi-Fi networks, VPN and e-mail servers. You can also pre-populate bookmarks for the mobile Safari browser to ensure that users can easily access internal (or external) Web-based resources. You can even specify Web pages or Web apps to appear as icons on a devices home screen for easier access.

In short, you can do a lot with configuration files to lock down an iPhone.

For more details about configuration profiles, check out Apple's documentation of the iPhone Configuration Utility. This is the free tool (available for Mac and Windows) that Apple developed for creating and testing configuration profiles. Apple also offers information about various management and deployment scenarios as well as overviews for iOS 4 business integration.

In addition to setting configurations through profiles, the MDM service allows you to query any managed device for more than 20 different pieces of data (including device- and carrier-specific details, as well as usage and verification that security policies are being enforced).

Beyond setting configuration profiles and querying devices, the MDM service allows you to take certain actions on managed devices. You can, for instance, force the device to lock and/or wipe all data. And you can temporarily remove a passcode (in case a remote user has forgotten it). If a passcode is required, the user will be required to create a new one.

You can also install or update configuration profiles as well as installed apps and enterprise application provisioning profiles and in-house apps. All this can be done in the background without user intervention, allowing you to make sure that software, configuration and security policies are in place.

(See below for a full list of the available management and monitoring capabilities of iOS 4.)

Enrolling iOS devices for management

Apple made the process of setting up device management pretty simple using SCEP. A user is instructed to visit a secure Web site and authenticate with his or her user account (typically an Active Directory account or some other LDAP-based directory service). This allows the iPhone to generate a certificate enrollment request and then an identity certificate for the device.

Using that identity certificate and the user's credentials to establish a secure connection, the device then processes the list of assigned configurations and presents them to the user. When the user agrees to the configurations, the device will download and install the related profiles and can be fully managed.

Management server options

Now that we've covered the what and the how of enterprise management, here's the list of vendors and the expected ship dates for their products:

Note: Equinux is known for media and networking tools for Mac OS X and iOS. Tarmac is its first step into the realm of device management and is an iOS-specific solution. It lists a Mac as part of its system requirements, and overall it might be better for small and midsize organizations -- particularly those that have a strong Apple presence.



Our Commenting Policies
Consumerization of IT: Be in the know
consumer tech

Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!