Standardizing on a mobile platform is tough
Having a standard computing platform is a relatively simple task for most businesses, partly because there's a limited set of choices: some variation of Windows or Mac OS X. (Yes, Linux and Unix are options, but they typically aren't chosen for people outside of IT.)
Getting hardware is also easy, since most purchases are made in bulk and typically from a single vendor. If you're a Mac shop, you're buying Apple hardware; if you opt for Windows, hardware choices are plentiful.
That kind of standardization doesn't work as well for smartphones and tablets. Even if your company pays for a smartphone for each employee, IT shops are still apt to encounter problems. Being tied to a single carrier may not be a good choice for all workplaces; different phone models may sport different features (and potentially different management capabilities); phones might only run certain versions of operating systems or offer different sets of bundled or available apps; and there may be varying levels of integration with other systems like VPN, mail servers and intranets.
When workers bring their personal devices to work -- as more of us are doing these days -- there's even more potential for problems. IT shops may not even know what devices employees are using, or for what purpose -- to say nothing about how secure they are.
A few years ago, companies could afford to buy mobile hardware for their employees. That's no longer true, and many organizations are embracing the concept of bring-your-own-hardware-to-work. That saves a lot of money, since there's no hardware to buy and no monthly cell phone bill (for the company). But then you have to manage and secure those devices -- or try to dictate what your workers use. (Good luck with that one.)
The most important advantage to Apple's approach to MDM is that all but one of the third-party companies that have announced or released management servers offer support for platforms beyond iOS. Two of them, Absolute Manage and AirWatch, offer management capabilities for devices other than smartphones or tablets.
Apple would be hard-pressed to develop its own such multiplatform system, as would any smartphone manufacturer. Of course, the specific mix of supported platforms varies with each product, as does the extent of supported features. But that's the advantage of competition: You should be able to get the one that best meets corporate needs.
Understanding configuration profiles in iOS
A central component to managing mobile devices involves what Apple calls configuration profiles. These are XML lists of different configuration features and optional restrictions that automatically configure an iOS device.
A single configuration file can contain all of the available settings for an iPhone -- complete with user credentials for various network resources -- or it may contain just a single value that's not user-specific, such as the details for accessing your mail server, VPN or wireless network. If you put in a server or network-related configuration without specific user credentials, the user will be asked to authenticate the first time they access the resource.
You can assign as many separate granular profiles as you like to any or all phones and they'll all be enforced. This is helpful if you need to assign configuration data based on job function or department.
The most important features you can set using configuration profiles involve security: requiring a passcode, setting passcode restrictions and forcing employees to use long and complex passcodes. You can also specify how quickly a device locks when not in use and how many failed attempts to unlock it with a passcode are allowed before the device automatically wipes data.
Another security-related option allows you to disable an iPhone's built-in camera(s). Since it is common for employers to ban camera-enabled devices to avoid sensitive information from leaking, this is an important option in many organizations.