What iOS 10.3 offers the enterprise

The update to Apple's mobile OS expands on device management, bolsters security

10 ios tips all iphone users should know silence the ringer 4
Ben Patterson / IDG

A lot of technical coverage about iOS 10.3 has focused on the introduction of APFS, a new modern file system that will eventually power all Apple products. APFS replaces the decades-old HFS file system that has been a staple for Macs and most other Apple devices. APFS is a key under-the-hood update that improves performance and security, even if it's largely invisible to most users. It's also significant for enterprises in that it does deliver some security advances.

But iOS 10.3 includes several key new features for enterprises and educational institutions that go far beyond just the new file system.

These are most important ones:

A new focus on Supervised devices

One obvious change in iOS 10.3 is the focus on device Supervision. Supervision (aka Supervised devices) refers to expanded device management that Apple provides for devices that are owned by an organization and aren't BYOD or mixed use work/personal devices. Supervised devices tend to be used in situations where security is key and/or user restrictions and pre-configuration are important. It's also designed for shared device uses, where multiple people might have the same device, as well as kiosk-like situations where customers, clients, or others may interact with a device and the device configuration needs to be maintained.

Apple is expanding the capabilities for managing Supervised devices much more than BYOD devices. The company has also indicated that it is deprecating the use of some existing management capability for non-Supervised device. This means that some features now available to all managed devices, like the ability to allow/restrict the use of Safari, FaceTime and Siri, will eventually be available only to Supervised devices. As a result, organizations will need to review their policies for BYOD and mixed-use devices and may need to make changes if they rely on some of these features.

It isn't particularly clear why Apple is focusing management primarily on Supervised devices. One explanation is that the company feels it already provides the needed security and management for BYOD and mixed-use hardware. It could also be a response to feedback that too many controls are already imposed on personal devices. Or it could simply be an effort to encourage the purchase of devices from Apple and the use of additional enterprise programs like DEP, Apple Configurator and the Volume Purchase Program for bulk app purchases. (DEP or Device Enrollment Program is a zero touch provisioning and deployment option for Supervised devices purchased directly from Apple and select partner.)

The move toward more supervisions also likely represents more focus on securing Apple's place in regulated industries, which often require more stringent security and management options.

iOS 10.3 and education

Another obvious direction Apple is investing in with iOS 10.3 is education. The company introduced key features for schools last year in iOS 9.3. These include the ability for shared iPads, managed Apple IDs for students and a Classroom app that allows teachers to manage iPads during a class to assign tasks, view student work and lock the iPads into a specific app. With iOS 10.3, the Classrooom app has been updated to allow more flexibility in assigning iPads to students to what are called Unmanaged Classes. The effort seems designed largely to support schools that are using a 1-to-1 iPad deployment (where each student gets his or her own iPad and the devices aren't shared). There have also been incremental updates to several education feature and programs to support teachers looking to get the most out of iPad use in the classroom.

For now, Apple is still indicating that the shared iPad functionality, in which an iPad hosts multiple user accounts, will remain an education-only feature. But as the company refines it, the feature could easily be made available to enterprises. It's doubtful Apple would make this a consumer feature -- doing so would discourage families from buying multiple iPads.

tvOS becomes more enterprise-ready

The Apple TV has had a minimal set of management capabilities for some time, though these were introduced and focused on the second- and third-generation devices rather than the latest fourth-generation Apple TV, which has much greater capabilities including its own App Store. tvOS 10.2, introduced alongside iOS 10.3, offers much-needed additions to Apple TV management.

The biggest addition is the ability to install enterprise apps onto the device and configure it to operate in a single app (kiosk) mode. Like iOS devices, tvOS now offers a Supervised mode that enables a zero touch configuration and the ability to automatically enter setup data such as device name so that users will not need to go through the whole setup process. Administrators can also now restart and erase an Apple TV remotely.

Tethered Networking

Tethered Networking is a feature that can relieve pressure on a Wi-Fi network when devices need to be configured, refreshed or updated en masse -- such as the beginning of a school year when many iPads (and Macs and PCs) need to be refreshed or when iPads in a hospital need to be deployed. Using Tethered Networking, iOS devices are connected to a Mac and all network activity can be routed through the Mac's Ethernet port, freeing up wireless bandwidth.

Another feature of Tethered Networking is App Caching, which allows iOS apps that are downloaded for provisioning to be stored on the Mac and copied locally to the tethered device. This greatly reduces bandwidth use during the provisioning process as well as speeding it up.

Preventing access to unknown Wi-Fi networks

This is a major security option, though it is limited to Supervised devices. Administrators can prevent users from selecting available Wi-Fi networks. Only networks approved by IT -- typically only corporate or school networks -- will be available to users in the Wi-Fi settings. The goal is to keep employees from accessing public Wi-Fi networks that can be a haven for man-in-the-middle attackers.

A more secure connection to Exchange

Apple has added support for oAuth 2.0 in the iOS email app to provide native security capabilities that go beyond username and password. This offers additional security capabilities for organizations because an oAuth token is used to verify the connection between the device and Exchange. Apple also made improvements around S/MIME, the secure email protocol that uses certificates for signing and encrypting email to further enhance email security.

Added device management commands

In addition to the major changes already noted, iOS 10.3 offers a handful of management commands and restrictions for Supervised devices:

  • Restrict Dictation features
  • Prompt the user to perform an iOS update on passcode locked device
  • Play a sound on an iOS device in Lost Mode
  • Restart an iOS device
  • Shut down an iOS device
  • Let a student modify AirPlay and View Screen permissions

Apple intends to maintain its mobile dominance in the enterprise

It's clear that Apple is not going to rest on its laurels when it comes to being the dominate mobile platform for business and that it intends to try to rule the classroom, despite serious competition from devices like Chromebooks that have eaten into its share of the K-12 education market. It also seems likely that Apple will continue to launch new management features in a spring update, just as it has done for two years now. That move is timed before the summer break begins to help schools that need to make purchasing decisions and upgrade planning for the following school year. More details about all these features are in Apple's iOS Deployment Guide.

Copyright © 2017 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon