Apple iOS 9 features new tools for managing and deploying iOS devices and their applications -- making the mobile operating system even easier to integrate in the enterprise.
Apple automated more administrative tasks and made them more flexible, while providing better integration with existing enterprise systems in the new operating system. Mobile device management (MDM) is one of the big winners in iOS 9. Third-party MDM offerings that support the new iOS 9 features can more effectively configure and manage iOS devices and apps, especially when used in conjunction with the Volume Purchasing Program (VPP) and Device Enrollment Program (DEP).
The VPP service lets organizations purchase apps in bulk, an important resource for admins deploying productivity tools to multiple mobile devices. With VPP, IT teams can often purchase corporate apps at a discount and distribute and manage them through the App Store or an MDM product.
The DEP service, on the other hand, helps IT admins manage any devices the organization owns. Administrators can use the service to enroll corporate devices in MDM software, greatly streamlining the enrollment process.
Device-based app management
With iOS 9, Apple has put the emphasis on enterprise app distribution by giving IT the ability to assign VPP apps directly to a device, rather than to a user, eliminating the need for an active Apple ID on each device. Prior to iOS 9, app ownership was tied to the user's Apple ID, which could complicate app management on corporate-owned devices, especially when they were shared among multiple users.
By assigning apps to devices, administrators have a much easier time managing licensing. To take advantage of device-based licensing, an organization must use an MDM product to assign its VPP apps to the devices.
Apple's iOS 9 also lets administrators install and update managed apps without giving users access to the App Store. Before this version, if admins disabled the App Store, they would have to temporarily enable access to deploy or update an app, and then disable access again. Not only did this complicate the management process, but it also gave users an opportunity to download unapproved apps when the store was available.
Apple has also extended the VPP service to a global audience. IT teams can assign VPP apps to users or devices in any country where the apps are available. (At last count, an app could potentially be distributed to 26 countries.) This feature is especially beneficial to multinational corporations that purchase apps in one country but want to distribute them to employees around the world.
New levels of app trust
Apple iOS 9 features better app trust and migration, especially when apps are being distributed. When an admin uses MDM to distribute enterprise apps, iOS 9 devices implicitly trust those apps and allow them to be installed without prompting users for trust confirmation. At the same time, administrators can configure managed devices to prevent users from trusting certain apps, in effect stopping users from sideloading apps other than those the enterprise has sanctioned.
Apple has also made it easier for users on managed iOS 9 devices to know when they're installing apps from authorized or unauthorized sources. In addition, the OS provides a new settings component where users can view all their installed enterprise apps.
The OS also makes it easier to convert user-installed apps to MDM-managed apps. In the past, if an administrator wanted to migrate an app to MDM, the user would have to remove the original version, which deleted the data associated with it. Then the admin would have to reinstall the app with MDM. Now admins can convert user-installed apps into managed apps without reinstalling the app or losing data.
Apple has also added new MDM restriction profiles to iOS 9. For example, IT can now restrict users from sending enterprise data via AirDrop, as well as prevent screen recordings, device name or passcode modifications, and a number of other actions.
In addition to all the app-focused improvements, Apple iOS 9 features enhanced device management. Administrators can now push out OS updates to DEP-enrolled devices by issuing an MDM command that prompts devices to perform the update. In addition, administrators have the option to initiate software downloads and the subsequent updates as separate events. As a result, IT can schedule when each event occurs, taking into account network and user considerations to select the best times.
Organizations using DEP in conjunction with MDM can also automatically enroll iOS devices with the MDM server, without user intervention. To do so, admins must have the Apple Configurator 2 utility, which has recently undergone a facelift geared toward automating bulk enrollments.
Apple has taken other steps to improve the MDM enrollment process. Setup Assistant is now more efficient and supports more granular configuration options, and the DEP service is also available in 26 countries, just like VPP apps. Before iOS 9, DEP was available only in the U.S. and Canada.
The iOS 9 difference
Along with the app and device management capabilities, Apple iOS 9 features a number of other business-friendly improvements. The OS now syncs better with Exchange ActiveSync 16, to seamlessly integrate the Mail and Calendar apps into enterprise systems. Apple has also expanded the network usage rules to better control how apps use cellular networks and VPN connections.
Apple is serious about the enterprise, and this trend will only continue with future OS updates. Apple's iOS devices already represent a significant share of the mobile devices in the enterprise, and the company will no doubt continue to do whatever it can to keep it that way.
An app developer's perspective on iOS 9
Apple iOS continues to infiltrate the enterprise
Three iOS features IT admins are clamoring for
Learn about SPARC M7 processor