Rawpixel - Fotolia


Apple's iOS 8 MDM features get IT and users on the same page

Apple set out on a dual mission with iOS 8, expanding device management and security, but also trying to win over users with transparency about MDM.

Apple has continued on its enterprise-friendly trajectory with the release of iOS 8, introducing several useful mobile device management tools, while streamlining and expanding authentication security.

The new operating system enhances device and data security with certificate-based single sign-on (SSO) and expanded passcode protection. Meanwhile, IT gains greater control over device configuration, including the ability to protect, sync or wipe data more conveniently than ever.

Although iOS remains locked down compared to other mobile operating systems, Apple is trying to break down a different barrier -- the one that sometimes forms between IT and users -- with better communication about the mobile device management (MDM) settings on end-user devices.

New iOS 8 MDM and security features

Apple's latest version of iOS gives administrators new controls over iPads and iPhones. They can, for example, prevent users from wiping a device or from setting their own restrictions. IT departments that manage shared devices will be excited about this advancement, as temporary users sometimes overstep company policy in the pursuit of personal security. Now, administrators can prevent workers from changing device and application passwords or from inadvertently wiping company data.

Admins can also remotely assign names to individual devices, disable the new Handoff feature -- this lets you start work on one iOS or OS X device and pick it up on another -- or restrict devices from backing up data to iCloud. In addition, IT can find out when a device was last backed up to iCloud so they know when it's safe to perform certain tasks, like remotely wiping a device. There's also a management interface to help users better understand the new iOS 8 MDM features and how to navigate them.

When it comes to mobile devices, the first thing most IT pros want to know about is security, and they'll be happy to find out that iOS 8 delivers in this arena. One of the most important iOS 8 MDM features is additional support for certificate-based SSO. The new OS allows users to automatically refresh Kerberos credentials across multiple resources without re-authenticating for each service.

The new iOS also supports always-on virtual private networks, which means IT can direct managed devices securely onto the company VPN outside of regular business hours. Employees can work on their iOS devices on the company network at any time, which should increase productivity.

Putting iOS 8 MDM features to work

One of Apple's goals with iOS 8 was to eliminate any ambiguity over MDM on the end-user side. Workers can now see which restrictions IT has implemented and which apps, docs and services fall under MDM purview. This new era of transparency will hopefully facilitate improved communication between IT and users, and minimize internal threats as a result. After all, both parties theoretically share the common goal of protecting devices and data.

We won't know all the security risks iOS 8 presents until it's been out there a little while longer, but we do know that Apple enterprise features were a primary focus of iOS 8. There are plenty of bells and whistles for consumers, but Apple has grown just as serious about its corporate audience.

Dig Deeper on Apple iOS in the enterprise