IT can harness Apple iOS MDM to remotely manage iPhones and iPads, no matter who owns the iOS 5 device.
Apple has revved up its march into the enterprise by incorporating more centralized mobile device management (MDM) capabilities into each version of iOS. With iOS 5, Apple finally removed all desktop management dependencies, giving IT more control than ever over the iPad and iPhone in the enterprise. But some important features of iOS MDM are still missing.
Breaking the iOS MDM desktop dependency
A history of iOS MDM
In 2008, Apple introduced the iPhone Configuration Utility (iCU), a desktop program that lets admins push configuration profiles to iPhones (and later, iPads) via USB. Then Apple added application profiles, giving IT a single utility for deploying settings and applications. But IT still had to initialize iPads and iPhones via USB, and users still had to sync their devices with computers.
In iOS 4, released in 2010, Apple added MDM application program interfaces (APIs) for installing, updating and removing configuration and application profiles over the air. With this advancement, an organization could deliver profiles through Apple’s Push Notification Service. In addition, it allowed IT to authorize managed devices, monitor their properties and settings and remotely lock and wipe them. Today, IT departments use these APIs and MDM products together to manage varied devices.
When the iPhone first launched, users needed to connect to a Mac or PC running iTunes to initialize, synchronize and back up their phones. Everything else -- passcodes, email accounts, Wi-Fi networks and applications -- required manual configuration on the device itself.
Over time, Apple added more iOS MDM capabilities -- first with the iPhone Configuration Utility, then with iOS MDM application program interfaces. The launch of iCloud and iOS 5 in 2011 removed the last remaining ties between the desktop and an iOS 5 device . Now, users (or IT) can initialize and upgrade iOS devices over the air, and they can synchronize and back up content to the iCloud service, which stores documents, data and user information using the advanced encryption standard, auto-synchronized over the Secure Sockets Layer.
Centralizing iOS 5 device control with iOS MDM
Apple’s iOS evolution leaves IT well-positioned to manage iPhones and iPads. IT can now perform the following iOS 5 device management tasks:
- enrolling devices based on user identity, device properties, and policy;
- enforcing passcode policies, device restrictions, email, calendar and Exchange accounts, virtual private network (VPN) and Wi-Fi parameters, Web clips, certificates and more;
- installing, updating and removing enterprise applications, the profiles that enable them and volume-purchased licenses for commercial applications;
- monitoring device status and attributes such as iOS version, model, ID, hardware capabilities; and network properties;
- and initiating device lock, passcode reset and data wipe.
Instead of worrying about corporate data leaking onto personal PCs, IT can use iOS MDM to centrally deploy and enforce encrypted backup restrictions. Rather than depending on users to purchase business applications from the App Store, IT can leverage iOS MDM to prompt installation and distribute licenses. As an alternative to hoping that users install applications and updates in a timely fashion, IT can push updated profiles and auto-quarantine laggards.
The iOS 5 device management fine print
Alas, iOS 5 doesn’t meet every management need. For example, IT can use iOS MDM to drive application installation and verify status, but it can’t remove user-installed applications. And iOS MDM can push restriction profiles that enable or disable iCloud backup, document sync and photo stream sync, but it cannot permit contact and music backup while denying email and document backup. (Only users can configure their devices to do that.)
Furthermore, users’ Apple IDs and passwords give them access to iOS 5 device content in iCloud, and IT has no way to assert stronger access controls, recover backed-up corporate data or wipe that data to prevent users from transferring it to personal devices.
Even with such limitations, iOS MDM gives IT a fairly firm grip the iOS 5 device. Employers should start by comparing their own management needs, policies and practices against what iOS MDM can and cannot accomplish. Then, choose an iOS MDM product to centrally manage corporate iPhones and iPads, paying close attention to features such as deployment model, supported device types, enterprise directory integration, scalability, automation and reporting.
Dig Deeper on Apple iOS in the enterprise
A quick list of new enterprise features in iOS 13, iPadOS, and macOS 10.15 Catalina
iOS MDM needs to get better at BYOD, but Apple might make it harder (December 2018 update)
Aaron Freimark and Russ Mohr talk iOS 12 - BrianMadden.com Podcast #136
Apple WWDC 2018: Here are the new iOS 12 MDM features