With the announcement of iOS 8 back in June 2014 and its impending release later this year, let’s take a step back and review the recent mobile device management (MDM) deployment capabilities introduced in the iOS 7.1 update released last March. The following are the major enhancements that were introduced and made available in IBM MaaS360, our enterprise mobility management offering, the same day that they were released.
Device Enrollment Program
The Device Enrollment Program (DEP) is a new capability introduced in iOS 7.1 that provides a quick and efficient way to deploy corporate-owned iOS devices that have been purchased directly from Apple. DEP was initially only available in the United States, but is now available in over 25 countries and territories as listed on the deployment program website.
DEP provides the following features:
- Zero touch configuration removes the need to physically access each device to complete its setup. Upon activation, the administrator can immediately configure account settings, apps and other settings over the air.
- Mandatory and lockable MDM settings can be made while completing the setup assistant. The device can then be preconfigured to require automatic enrollment into IBM MaaS360, which ensures that the device is configured based on existing corporate settings and requirements. This also ensures that all users have the same setup on their device.
- Bypassing steps in the setup assistant enables the administrator to simplify the setup process for users. The following setup assistant screens can be bypassed: passcode, location, restore from backup, Apple ID, terms of service, Siri and sending diagnostics.
- Device supervision allows the administrator to gain a higher level of management control over devices that are corporate owned. Supervision provides additional restrictions such as removing access to iBooks Store or iMessage and additional configuration capabilities such as allowing removal of apps and access to Game Center.
Managed apps in iOS 7.1 allow an organization to distribute free, paid and enterprise apps over the air using IBM MaaS360. App Store apps, both paid and free, can be managed by MaaS360 using Volume Purchase Program (VPP) managed distribution. The introduction of managed distribution in VPP is a major enhancement in iOS 7.1. This feature allows for the purchase and distribution of apps in volume to your user base through MaaS360, and these apps remain under the control of your organization. These managed apps can therefore be assigned to users, revoked and re-assigned to other users when no longer needed by the original user.
VPP is available in over 25 countries and territories as listed on the Apple developer website.
VPP apps can be installed in several ways:
- By prompting the user for his or her Apple ID for users with a personal device.
- By having the app install silently for corporate-owned devices that are managed by IBM MaaS360
- By redeeming a purchase code for devices that are not enrolled in IBM MaaS360; the app then becomes associated with the user’s personal Apple ID
The following restrictions and capabilities for managed apps in iOS 7.1 provide additional security and an improved user experience:
- The “Managed Open In” restriction provides two useful functions that protect an organization’s managed app data. Documents created using unmanaged apps can be prevented from opening in managed apps, and, conversely, documents created using managed apps can be prevented from opening in unmanaged apps.
- App configuration settings allow developers to identify app settings that can be set if the app is installed as a managed app.
- App feedback settings allow developers to identify app settings that can be read from a managed app using IBM MaaS360.
- The “prevent backup” restriction prevents managed apps from backing up data, which prevents managed app data from being recovered if the app is removed and then reinstalled later on.
Per app VPN
A new capability in iOS 7.1 allows individual apps to have specific VPN connection settings. With this approach, an app gains granular control over its data going through a specific VPN. This is in contrast to device-wide VPN, wherein all data travels through the same private network regardless of its origin.
Per app VPN allows each app managed by IBM MaaS360 to communicate with a private network through a secure tunnel and excludes other non-managed apps from using the same private network. Managed apps can also be configured to have different VPN connections from each other.
Since the platform for IBM MaaS360 is 100 percent cloud-based, these new features and enhancements are delivered immediately with same day support. Managing iOS devices is further simplified using these new capabilities.
Are you currently using an MDM solution or considering using one? If you want to know more about MaaS360, an IBM enterprise mobility management offering, connect with me on Twitter @mvsantana94.