Mobile Device Management software (MDM) provides a way for both SMBs and corporations to manage multiple mobile devices over-the-air. MDMs built for Apple iOS let the administrators enroll and manage iPhone, iPad and iPod touch, and execute commands remotely. Here, we’ll look at the latest iOS device management software features, as well as the newest iOS 11 enterprise features.
How secure is MDM for iOS?
An iOS device and MDM together can make sure there aren’t any security loopholes and the data is completely secure. An iOS device prevents the corporate data from being leaked with features like Find My iPhone to lock a device remotely, while the MDM adds up security with some additional options, a few of which include data encryption and remote wipe, which can wipe corporate data from the device or even reset it.
In iOS, device enrollment and management are based on profiles. The device uses Apple Push Notification service (APNs) to communicate with MDM and APNs will not send confidential information over-the-air.
iOS 11 enterprise features
At its WWDC 2017 event this summer, Apple unveiled iOS 11. The company also announced new iOS 11 enterprise features, as well as features for macOS and tvOS enterprise users. The important new iOS 11 enterprise features are:
- MDM features more supervised-exclusive: More and more MDM features are removed from basic MDM restrictions and are added to Supervised restrictions. This year Apple is removing app the restrictions such as installation and app removal, FaceTime, iTunes and Safari on iOS 11 from basic MDM restrictions.
- DEP houses more devices: Any iOS devices can now be added to the Device Enrollment Program. Earlier, DEP housed only those device purchased from an authorized reseller.
- Restricted MDM commands: MDM commands can set to be executed only via a wired connection.
- New VPN restrictions: A new set of restrictions for VPN is coming to iOS 11.
- Updated services for all: iOS software updates can be installed on all devices, whether it be non-supervised or locked, nothing matters.
- Preserved data plan: A new feature allows the data plan to be preserved while the iOS device is wiped.
- New restrictions for AirPrint: Apple added four new restrictions for AirPrint in iOS 11 which include allowing AirPrint and adding AirPrint credentials to Keychain.
iOS device management tips: Making devices ready for MDM
To get the maximum out of an MDM software, the device needs to be supervised. Enrolling a device in Apple Device Enrollment Program (DEP) help supervise the device and provides some other features too.
1. Get your device ready for Apple DEP
DEP helps Organizations to get their devices supervised and skip the initial steps while setting the device up. To enroll the devices in Apple DEP, make sure that the device’s purchase order was placed before the 11th of March 2011; and make sure the device is running at least iOS 7, OS X Maverick (10.9), or tvOS 10.2 for 4th-gen or later Apple TVs.
Alternatively, Apple Configurator 2, a macOS application, can be used to skip initial steps and supervise the device. So, what’s in with DEP? Configurator can be swift while deploying a few number of devices. When it comes to more devices—such as a thousand—it’ll be painful with Configurator. And, DEP can link a device permanently to an organization.
2. Turn on supervision
As said before, a device can be supervised via the DEP or Apple Configurator 2. Advanced MDM configurations and restrictions can be applied to supervised devices only. From allowing/disallowing users to remove apps from the device to bypassing Activation Lock, there are a lot of configurations exclusive for supervised devices. Plus, Apple is moving some basic restrictions to the list of supervised-exclusive restrictions.
How MDM beats Apple Configurator 2
Apple Configurator 2 can be considered a iOS device management application, but it lacks some features available from other MDM solutions on the market. For one, Apple Configurator 2 runs only on macOS platforms, whereas MDMs have a centralized hub which can be run on any platform. Secondly, managed devices need to be connected physically to the Mac system. MDMs manage devices remotely.
Fortunately, there are lots of great iOS device management applications to consider over Apple Configurator 2. There are far too many to quickly compare, so for simplicity’s sake we’ll look at the leading MDM software Hexnode, which offers all essential MDM functions and then some more. Hexnode is a single MDM application that includes not only iOS device management but also Android and Windows device management.
Hexnode MDM features for iOS device management
1. Out-of-the-box ready with DEP:
With DEP, skip the initial setup steps and set apps to be installed when the device boots up. With Hexnode MDM‘s integration with DEP, this is achieved and the device can be started managing right when it boots up.
2. Enroll with Apple Configurator 2 — An added enrollment method:
Consider enrolling the device to Hexnode MDM with Apple Configurator 2, while you Supervise or make some setup steps disappear.
3. Single app mode with the ability to alter device features:
Single app mode is not just a single-app mode anymore. Now, it is possible to enable/disable touch, device buttons and built-in features like VoiceOver, Zoom etc.
4. Multi-app kiosk to do even better:
When locking down just an app is not enough, why not consider ‘simulating’ multi-app mode by restricting access to whitelisted apps only?
5. Pre-configure device network for ready-to-use out-of-the-box:
Configure WiFi, ActiveSync, VPN, Email and LDAP and push it to devices to avoid these to be configured individually on devices.
6. Web content filtering to restrict access to URLs:
Get your device someplace safe, safe enough so no one gets their hands to access unwanted URLs from your device.
7. Find a lost device with ease:
Enable Lost Mode from the MDM software and track or lock a managed device or to set a new password.
8. Bypassing the Activation Lock to reuse the device after reset:
Activation Lock helps lock your device on unauthorized reset attempt. But what if it turns against you by locking a device with some other’s Apple ID? Bypass Activation Lock on an already managed iPhone or iPad and continue using the device.
9. VPP — Purchase apps in volumes:
Purchase apps in bulk from the App Store or from any other businesses with Apple’s Volume Purchase Program. Industries benefit from assigning the apps directly to managed devices right from the MDM console with VPP integration and revoking a license to assign the app to another device. The users do not need to sign in with an Apple ID, that’s another advantage.
10. Two app stores on a device — Your device, your apps, nothing else:
Deploy an additional app store for the exclusive use in your business, with the choice of having the default App Store, making two app stores on a device. Deploy apps silently to the devices.
11. Ability to track location and block access:
Keep track of every device with the location tracking feature and block users from accessing corporate data outside an area with Geofencing.
12. Multiple enrollment options:
Single user and bulk user enrollments, pre-enrollment and self-enrollment to choose from the enrollment methods, and an added enrollment method to enroll without authentication. Enable SMS notification to get the enrollment instructions via SMS apart from the notification by email.
13. Dynamic grouping:
There’s no need to add new devices manually to a device group. With dynamic grouping, you can set them to be grouped automatically based on custom conditions.
14. Active Directory integration:
Integrating your MDM with Active Directory (AD) helps to have the new users in the AD be automatically enrolled with Hexnode MDM.
To learn more about Hexnode and its Hexnode MDM / iOS device management and mobile kiosk software, check out the company’s directory page on MobileVillage.
* 2017 iOS device management tips and iOS 11 enterprise features