SlideShare une entreprise Scribd logo

Managing_Devices_and_Corporate_Data_on_iOS

G
Grant Jolly

The document provides an overview of how businesses can use Apple's management framework to manage iOS devices and separate corporate and personal data. It discusses how MDM solutions can remotely configure policies, distribute apps, and apply restrictions while maintaining user privacy and a seamless experience. Options are presented for managing both user-owned and organization-owned devices with different levels of control depending on deployment needs and models.

1  sur  9
Télécharger pour lire hors ligne
Managing Devices and Corporate Data on iOS Overview Businesses everywhere are empowering their employees with iPhone and iPad. The key to a successful mobile strategy is balancing IT control with user enablement. By personalizing iOS devices with their own apps and content, users take greater ownership and responsibility, leading to higher levels of engagement and increased productivity. This is enabled by Apple's management framework, which provides smart ways to manage corporate data and apps discretely, seamlessly separating work data from personal data. Additionally, users understand how their devices are being managed and trust that their privacy is protected. This document offers guidance on how essential IT control can be achieved while at the same time keeping users enabled with the best tools for their job. It complements the iOS Deployment Reference, a comprehensive online technical reference for deploying and managing iOS devices in your enterprise. To refer to the iOS Deployment Reference, visit help.apple.com/deployment/ios. Management Basics With iOS, you can streamline iPhone and iPad deployments using a range of built-in techniques that allow you to simplify account setup, configure policies, distribute apps, and apply device restrictions remotely. Our management approach Apple’s management framework is the foundation for managing mobile devices. This framework is built into iOS, allowing organizations to manage what they must—with a light touch—and not by simply locking down features or disabling functionality. As a result, Apple's management framework enables granular control by third-party mobile device management (MDM) solutions of your devices, apps, and data. And most important, you get the control you need without degrading the user experience or compromising your employees’ privacy. Other device management methods in the market may use different names to describe MDM functionality, such as enterprise mobility management (EMM) or mobile application management (MAM).These solutions have the same goal in mind—to manage your organization’s devices and corporate data over the air. And because Apple’s management framework is built into iOS, you don’t need a separate agent application from your MDM solution provider. Managing Devices and Corporate Data on iOS | November 2016 1 Contents Overview Management Basics Separating Work and Personal Data Flexible Management Options Summary
Separating Work and Personal Data Whether your organization supports user-owned or company-owned devices, you can meet your IT management goals while at the same time keeping users fully productive in their tasks. Work and personal data are managed separately, without segmenting the user experience. This allows the hottest productivity app to sit next to your corporate apps on a user’s device—giving employees more freedom to work. iOS achieves this without the use of third-party solutions such as containers, which impact the user experience and frustrate users. Understanding different management models Often containers have been built to solve issues on other platforms—issues not found with iOS. Some containers use a dual-persona strategy, which creates two separate environments running on the same device. Others focus on containerizing the apps themselves through code-based integration or app wrapping solutions. All of these methodologies present productivity obstacles for users, whether it’s logging in and out of multiple workspaces or adding a dependency on proprietary code that often causes app incompatibility with operating system updates. Organizations that no longer use containers are seeing that the native management controls in iOS enable an optimal personal experience for users and increase their productivity. Rather than making it hard for users to use their devices for both work and personal, you can use policy controls that manage the data flow seamlessly behind the scenes. Managing corporate data With iOS, you don’t have to lock down your devices. Key technologies control the flow of corporate data between apps and prevent its leakage to the user’s personal apps or cloud services. Managed content Managed content covers the installation, configuration, management, and removal of App Store and custom in-house apps, accounts, books, and domains. • Managed apps. Apps installed using MDM are called managed apps. They may be free or paid apps from the App Store, or custom in-house apps, and all can be installed over the air using MDM. Managed apps often contain sensitive information, and provide more control than apps downloaded by the user. The MDM server can remove managed apps and their associated data on demand, or specify whether the apps should be removed when the MDM profile is removed. Additionally, the MDM server can prevent managed app data from being backed up to iTunes and iCloud. • Managed accounts. MDM can help your users get up and running quickly by setting up their mail and other accounts automatically. Depending on the MDM solution provider and integration with your internal systems, account payloads can also be pre-populated with a user’s name, mail address, and, where applicable, certificate identities for authentication and signing. MDM can configure the following types of accounts: IMAP/POP, CalDAV, subscribed Calendars, CardDAV, Exchange ActiveSync, and LDAP. • Managed books. Using MDM, books, ePub books, and PDF documents can be automatically pushed to user devices, so employees always have what they need. Managed books can be shared only with other managed apps or mailed using managed accounts. When no longer necessary, the materials can be removed remotely. • Managed domains. Downloads from Safari are considered managed documents if they originate from a managed domain. Specific URLs and subdomains can be managed. For example, if a user downloads a PDF from a managed domain, the domain requires that the PDF comply with all managed document settings. Paths following the domain are managed by default.
 Managing Devices and Corporate Data on iOS | November 2016 2
Managed distribution Managed distribution lets you use your MDM solution or Apple Configurator 2 to manage apps and books purchased from VPP. To enable managed distribution, you’ll need to first link your MDM solution to your VPP account using a secure token. Once your MDM server is connected to VPP, assign apps directly to a device without the user even needing an Apple ID. A user is prompted when apps are ready to be installed on their device. If a device is supervised, apps are silently pushed to that device without prompting the user. Managed app configuration With managed app configuration, MDM uses the native iOS management framework to configure apps during or after deployment. This framework enables developers to identify the configuration settings that should be implemented when their app is installed as a managed app. Employees can start using apps that have been configured this way right away, without requiring custom setup. IT gets the assurance that corporate data within apps is handled securely, with no need for proprietary SDKs or app wrapping. There are capabilities available to app developers that can be enabled using managed app configuration such as app configuration, prevent app backup, disable screen capture, and remotely wipe app. The AppConfig Community is focused on providing tools and best practices around native capabilities in mobile operating systems. Leading MDM solution providers from this community have established a standard schema that all app developers can use to support managed app configuration. By enabling a more consistent, open, and simple way to configure and secure mobile apps, the community helps increase mobile adoption in business. To learn more about the AppConfig Community, visit www.appconfig.org.
 Managing Devices and Corporate Data on iOS | November 2016 3 To retain full control over apps with an MDM solution, assign apps directly to a device.
Managed data flow MDM solutions provide specific features that enable corporate data to be managed at a granular level so that it does not leak out to the users’personal apps and cloud services. • Managed Open In. Open In management uses a set of restrictions that prevents attachments or documents from managed sources from being opened in unmanaged destinations, and vice versa. For example, you can prevent a confidential email attachment in your organization’s managed mail account from being opened in any user’s personal apps. Only apps installed and managed by MDM can open this work document. The user’s unmanaged personal apps do not appear in the list of apps available to open the attachment. In addition to managed apps, accounts, books, and domains, several extensions respect managed Open In restrictions. • Managed extensions. App extensions give third-party developers a way to provide functionality to other apps or even to key systems built into iOS like Notification Center, enabling new business workflows between apps. Using managed Open In prevents unmanaged extension functionality from interacting with managed apps. The following examples show different types of extensions: – Document Provider extensions allow productivity apps to open documents from a variety of cloud services, without having to make unnecessary copies. – Action extensions let users manipulate or view content within the context of another app. For example, users can use an action to translate text from another language right in Safari. – Custom Keyboard extensions provide keyboards beyond the ones already built into iOS. Managed Open In can prevent unauthorized keyboards from appearing in your corporate apps. – Today extensions also known as Widgets are used to deliver glanceable information in the Today view in the Notification Center. This becomes a great way for users to get immediate, up-to-date information from an app, with simplified interactions that launch into the full app for more information. – Share extensions give users a convenient way to share content with other entities, such as social sharing websites or upload services. For example, in an app that includes a Share button, users can choose a Share extension that represents a social sharing website, then use it to post a comment or other content.
 Managing Devices and Corporate Data on iOS | November 2016 4 To protect corporate data, only apps installed and managed by MDM can open this work document.
Flexible Management Options Apple's management framework is flexible and offers a balanced approach to the way you manage user- owned as well as company-owned devices in your enterprise. When you use a third-party MDM solution with iOS, your device management options are on a continuum that ranges from applying a highly open methodology to getting as granular as needed. Ownership models Depending on the device ownership model—or models—in your organization, you’ll manage devices and apps differently. The two ownership models for iOS devices that are commonly used in the enterprise are user owned and organization owned. User-owned devices With a user-owned deployment, iOS offers personalized setup by users and transparency around how devices are configured, along with the assurance that their personal data won’t be accessed by your organization. • Opt-in and opt-out enrollment. When devices are purchased and set up by the users—commonly referred to as BYOD—you can still provide access to corporate services such as Wi-Fi, mail, and calendar. Users simply opt in to enroll in your organization’s MDM solution. When users enroll in MDM for the first time on an iOS device, they are provided with information about what the MDM server can access on their devices and the features it will configure. This provides transparency to users about what is being managed, and establishes trust between you and the users. It’s important to let your users know that if at any time they are not comfortable with this management, they can opt out of the enrollment by removing the management profile from their device. When they do, all corporate accounts and apps installed by MDM are removed. 
 Managing Devices and Corporate Data on iOS | November 2016 5 Third-party MDM solutions typically offer a user-friendly interface for employees so they feel comfortable opting- in during enrollment.* *Screen image courtesy of Jamf.
• Greater transparency. Once users are enrolled in MDM, employees can easily view in Settings which apps, books, and accounts are being managed and which restrictions have been implemented. All enterprise settings, accounts, and content installed by MDM are flagged by iOS as“managed.” • User privacy. While an MDM server lets you interact with iOS devices, not all settings and account information are exposed. You can manage corporate accounts, settings, and information provisioned via MDM, but the user’s personal accounts cannot be accessed. In fact, the same features that keep data secure in corporate-managed apps also protect a user’s personal content from entering the corporate data stream. The following examples show what a third-party MDM server can and cannot see on a personal iOS device: MDM can see: MDM cannot see: Device name Personal or work mail, calendars, contacts Phone number SMS or iMessages Serial number Safari browser history Model name and number FaceTime or phone call logs Capacity and space available Personal reminders and notes iOS version number Frequency of app use Installed apps Device location • Personalizing devices. Businesses have found that allowing users to personalize a device with their own Apple ID leads to greater levels of ownership and responsibility among users, and their productivity increases because they’re now able to choose which apps and content they need to best accomplish their jobs. Organization-owned devices With an organization-owned deployment, you can provide a device to each user, referred to as a personally enabled deployment, or another option is to rotate devices among users, referred to as a non-personalized deployment. iOS features such as automated enrollment, lockable MDM settings, device supervision, and always-on VPN ensure that devices are configured based on your organization’s specific requirements, providing increased control while assuring that corporate data is protected. 
 Managing Devices and Corporate Data on iOS | November 2016 6 The user interface for configuration profiles in Settings show users exactly what has been configured on their device.
• Automated enrollment. The Device Enrollment Program (DEP) allows you to automate MDM enrollment during the initial setup of the iPhone and iPad devices and Mac systems that your organization owns. You can make the enrollment mandatory and non-removable. You can also put devices into supervised mode during the enrollment process, and allow users to skip some of the basic setup steps. • Supervised devices. Supervision provides additional management capabilities for iOS devices owned by your organization. These include the ability to enable a web filter via a global proxy to ensure that the users’ web traffic stays within the organization’s guidelines, prevent users from resetting their device to factory defaults, and much more. By default, all iOS devices are unsupervised. As well as using DEP to enable supervised mode, you can manually enable supervision using Apple Configurator 2. Even if you don’t plan to use any supervised-only features now, consider supervising your devices when you set them up, enabling you to take advantage of supervised-only features in the future. Otherwise, you’ll need to wipe devices that have already been deployed. Supervision isn’t about locking down a device; rather, it makes company-owned devices better by extending management capabilities. In the long run, supervision provides even more options for your enterprise. For a complete list of supervised settings, see the iOS Deployment Reference. Restrictions iOS supports the following categories of restrictions, which you can configure over the air to meet the needs of your organization, without impacting users: • Device functionality • Supervised settings • Security and privacy settings • App usage • iCloud settings • Profile Manager user and user group restrictions The following categories apply to iOS devices that have been enrolled in an MDM solution using DEP: • Enrollment options • Setup Assistant options Managing Devices and Corporate Data on iOS | November 2016 7 With DEP, your MDM solution will automatically configure your iOS devices during the Setup Assistant.
Additional management capabilities Querying devices In addition to configuring devices, an MDM server has the ability to query devices for a variety of information, such as details on devices, network, applications, and compliance and security data. This information helps ensure that devices continue to comply with required policies. The MDM server determines the frequency at which it gathers information. The following are examples of information that can be queried on an iOS device: • Device details (name) • Model, iOS version, serial number • Network information • Roaming status, MAC addresses • Installed applications • App name, version, size • Compliance and security data • Installed settings, policies, certificates • Encryption status Lost Mode With iOS 9.3 or later, your MDM solution can place a supervised device in Lost Mode remotely. This action locks the device and allows a message with a phone number to be displayed on the Lock screen. With Lost Mode, supervised devices that are lost or stolen can be located because MDM remotely queries for their location. Lost Mode doesn’t require Find My iPhone to be enabled. If MDM remotely disables Lost Mode, the device is unlocked and its location is collected. To maintain transparency, the user is notified that Lost Mode is turned off. Managing Devices and Corporate Data on iOS | November 2016 8 When MDM puts a missing device in Lost Mode, it locks the device, allows messages to be displayed onscreen, and determines its location.
Activation Lock With iOS 7.1 or later, use MDM to enable Activation Lock when a user turns on Find My iPhone on a supervised device. This allows your organization to benefit from the theft-deterrent functionality of Activation Lock, while still allowing you to bypass the feature if, for instance, a user leaves your organization without first removing Activation Lock using their Apple ID. Your MDM solution can retrieve a bypass code and permit the user to enable Activation Lock on the device based on the following: • If Find My iPhone is turned on when your MDM solution allows Activation Lock, Activation Lock is enabled at that point. • If Find My iPhone is turned off when your MDM solution allows Activation Lock, Activation Lock is enabled the next time the user activates Find My iPhone. Summary The iOS management framework gives you the best of both worlds: IT is able to configure, manage, and secure devices and control the corporate data flowing through them, while at the same time users are empowered to do great work with the devices they love to use. Managing Devices and Corporate Data on iOS | November 2016 9 © 2016 Apple Inc. All rights reserved. Apple, the Apple logo, AirDrop, FaceTime, iMessage, iPad, iPhone, iTunes, Mac, Safari, Siri, and Touch ID are trademarks of Apple Inc., registered in the U.S. and other countries. App Store, iCloud, and iTunes Store are service marks of Apple Inc., registered in the U.S. and other countries. IOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Other product and company names mentioned herein may be trademarks of their respective companies. Product specifications are subject to change without notice. This material is provided for information purposes only; Apple assumes no liability related to its use. November 2016

Recommandé

I os enterprise_deployment_overview
I os enterprise_deployment_overviewI os enterprise_deployment_overview
I os enterprise_deployment_overviewAndrey Apuhtin
 
Basic computer fundamentals _MS Office
Basic computer fundamentals _MS OfficeBasic computer fundamentals _MS Office
Basic computer fundamentals _MS OfficeSaraswati yadav
 
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...Nordic Infrastructure Conference
 
Knowledge management using enterprise content management system
Knowledge management using enterprise content management systemKnowledge management using enterprise content management system
Knowledge management using enterprise content management systemzuzu123
 
Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Thomas Godsted Rysgaard
 
All About Enterprise
All About EnterpriseAll About Enterprise
All About EnterpriseCodal
 
Chapter 3 Application Software CIS 110
Chapter 3 Application Software CIS 110Chapter 3 Application Software CIS 110
Chapter 3 Application Software CIS 110Patty Ramsey
 
IBM Lotus Connections In 1 Slide
IBM Lotus Connections In 1 SlideIBM Lotus Connections In 1 Slide
IBM Lotus Connections In 1 SlideStephen Londergan
 

Recommandé

I os enterprise_deployment_overview
I os enterprise_deployment_overviewI os enterprise_deployment_overview
I os enterprise_deployment_overviewAndrey Apuhtin
 
Basic computer fundamentals _MS Office
Basic computer fundamentals _MS OfficeBasic computer fundamentals _MS Office
Basic computer fundamentals _MS OfficeSaraswati yadav
 
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...Wally Mead - Managing mobile devices with system center 2012 r2 configuration...
Wally Mead - Managing mobile devices with system center 2012 r2 configuration...Nordic Infrastructure Conference
 
Knowledge management using enterprise content management system
Knowledge management using enterprise content management systemKnowledge management using enterprise content management system
Knowledge management using enterprise content management systemzuzu123
 
Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Microsoft Enterprise Mobility Suite | Getting started....
Microsoft Enterprise Mobility Suite | Getting started....Thomas Godsted Rysgaard
 
All About Enterprise
All About EnterpriseAll About Enterprise
All About EnterpriseCodal
 
Chapter 3 Application Software CIS 110
Chapter 3 Application Software CIS 110Chapter 3 Application Software CIS 110
Chapter 3 Application Software CIS 110Patty Ramsey
 
IBM Lotus Connections In 1 Slide
IBM Lotus Connections In 1 SlideIBM Lotus Connections In 1 Slide
IBM Lotus Connections In 1 SlideStephen Londergan
 
Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...
Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...
Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...BlackBerry
 
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...Nordic Infrastructure Conference
 
Jotcall – a mobile crm extension app
Jotcall – a mobile crm extension appJotcall – a mobile crm extension app
Jotcall – a mobile crm extension appMike Taylor
 
SoftAge eDMS
SoftAge eDMSSoftAge eDMS
SoftAge eDMSSoftAge Information Technology Limited
 
Mr Ted User Experience
Mr Ted User ExperienceMr Ted User Experience
Mr Ted User Experiencejonholden
 
Brosura Intema
Brosura IntemaBrosura Intema
Brosura IntemaCiprian R?zvan Hodorogea
 
Mobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software SolutionMobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software SolutionMobile Device Management Solution
 
CH. 3 Application Software
CH. 3 Application SoftwareCH. 3 Application Software
CH. 3 Application Softwaremalik1972
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
 
application software and types Custom based software Package software
application software and types Custom based software Package softwareapplication software and types Custom based software Package software
application software and types Custom based software Package softwareimtiazalijoono
 
UXT Chicago - Designing Mobile Apps for Enterprise Use
UXT Chicago - Designing Mobile Apps for Enterprise UseUXT Chicago - Designing Mobile Apps for Enterprise Use
UXT Chicago - Designing Mobile Apps for Enterprise UseJeff Steffgen
 
Chapter 03 SOFTWARE APPLICATION
Chapter 03 SOFTWARE APPLICATIONChapter 03 SOFTWARE APPLICATION
Chapter 03 SOFTWARE APPLICATIONVicq Chibi'sLover
 
Chapter 4 computer software
Chapter 4 computer softwareChapter 4 computer software
Chapter 4 computer softwareAG RD
 
15. business software
15. business software15. business software
15. business softwareZambales National High School
 
Chap04 Computer Software
Chap04 Computer SoftwareChap04 Computer Software
Chap04 Computer SoftwareAqib Syed
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
How to mobilize your SharePoint and BI
How to mobilize your SharePoint and BIHow to mobilize your SharePoint and BI
How to mobilize your SharePoint and BINetwoven Inc.
 
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...Omni - www.omni-ts.com
 
Effective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryEffective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryZoho Corporation
 
6 industry patterns
6 industry patterns6 industry patterns
6 industry patternsAlan Hamilton
 
EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFit
EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFitEyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFit
EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFitMike Kornilov
 
Generacion De Redes De Investigación Temprana Universitaria
Generacion De Redes De Investigación Temprana UniversitariaGeneracion De Redes De Investigación Temprana Universitaria
Generacion De Redes De Investigación Temprana UniversitariaAuge21
 

Contenu connexe

Tendances

Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...
Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...
Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...BlackBerry
 
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...Nordic Infrastructure Conference
 
Jotcall – a mobile crm extension app
Jotcall – a mobile crm extension appJotcall – a mobile crm extension app
Jotcall – a mobile crm extension appMike Taylor
 
Mr Ted User Experience
Mr Ted User ExperienceMr Ted User Experience
Mr Ted User Experiencejonholden
 
CH. 3 Application Software
CH. 3 Application SoftwareCH. 3 Application Software
CH. 3 Application Softwaremalik1972
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceRichard Tong
 
application software and types Custom based software Package software
application software and types Custom based software Package softwareapplication software and types Custom based software Package software
application software and types Custom based software Package softwareimtiazalijoono
 
UXT Chicago - Designing Mobile Apps for Enterprise Use
UXT Chicago - Designing Mobile Apps for Enterprise UseUXT Chicago - Designing Mobile Apps for Enterprise Use
UXT Chicago - Designing Mobile Apps for Enterprise UseJeff Steffgen
 
Chapter 03 SOFTWARE APPLICATION
Chapter 03 SOFTWARE APPLICATIONChapter 03 SOFTWARE APPLICATION
Chapter 03 SOFTWARE APPLICATIONVicq Chibi'sLover
 
Chapter 4 computer software
Chapter 4 computer softwareChapter 4 computer software
Chapter 4 computer softwareAG RD
 
Chap04 Computer Software
Chap04 Computer SoftwareChap04 Computer Software
Chap04 Computer SoftwareAqib Syed
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
How to mobilize your SharePoint and BI
How to mobilize your SharePoint and BIHow to mobilize your SharePoint and BI
How to mobilize your SharePoint and BINetwoven Inc.
 
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...Omni - www.omni-ts.com
 
Effective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryEffective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryZoho Corporation
 

Tendances (20)

Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...
Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...
Make the Most Out of Your Deployment of BlackBerry Workspaces: Solutions for ...
 
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
Wally Mead - Deploying a system center 2012 r2 configuration manager environm...
 
Jotcall – a mobile crm extension app
Jotcall – a mobile crm extension appJotcall – a mobile crm extension app
Jotcall – a mobile crm extension app
 
SoftAge eDMS
SoftAge eDMSSoftAge eDMS
SoftAge eDMS
 
Mr Ted User Experience
Mr Ted User ExperienceMr Ted User Experience
Mr Ted User Experience
 
Brosura Intema
Brosura IntemaBrosura Intema
Brosura Intema
 
Mobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software SolutionMobile device management ( MDM ) Software Solution
Mobile device management ( MDM ) Software Solution
 
CH. 3 Application Software
CH. 3 Application SoftwareCH. 3 Application Software
CH. 3 Application Software
 
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conferenceSIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
SIF IDM Profile Usage Guide - Presentation at the 2014 annual conference
 
application software and types Custom based software Package software
application software and types Custom based software Package softwareapplication software and types Custom based software Package software
application software and types Custom based software Package software
 
UXT Chicago - Designing Mobile Apps for Enterprise Use
UXT Chicago - Designing Mobile Apps for Enterprise UseUXT Chicago - Designing Mobile Apps for Enterprise Use
UXT Chicago - Designing Mobile Apps for Enterprise Use
 
Chapter 03 SOFTWARE APPLICATION
Chapter 03 SOFTWARE APPLICATIONChapter 03 SOFTWARE APPLICATION
Chapter 03 SOFTWARE APPLICATION
 
Chapter 4 computer software
Chapter 4 computer softwareChapter 4 computer software
Chapter 4 computer software
 
15. business software
15. business software15. business software
15. business software
 
Chap04 Computer Software
Chap04 Computer SoftwareChap04 Computer Software
Chap04 Computer Software
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
 
How to mobilize your SharePoint and BI
How to mobilize your SharePoint and BIHow to mobilize your SharePoint and BI
How to mobilize your SharePoint and BI
 
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
eControl - Simplified management for Active Directory, Exchange, SAP, eDirect...
 
Effective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active DirectoryEffective User Life Cycle Management in Active Directory
Effective User Life Cycle Management in Active Directory
 
6 industry patterns
6 industry patterns6 industry patterns
6 industry patterns
 

En vedette

EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFit
EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFitEyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFit
EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFitMike Kornilov
 
Generacion De Redes De Investigación Temprana Universitaria
Generacion De Redes De Investigación Temprana UniversitariaGeneracion De Redes De Investigación Temprana Universitaria
Generacion De Redes De Investigación Temprana UniversitariaAuge21
 
2016-second-opinion-hutchinson-rev1
2016-second-opinion-hutchinson-rev12016-second-opinion-hutchinson-rev1
2016-second-opinion-hutchinson-rev1J. Steven Hutchinson
 
BMC LEAPs Final Presentation
BMC LEAPs Final PresentationBMC LEAPs Final Presentation
BMC LEAPs Final PresentationCristina Alarcón
 
Transistor de efecto de Campo (JFET y MOSFET)
Transistor de efecto de Campo (JFET y MOSFET) Transistor de efecto de Campo (JFET y MOSFET)
Transistor de efecto de Campo (JFET y MOSFET)José Parra
 
08 lewis dot diagrams to 3 d diagrams
08 lewis dot diagrams to 3 d diagrams08 lewis dot diagrams to 3 d diagrams
08 lewis dot diagrams to 3 d diagramsmrtangextrahelp
 
06 intermolecular forces
06 intermolecular forces06 intermolecular forces
06 intermolecular forcesmrtangextrahelp
 
D Link
D LinkD Link
D Linkahey
 
2017 New Home Buyer's Guide
2017 New Home Buyer's Guide2017 New Home Buyer's Guide
2017 New Home Buyer's GuideAlice Korbel
 
Комплексные IPTV решения D-Link: от вещательной студии до абонента
Комплексные IPTV решения D-Link: от вещательной студии до абонента Комплексные IPTV решения D-Link: от вещательной студии до абонента
Комплексные IPTV решения D-Link: от вещательной студии до абонента Pavel Rebrov
 

En vedette (15)

EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFit
EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFitEyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFit
EyeComTec_Presentation_MethodsOfCommunicationAndCompanyProductsFit
 
Generacion De Redes De Investigación Temprana Universitaria
Generacion De Redes De Investigación Temprana UniversitariaGeneracion De Redes De Investigación Temprana Universitaria
Generacion De Redes De Investigación Temprana Universitaria
 
Presentación1
Presentación1Presentación1
Presentación1
 
Taller2 11 2
Taller2 11 2Taller2 11 2
Taller2 11 2
 
2016-second-opinion-hutchinson-rev1
2016-second-opinion-hutchinson-rev12016-second-opinion-hutchinson-rev1
2016-second-opinion-hutchinson-rev1
 
BMC LEAPs Final Presentation
BMC LEAPs Final PresentationBMC LEAPs Final Presentation
BMC LEAPs Final Presentation
 
Transistor de efecto de Campo (JFET y MOSFET)
Transistor de efecto de Campo (JFET y MOSFET) Transistor de efecto de Campo (JFET y MOSFET)
Transistor de efecto de Campo (JFET y MOSFET)
 
08 lewis dot diagrams to 3 d diagrams
08 lewis dot diagrams to 3 d diagrams08 lewis dot diagrams to 3 d diagrams
08 lewis dot diagrams to 3 d diagrams
 
06 intermolecular forces
06 intermolecular forces06 intermolecular forces
06 intermolecular forces
 
D Link
D LinkD Link
D Link
 
2017 New Home Buyer's Guide
2017 New Home Buyer's Guide2017 New Home Buyer's Guide
2017 New Home Buyer's Guide
 
Комплексные IPTV решения D-Link: от вещательной студии до абонента
Комплексные IPTV решения D-Link: от вещательной студии до абонента Комплексные IPTV решения D-Link: от вещательной студии до абонента
Комплексные IPTV решения D-Link: от вещательной студии до абонента
 
Presentacion sem 1705
Presentacion sem 1705Presentacion sem 1705
Presentacion sem 1705
 
Ccna 2
Ccna 2Ccna 2
Ccna 2
 
Laravel 5
Laravel 5Laravel 5
Laravel 5
 

Similaire à Managing_Devices_and_Corporate_Data_on_iOS

Beyond BYOD
Beyond BYODBeyond BYOD
Beyond BYODWorksPad
 
Mobile Application Strategy
Mobile Application StrategyMobile Application Strategy
Mobile Application StrategySybase Türkiye
 
Hexnode Unified Endpoint Management
Hexnode Unified Endpoint ManagementHexnode Unified Endpoint Management
Hexnode Unified Endpoint ManagementHexnode
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSKris Wagner
 
Intune Concept.pptx
Intune Concept.pptxIntune Concept.pptx
Intune Concept.pptxjmbrrvgzhr
 
[Brochure ] mobi manager mdm_software
[Brochure ] mobi manager mdm_software[Brochure ] mobi manager mdm_software
[Brochure ] mobi manager mdm_softwareSyeful Islam
 
Enterprise Mobility Solutions Guides.pdf
Enterprise Mobility Solutions Guides.pdfEnterprise Mobility Solutions Guides.pdf
Enterprise Mobility Solutions Guides.pdfJPLoft Solutions
 
Hexnode iOS Management solution
Hexnode iOS Management solutionHexnode iOS Management solution
Hexnode iOS Management solutionHexnode
 
The key business drivers for Enterprise Mobility
The key business drivers for Enterprise MobilityThe key business drivers for Enterprise Mobility
The key business drivers for Enterprise MobilitySanjay Abraham
 
Cloud-based Mobile Apps Development in Malaysia
Cloud-based Mobile Apps Development in MalaysiaCloud-based Mobile Apps Development in Malaysia
Cloud-based Mobile Apps Development in MalaysiaGlobal Digitals
 
Mobilizing Enterprise Data - Strategies to succeed in enterprise mobile
Mobilizing Enterprise Data - Strategies to succeed in enterprise mobileMobilizing Enterprise Data - Strategies to succeed in enterprise mobile
Mobilizing Enterprise Data - Strategies to succeed in enterprise mobileAlex Zaltsman
 
Mobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platformsMobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platformsAlex Zaltsman
 
White Paper - Securing Mobile Access to enterprise data
White Paper - Securing Mobile Access to enterprise dataWhite Paper - Securing Mobile Access to enterprise data
White Paper - Securing Mobile Access to enterprise dataAppear
 
Cortado Corporate Server 7.2 - EN
Cortado Corporate Server 7.2 - ENCortado Corporate Server 7.2 - EN
Cortado Corporate Server 7.2 - ENolivier lussac
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]IBM Software India
 
Apple Device Management
Apple Device ManagementApple Device Management
Apple Device ManagementHexnode
 
relivance of apps in business
relivance of apps in businessrelivance of apps in business
relivance of apps in businessSagar kumar
 

Similaire à Managing_Devices_and_Corporate_Data_on_iOS (20)

Beyond BYOD
Beyond BYODBeyond BYOD
Beyond BYOD
 
Mobile Application Strategy
Mobile Application StrategyMobile Application Strategy
Mobile Application Strategy
 
Hexnode Unified Endpoint Management
Hexnode Unified Endpoint ManagementHexnode Unified Endpoint Management
Hexnode Unified Endpoint Management
 
Empower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMSEmpower Enterprise Mobility with Microsoft EMS
Empower Enterprise Mobility with Microsoft EMS
 
Intune Concept.pptx
Intune Concept.pptxIntune Concept.pptx
Intune Concept.pptx
 
[Brochure ] mobi manager mdm_software
[Brochure ] mobi manager mdm_software[Brochure ] mobi manager mdm_software
[Brochure ] mobi manager mdm_software
 
Enterprise Mobility Solutions Guides.pdf
Enterprise Mobility Solutions Guides.pdfEnterprise Mobility Solutions Guides.pdf
Enterprise Mobility Solutions Guides.pdf
 
Hexnode iOS Management solution
Hexnode iOS Management solutionHexnode iOS Management solution
Hexnode iOS Management solution
 
The key business drivers for Enterprise Mobility
The key business drivers for Enterprise MobilityThe key business drivers for Enterprise Mobility
The key business drivers for Enterprise Mobility
 
Cloud-based Mobile Apps Development in Malaysia
Cloud-based Mobile Apps Development in MalaysiaCloud-based Mobile Apps Development in Malaysia
Cloud-based Mobile Apps Development in Malaysia
 
Mobilizing Enterprise Data - Strategies to succeed in enterprise mobile
Mobilizing Enterprise Data - Strategies to succeed in enterprise mobileMobilizing Enterprise Data - Strategies to succeed in enterprise mobile
Mobilizing Enterprise Data - Strategies to succeed in enterprise mobile
 
Mobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platformsMobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platforms
 
Securing mobile apps in a BYOD world
Securing mobile apps in a BYOD worldSecuring mobile apps in a BYOD world
Securing mobile apps in a BYOD world
 
White Paper - Securing Mobile Access to enterprise data
White Paper - Securing Mobile Access to enterprise dataWhite Paper - Securing Mobile Access to enterprise data
White Paper - Securing Mobile Access to enterprise data
 
Cortado Corporate Server 7.2 - EN
Cortado Corporate Server 7.2 - ENCortado Corporate Server 7.2 - EN
Cortado Corporate Server 7.2 - EN
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
 
TOP 10 Powerapps.docx
TOP 10 Powerapps.docxTOP 10 Powerapps.docx
TOP 10 Powerapps.docx
 
Apple Device Management
Apple Device ManagementApple Device Management
Apple Device Management
 
relivance of apps in business
relivance of apps in businessrelivance of apps in business
relivance of apps in business
 

Managing_Devices_and_Corporate_Data_on_iOS

  • 1. Managing Devices and Corporate Data on iOS Overview Businesses everywhere are empowering their employees with iPhone and iPad. The key to a successful mobile strategy is balancing IT control with user enablement. By personalizing iOS devices with their own apps and content, users take greater ownership and responsibility, leading to higher levels of engagement and increased productivity. This is enabled by Apple's management framework, which provides smart ways to manage corporate data and apps discretely, seamlessly separating work data from personal data. Additionally, users understand how their devices are being managed and trust that their privacy is protected. This document offers guidance on how essential IT control can be achieved while at the same time keeping users enabled with the best tools for their job. It complements the iOS Deployment Reference, a comprehensive online technical reference for deploying and managing iOS devices in your enterprise. To refer to the iOS Deployment Reference, visit help.apple.com/deployment/ios. Management Basics With iOS, you can streamline iPhone and iPad deployments using a range of built-in techniques that allow you to simplify account setup, configure policies, distribute apps, and apply device restrictions remotely. Our management approach Apple’s management framework is the foundation for managing mobile devices. This framework is built into iOS, allowing organizations to manage what they must—with a light touch—and not by simply locking down features or disabling functionality. As a result, Apple's management framework enables granular control by third-party mobile device management (MDM) solutions of your devices, apps, and data. And most important, you get the control you need without degrading the user experience or compromising your employees’ privacy. Other device management methods in the market may use different names to describe MDM functionality, such as enterprise mobility management (EMM) or mobile application management (MAM).These solutions have the same goal in mind—to manage your organization’s devices and corporate data over the air. And because Apple’s management framework is built into iOS, you don’t need a separate agent application from your MDM solution provider. Managing Devices and Corporate Data on iOS | November 2016 1 Contents Overview Management Basics Separating Work and Personal Data Flexible Management Options Summary
  • 2. Separating Work and Personal Data Whether your organization supports user-owned or company-owned devices, you can meet your IT management goals while at the same time keeping users fully productive in their tasks. Work and personal data are managed separately, without segmenting the user experience. This allows the hottest productivity app to sit next to your corporate apps on a user’s device—giving employees more freedom to work. iOS achieves this without the use of third-party solutions such as containers, which impact the user experience and frustrate users. Understanding different management models Often containers have been built to solve issues on other platforms—issues not found with iOS. Some containers use a dual-persona strategy, which creates two separate environments running on the same device. Others focus on containerizing the apps themselves through code-based integration or app wrapping solutions. All of these methodologies present productivity obstacles for users, whether it’s logging in and out of multiple workspaces or adding a dependency on proprietary code that often causes app incompatibility with operating system updates. Organizations that no longer use containers are seeing that the native management controls in iOS enable an optimal personal experience for users and increase their productivity. Rather than making it hard for users to use their devices for both work and personal, you can use policy controls that manage the data flow seamlessly behind the scenes. Managing corporate data With iOS, you don’t have to lock down your devices. Key technologies control the flow of corporate data between apps and prevent its leakage to the user’s personal apps or cloud services. Managed content Managed content covers the installation, configuration, management, and removal of App Store and custom in-house apps, accounts, books, and domains. • Managed apps. Apps installed using MDM are called managed apps. They may be free or paid apps from the App Store, or custom in-house apps, and all can be installed over the air using MDM. Managed apps often contain sensitive information, and provide more control than apps downloaded by the user. The MDM server can remove managed apps and their associated data on demand, or specify whether the apps should be removed when the MDM profile is removed. Additionally, the MDM server can prevent managed app data from being backed up to iTunes and iCloud. • Managed accounts. MDM can help your users get up and running quickly by setting up their mail and other accounts automatically. Depending on the MDM solution provider and integration with your internal systems, account payloads can also be pre-populated with a user’s name, mail address, and, where applicable, certificate identities for authentication and signing. MDM can configure the following types of accounts: IMAP/POP, CalDAV, subscribed Calendars, CardDAV, Exchange ActiveSync, and LDAP. • Managed books. Using MDM, books, ePub books, and PDF documents can be automatically pushed to user devices, so employees always have what they need. Managed books can be shared only with other managed apps or mailed using managed accounts. When no longer necessary, the materials can be removed remotely. • Managed domains. Downloads from Safari are considered managed documents if they originate from a managed domain. Specific URLs and subdomains can be managed. For example, if a user downloads a PDF from a managed domain, the domain requires that the PDF comply with all managed document settings. Paths following the domain are managed by default.
 Managing Devices and Corporate Data on iOS | November 2016 2
  • 3. Managed distribution Managed distribution lets you use your MDM solution or Apple Configurator 2 to manage apps and books purchased from VPP. To enable managed distribution, you’ll need to first link your MDM solution to your VPP account using a secure token. Once your MDM server is connected to VPP, assign apps directly to a device without the user even needing an Apple ID. A user is prompted when apps are ready to be installed on their device. If a device is supervised, apps are silently pushed to that device without prompting the user. Managed app configuration With managed app configuration, MDM uses the native iOS management framework to configure apps during or after deployment. This framework enables developers to identify the configuration settings that should be implemented when their app is installed as a managed app. Employees can start using apps that have been configured this way right away, without requiring custom setup. IT gets the assurance that corporate data within apps is handled securely, with no need for proprietary SDKs or app wrapping. There are capabilities available to app developers that can be enabled using managed app configuration such as app configuration, prevent app backup, disable screen capture, and remotely wipe app. The AppConfig Community is focused on providing tools and best practices around native capabilities in mobile operating systems. Leading MDM solution providers from this community have established a standard schema that all app developers can use to support managed app configuration. By enabling a more consistent, open, and simple way to configure and secure mobile apps, the community helps increase mobile adoption in business. To learn more about the AppConfig Community, visit www.appconfig.org.
 Managing Devices and Corporate Data on iOS | November 2016 3 To retain full control over apps with an MDM solution, assign apps directly to a device.
  • 4. Managed data flow MDM solutions provide specific features that enable corporate data to be managed at a granular level so that it does not leak out to the users’personal apps and cloud services. • Managed Open In. Open In management uses a set of restrictions that prevents attachments or documents from managed sources from being opened in unmanaged destinations, and vice versa. For example, you can prevent a confidential email attachment in your organization’s managed mail account from being opened in any user’s personal apps. Only apps installed and managed by MDM can open this work document. The user’s unmanaged personal apps do not appear in the list of apps available to open the attachment. In addition to managed apps, accounts, books, and domains, several extensions respect managed Open In restrictions. • Managed extensions. App extensions give third-party developers a way to provide functionality to other apps or even to key systems built into iOS like Notification Center, enabling new business workflows between apps. Using managed Open In prevents unmanaged extension functionality from interacting with managed apps. The following examples show different types of extensions: – Document Provider extensions allow productivity apps to open documents from a variety of cloud services, without having to make unnecessary copies. – Action extensions let users manipulate or view content within the context of another app. For example, users can use an action to translate text from another language right in Safari. – Custom Keyboard extensions provide keyboards beyond the ones already built into iOS. Managed Open In can prevent unauthorized keyboards from appearing in your corporate apps. – Today extensions also known as Widgets are used to deliver glanceable information in the Today view in the Notification Center. This becomes a great way for users to get immediate, up-to-date information from an app, with simplified interactions that launch into the full app for more information. – Share extensions give users a convenient way to share content with other entities, such as social sharing websites or upload services. For example, in an app that includes a Share button, users can choose a Share extension that represents a social sharing website, then use it to post a comment or other content.
 Managing Devices and Corporate Data on iOS | November 2016 4 To protect corporate data, only apps installed and managed by MDM can open this work document.
  • 5. Flexible Management Options Apple's management framework is flexible and offers a balanced approach to the way you manage user- owned as well as company-owned devices in your enterprise. When you use a third-party MDM solution with iOS, your device management options are on a continuum that ranges from applying a highly open methodology to getting as granular as needed. Ownership models Depending on the device ownership model—or models—in your organization, you’ll manage devices and apps differently. The two ownership models for iOS devices that are commonly used in the enterprise are user owned and organization owned. User-owned devices With a user-owned deployment, iOS offers personalized setup by users and transparency around how devices are configured, along with the assurance that their personal data won’t be accessed by your organization. • Opt-in and opt-out enrollment. When devices are purchased and set up by the users—commonly referred to as BYOD—you can still provide access to corporate services such as Wi-Fi, mail, and calendar. Users simply opt in to enroll in your organization’s MDM solution. When users enroll in MDM for the first time on an iOS device, they are provided with information about what the MDM server can access on their devices and the features it will configure. This provides transparency to users about what is being managed, and establishes trust between you and the users. It’s important to let your users know that if at any time they are not comfortable with this management, they can opt out of the enrollment by removing the management profile from their device. When they do, all corporate accounts and apps installed by MDM are removed. 
 Managing Devices and Corporate Data on iOS | November 2016 5 Third-party MDM solutions typically offer a user-friendly interface for employees so they feel comfortable opting- in during enrollment.* *Screen image courtesy of Jamf.
  • 6. • Greater transparency. Once users are enrolled in MDM, employees can easily view in Settings which apps, books, and accounts are being managed and which restrictions have been implemented. All enterprise settings, accounts, and content installed by MDM are flagged by iOS as“managed.” • User privacy. While an MDM server lets you interact with iOS devices, not all settings and account information are exposed. You can manage corporate accounts, settings, and information provisioned via MDM, but the user’s personal accounts cannot be accessed. In fact, the same features that keep data secure in corporate-managed apps also protect a user’s personal content from entering the corporate data stream. The following examples show what a third-party MDM server can and cannot see on a personal iOS device: MDM can see: MDM cannot see: Device name Personal or work mail, calendars, contacts Phone number SMS or iMessages Serial number Safari browser history Model name and number FaceTime or phone call logs Capacity and space available Personal reminders and notes iOS version number Frequency of app use Installed apps Device location • Personalizing devices. Businesses have found that allowing users to personalize a device with their own Apple ID leads to greater levels of ownership and responsibility among users, and their productivity increases because they’re now able to choose which apps and content they need to best accomplish their jobs. Organization-owned devices With an organization-owned deployment, you can provide a device to each user, referred to as a personally enabled deployment, or another option is to rotate devices among users, referred to as a non-personalized deployment. iOS features such as automated enrollment, lockable MDM settings, device supervision, and always-on VPN ensure that devices are configured based on your organization’s specific requirements, providing increased control while assuring that corporate data is protected. 
 Managing Devices and Corporate Data on iOS | November 2016 6 The user interface for configuration profiles in Settings show users exactly what has been configured on their device.
  • 7. • Automated enrollment. The Device Enrollment Program (DEP) allows you to automate MDM enrollment during the initial setup of the iPhone and iPad devices and Mac systems that your organization owns. You can make the enrollment mandatory and non-removable. You can also put devices into supervised mode during the enrollment process, and allow users to skip some of the basic setup steps. • Supervised devices. Supervision provides additional management capabilities for iOS devices owned by your organization. These include the ability to enable a web filter via a global proxy to ensure that the users’ web traffic stays within the organization’s guidelines, prevent users from resetting their device to factory defaults, and much more. By default, all iOS devices are unsupervised. As well as using DEP to enable supervised mode, you can manually enable supervision using Apple Configurator 2. Even if you don’t plan to use any supervised-only features now, consider supervising your devices when you set them up, enabling you to take advantage of supervised-only features in the future. Otherwise, you’ll need to wipe devices that have already been deployed. Supervision isn’t about locking down a device; rather, it makes company-owned devices better by extending management capabilities. In the long run, supervision provides even more options for your enterprise. For a complete list of supervised settings, see the iOS Deployment Reference. Restrictions iOS supports the following categories of restrictions, which you can configure over the air to meet the needs of your organization, without impacting users: • Device functionality • Supervised settings • Security and privacy settings • App usage • iCloud settings • Profile Manager user and user group restrictions The following categories apply to iOS devices that have been enrolled in an MDM solution using DEP: • Enrollment options • Setup Assistant options Managing Devices and Corporate Data on iOS | November 2016 7 With DEP, your MDM solution will automatically configure your iOS devices during the Setup Assistant.
  • 8. Additional management capabilities Querying devices In addition to configuring devices, an MDM server has the ability to query devices for a variety of information, such as details on devices, network, applications, and compliance and security data. This information helps ensure that devices continue to comply with required policies. The MDM server determines the frequency at which it gathers information. The following are examples of information that can be queried on an iOS device: • Device details (name) • Model, iOS version, serial number • Network information • Roaming status, MAC addresses • Installed applications • App name, version, size • Compliance and security data • Installed settings, policies, certificates • Encryption status Lost Mode With iOS 9.3 or later, your MDM solution can place a supervised device in Lost Mode remotely. This action locks the device and allows a message with a phone number to be displayed on the Lock screen. With Lost Mode, supervised devices that are lost or stolen can be located because MDM remotely queries for their location. Lost Mode doesn’t require Find My iPhone to be enabled. If MDM remotely disables Lost Mode, the device is unlocked and its location is collected. To maintain transparency, the user is notified that Lost Mode is turned off. Managing Devices and Corporate Data on iOS | November 2016 8 When MDM puts a missing device in Lost Mode, it locks the device, allows messages to be displayed onscreen, and determines its location.
  • 9. Activation Lock With iOS 7.1 or later, use MDM to enable Activation Lock when a user turns on Find My iPhone on a supervised device. This allows your organization to benefit from the theft-deterrent functionality of Activation Lock, while still allowing you to bypass the feature if, for instance, a user leaves your organization without first removing Activation Lock using their Apple ID. Your MDM solution can retrieve a bypass code and permit the user to enable Activation Lock on the device based on the following: • If Find My iPhone is turned on when your MDM solution allows Activation Lock, Activation Lock is enabled at that point. • If Find My iPhone is turned off when your MDM solution allows Activation Lock, Activation Lock is enabled the next time the user activates Find My iPhone. Summary The iOS management framework gives you the best of both worlds: IT is able to configure, manage, and secure devices and control the corporate data flowing through them, while at the same time users are empowered to do great work with the devices they love to use. Managing Devices and Corporate Data on iOS | November 2016 9 © 2016 Apple Inc. All rights reserved. Apple, the Apple logo, AirDrop, FaceTime, iMessage, iPad, iPhone, iTunes, Mac, Safari, Siri, and Touch ID are trademarks of Apple Inc., registered in the U.S. and other countries. App Store, iCloud, and iTunes Store are service marks of Apple Inc., registered in the U.S. and other countries. IOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Other product and company names mentioned herein may be trademarks of their respective companies. Product specifications are subject to change without notice. This material is provided for information purposes only; Apple assumes no liability related to its use. November 2016