It is true that users bringing their iPhones and iPads to work quickly ushered in the need for Mobile Device Management (MDM). The Blackberry lost (total annihilation) and users loved their shiny new toys and how simple they were to use. Furthermore, Apple had built a great framework for MDM that tech staff saw as a possible way to enforce security policies and push configurations to devices.
At first iOS itself was very bare. The devices themselves were quite limited on what they could do from a business standpoint. After all, Apple themselves stated they were a consumer focused company but encouraged businesses to see what they could do with the products. Apple has come a long way since then and iOS 9.3 finally completes the puzzle.
Currently Apple provides a good amount of control over security on their iPhones and iPads with MDM. When devices are provisioned for staff we can enforce a standard policy of requirements such as the following.
- Automatically locking the device (dropped or stolen devices are not instantly opened)
- Requiring strong passcodes to unlock screen (no guessing that 1234 is the password)
- Forcing all backups to be encrypted (non-encrypted backups on laptops and thumb drives are vulnerable when stolen)
- Controlling iCloud availability (disable to restrict personal backups of company items)
- Disabling Facetime or Camera (confidential items cannot be captured and shared, for example; iPhone leaks)
- Disabling app installs (when used strictly for work, do not allow games and personal items)
- Remote wipe (destroy the data on stolen or lost devices)
- VPN configuration (setup corporate VPN automatically to secure communication)
- Wi-Fi setup (push all Wi-Fi settings to devices without having to give out passwords)
This is just a small list of important controls commonly used. Kudos to Apple for continually expanding the list of items that can be tweaked. Not much has changed on the security landscape in 9.3 as the list is already quite expansive. Instead, the existing items are becoming more flexible.
Whitelists and Blacklists
With the update to 9.3 businesses are going to see security controls get much more granular. Instead of simply blocking all apps or categories, there will now be whitelists and blacklists. Most companies, especially small businesses, allow their teams free rein and an all or nothing approach just does not work.
With whitelists and blacklists you will be able to block certain time wasting or HR concerning apps. If you are regularly reviewing your network/bandwidth usage (everyone should) you might notice a few offending websites or apps hammering your Internet connection. Instead of having the uncomfortable conversation, build a policy that just blocks out those items.
On the flip side, you can set a policy that says “all these apps are great and acceptable and feel free to install any of them.” You can give the users a pool of commonly used apps within your organization to choose from and install.
Apps, Apps, and Apps
We have our white and black lists but what about that user that barely knows how to make a phone call? Someone popped into your mind right away and yes that is who I am referring to. With iOS 9.3 it is now possible to not only push the applications to your device, but also place shortcuts on your home screen. The layout of the home screen can be pre-configured so everything is exactly where it should be. Every iPhone or iPad can have the exact same screen layout if preferred.
Having a managed and predefined layout makes new phone deployments consistent and easy for users to find what they need. Not only that, but when the user mentioned early calls and says they can’t find their emails you can quickly tell them to hit the home button and press the envelope looking thing in the upper right corner. Easy peasy.
Notifications in iOS 9.3
Depending on how some users use their devices, notifications can be a help or hindrance. Users that frequently use AirPlay to stream their screen to TV for presentations do not want Clash of Clans notifications popping up when pitching. Similarly, if a user accidentally turns off calendar notification they will be understandably frustrated if they cannot figure out how to re-enable them.
Luckily iOS 9.3 now allows us to control exactly which notifications are always on and which ones should be disabled. Policies can be setup for different types of devices or users to make sure pop-ups are controlled based on the role of the device.
Without diving into the device level enhancements (night shift, car play, education, etc) these few changes alone are huge in the MDM landscape. When shaped properly, companies will be able to have greater flexibility with their mobile security policies without having to dictate all or nothing approaches. Apple released iOS 9.3 on March 21st, 2016. If your business is looking into Mobile Device Management or has questions about how it all works, reach out to BCC. We love deploying and talking about MDM as part of our Managed Services offerings.