Introducing SimpleMDM: Fast and Free iOS Device Management

  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Declaration of views_handler_field_user_name::init() should be compatible with views_handler_field_user::init(&$view, $data) in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/views/modules/user/views_handler_field_user_name.inc on line 61.
mattvlasach's picture

mattvlasach

Joined: Aug 23, 2013
WWW
Your rating: None (1 vote)

SimpleMDM

I am pleased to introduce SimpleMDM, a new cloud-based iOS Mobile Device Management solution for small businesses and individuals.

As a completely free service, SimpleMDM is designed to be a fast and effective tool to provide essential management of iPhones, iPads, and iPods. In spite of its cost, it provides a unique and intuitive web administration interface built with enterprise-grade security and best practices in mind. There are no limitations in terms of features or device counts.

You can learn more and create your free account to enroll a new device within 3 minutes by checking out the SimpleMDM website at:

http://www.simplemdm.com

I would love to hear your feedback and thoughts of the product, and I hope you find it useful for you and/or your organization!

Best,
Matt Vlasach

Top
bradleychambers's picture

bradleychambers

Joined: May 8, 2012
WWW

I'll check it out. Thanks!

Your rating: None

I'll check it out. Thanks!

Top
Pyby's picture

Pyby

Joined: Feb 29, 2012

MAM / iOS 5 push App

Your rating: None

Thanks to present your product! Very interesting to manage few devices.

This first version seems to not support an iOS 5 great feature : push application.
Maybe you'll upgrade with this, but I understand, you've to work on an internal app store, like a MAM.

Where your project come from? Personnal needs? Client wish?
Good life to your MDM product!

Top
mattvlasach's picture

mattvlasach

Joined: Jul 18, 2012
WWW

App Push

Your rating: None

Thanks for the feedback! You are right, we don't support App Push yet. The trick would be building the app portal, which didn't make the cut for a first go. Absent of an appstore for the user, would you be interested in a admin control that would let you specify apps to push to the enrolled devices of a given group? I just don't think an AppStore would be appropriate for something as basic as SimpleMDM, but I can see the case for administratively pushing applications.

We built this little bucket of joy as a way to help make MDM more accessible to the smaller guys that want something very basic to manage mobile devices. We have a lot of experience with a lot of the MDM solutions out there, and although they are powerful and feature-packed, they are not 'simple', which is all that a subset of the market requires (think families, couple-person businesses, etc.)

It was has been a great academic experience to bolster our deep understanding of exactly how MDM works on iOS so we can better advise our customers. I'll even venture to say it was fun!

Thanks for the kind words and please keep any thoughts you have coming.

Best,
Matt

Top
BillGallop's picture

BillGallop

Joined: Jul 19, 2012
WWW

Blocked Apps

Your rating: None (1 vote)

Hi Matt,
I have had a quick play with it and one issue that I have seen is if I put a device into a group that has settings such as removing Safari and I then apply restrictions to block an App the device gets moved into the quarantine group and the settings to remove Safari are themselves removed. Not only that but the App that I have specified to block is not actually blocked.

Looking at the profiles that are installed the profile for the assigned group gets removed and a Quarantine profile takes it's place, however the Quarantine profile does not appear to specify what is quarantined.

Bill

Top
mattvlasach's picture

mattvlasach

Joined: Jul 18, 2012
WWW

Blocked Apps

Your rating: None

Hi Bill,

Thanks for taking the time to check out the software. I think your issues are are due to a combination of Apple iOS MDM limitations, configurations, and a usability bug with our product.

As far as I can tell, the software is behaving correctly in that when a violation is detected, the device is being moved to the quarantine group. The thing I believe you are missing is that the quarantine group has its own set of policy configurations (eg restrictions) that are not inherited from the device's original group. Therefore, to block Safari for quarantined devices, click the arrow to the right of "Quarantine Group", select Settings & Security, then define the restrictions you would like from there.

I believe we need to better call out the fact that when a device is moved to a quarantine group, the device's "normal" group policies are not inherited. I will work with our developer and designers to make this clearer.

Now, as for actually blocking app usage: Apple MDM does not actually let you prevent the execution of a given application: that is against their philosophy of "i" device management ("we don't give complete control to the man"). So, what do we do? When we detect an app (or other condition that is undesirable) we put the device in the quarantine group. When the device is quarantined, not only is the admin notified, but we can impose "undesirable" policies as attached to the Quarantine Group until the user rights their wrongs. This includes blocking Safari, the AppStore, iTunes content, YouTube, and etc. Think of it is a virtual hand slap, which is the extent of what is within the technical capabilities of the Apple iOS MDM API.

I hope that helps! Let me know if you have any other questions.

Best,
Matt

Top
BillGallop's picture

BillGallop

Joined: Jul 19, 2012
WWW

That makes sense, you

Your rating: None

That makes sense, you probably do need a tidy up of the UI in that case as what I did was to select the group that I had created and then the Rules pop-up for that group. Then selected Safari and GarageBand from the blocked list.

I interpreted that as meaning "For all devices in this group block Safari and GarageBand", not "If any device in this list has Safari or GarageBand installed move them to the Quarantined list and remove all other policies"

I can see what you are driving at, i.e. remove the carrot of provisioning accounts etc. by hitting them with a stick if they install something that they shouldn't but other MDMs that do this sort of thing would usually message the user first with a warning that they were out of compliance first. Additionally I only seem to be able to select an App to quarantine if it is already installed, rather than by specifying an identifier for the App.

I did try messaging the device separately as well and that did not get delivered.

Bill

Top
mattvlasach's picture

mattvlasach

Joined: Jul 18, 2012
WWW

Great Feedback

Your rating: None

Bill,

I totally understand where you are coming from. I will work with the development team to see how we can make the behavior we have implemented more intuitively obvious as there is clearly room for different interpretations.

I will verify that messaging to the user works, as well as seeing if a notice to let the user know they are being quarantined is generated. Due to the simplicity of the product, we will probably go with an "instant quarantine upon violation" model, instead of putting them in a "about to quarantine" bucket. Regardless, a notification to the user is pretty important.

As a side note: I like your "hitting them with a stick" phrase, but even more fitting to the carrot-and-stick model iOS MDM uses is "hitting them with THE stick" that dangles the figurative carrot. I am absolutely going to use that from here on Smile

Thanks again for your input.

Best,
Matt

Top
bradleychambers's picture

bradleychambers

Joined: May 8, 2012
WWW

Matt, Does simple MDM not

Your rating: None (1 vote)

Matt,

Does simple MDM not require a push certificate notification like other MDM providers or is that only for pushing apps?

Top
mattvlasach's picture

mattvlasach

Joined: Jul 18, 2012
WWW

APNS Cert

Your rating: None

Bradley,

It does require a push certificate and we are currently using one that is typically used for the app store given our small business target audience. This will be changing soon, however, to require the generation of an APNS certificate by the end-user.

Best,
Matt

Top
David Mattison's picture

David Mattison

Joined: Jul 24, 2012
WWW

Great, but....

Your rating: None

Hi.

This looks like a really nice simple solution to MDM. However, it needs more features.

If we could have all of the options available in the Apple configurator (including set password for removal) - and be able to customise the enrolment messages, whilst keeping this nice simple layout. - it would be perfect.

I'd happily pay for those functions.

Top
mattvlasach's picture

mattvlasach

Joined: Jul 18, 2012
WWW

Feedback

Your rating: None

David,

Thanks for the feedback and thoughts!

One fundamental "problem" with Apple's MDM is that you cannot set a password for MDM payload removal for Over-the-Air MDM enrollments. This is per Apple's design of MDM on their iOS devices. They wanted to make sure to empower the user to remove themselves from management if they no longer wanted to be enrolled. Of course by doing so, the user removes all access that was granted to them by merit of being enrolled, such as WiFi, VPN, and Exchange account info. Put simply, Apples iOS MDM design was built with BYOD in mind. This is where all of the "carrot and stick" analogies come from.

Configurator, on the other hand, was built for USB-based device management. Apple's thinking behind Configurator is that if you have devices you are willing to manage via USB, you probably own them therefore you can have more control over them per your liking. This is squarely designed for non-BYOD models, such as in retail or education applications.

So, long story short, even if we wanted to, we cannot make that MDM payload removable (* see caveat below).

As for the customizable enrollment messages, that is a great suggestion and I'll put it on the roadmap.

Thanks again for taking the time to post your thoughts!

Best,
Matt Vlasach

  • - OK, so it is TECHNICALLY possible to make an MDM payload non-removable, but there is added complexity to the process. Some MDM vendors do it, but most do not because the added end-user enrollment process complication outweighs the benefits of making it non-removable. We have seen MDM vendors like M@D (Mobile Active Defense) do a really impressive job with holistically locking down a device better than most MDM providers, but they are rather niche with their approach.
Top
zav's picture

zav

Joined: Jan 24, 2013

This looks really compelling.

Your rating: None

Evaluating this now for a 10,000 uint iOS device user base.

I've got a few questions, the first being, "how do you plan to stay in business with a free user model?" If I am to recommend any solution, we can't afford for that company to be going out of business. We've got worldwide offices to support.

Secondly, there is the yearly "this profile for whatever is expiring", that we would like to avoid, and plan for it happening within a year of the distro profile's creation.

In any case, I'd love to chat/email about the solution if you have spare cycles.

Cheers,
- Alex Zavatone
zav ( at ) mac (dot) com

Top
mattvlasach's picture

mattvlasach

Joined: Jul 18, 2012
WWW

Thanks!

Your rating: None

Hi Zav,

Sounds great! We'll get in touch with you to discuss some of our underlying operations that shed some light into our sustainability.

As for the expiring profile, with MDM you don't have to worry about that on the client side. The provisioning profile (which now expires after 3 years, for certs issued in 2013 or later) is bound to applications, and since SimpleMDM doesn't use an app (enrollment is web based) this issue doesn't apply to our service.

Thanks!

Best,
Matt

Top

Who is online?

There are currently 0 admins, 0 users and 342 guests online. Connected users: .

Recent Activity