Can OWA & MDM go together??

rohanparakh's picture
No votes yet

I have been working on MDM for quite some time now, but this thing came to mind recently.
In a scenario where email is the only way to access corporate data(no in house apps, nothing) and OWA is enabled for all users.
Why would some go for MDM?

Exploring a Mobile App Vetting Process

pghmobility's picture
No votes yet

Hello,

As we move forward with enterprise applications (such as corporate travel apps, recommended commercial apps), the topic has come up regarding a software review process for mobile applications.

Does anyone have any insight they can provide? What are some things you look for when 'approving' an app for corporate use? Security? Permissions required? Update intervals, etc?

Thanks!

Mobile Management Strategies

No votes yet

All companies deploying mobile devices have a mobile management strategy, whether they plan one or not.

Today's mobile management boils down to a trade-off between control and usability. The stronger the control, the less flexible and familiar the experience is for the user.

The slide above is from a talk I gave for Tekserve. It shows the relationship between five possible mobile management strategies: wild west, Exchange, Mobile Device Management, sandboxing, and VDI.

(footnote: These strategies are not exclusive. It is common to see a combination deployed in large or even not-so-large environments.)

Wild West

By far, the most common mobile strategy is Wild West. Rather, we should call this a non-strategy. In the Wild West, iPads roam free. "Shadow IT" is the law of the land. Users have themselves figured out access to corporate email and documents. Dropbox is a common solution. No lock-screen passcodes burden their users. There is no uniformity to apps. There is no way to remotely remove data from a lost iPad. A thief would have unimpeded access to email, contacts, calendar, and documents.

Exchange

Adding a thin layer of management is not difficult if your company uses a corporate email server. Microsoft Exchange and Google Apps for Business and Education have mobile management built in. This protection rides on top of Microsoft's Exchange ActiveSync Protocol, and requires nothing more than an "Exchange" type email account on the device. With this level of control, you get a number of helpful over-the-air abilities:

  • Require passcode
  • Require a complex passcode
  • Lock device after X unsuccessful attempts to unlock
  • Remove passcode
  • Disable camera
  • Erase device

The most significant of these is "require passcode," which enables Apple Data Protection.j

Mobile Device Management

Mobile Device Management, or MDM, adds additional controls on top of Exchange. Devices must be "enrolled" into MDM, usually using a web page or an app. MDM delivers all the features of Exchange, plus several more:

  • Remotely set up email, VPN, calendar, identity certificates
  • Send free and pre-paid apps to devices
  • Send web bookmarks to devices
  • Inventory devices for apps, usage info, and identities
  • Configure features of email accounts not available in the UI: sandboxing, encryption
  • Additional restrictions on iCloud, encrypted backups, FaceTime, the App Store, videos, and more

The MDM protocol is built into iOS by Apple and has been present since iOS 4. Apple continues to quietly expand MDM with each iOS revision.

There are a large number of MDM Providers, each building on Apple's common foundation. The differences tend to show up within the administrative console.

MDM takes more effort on the backend than Exchange. But apart from the initial enrollment, users do not experience a significant change to their experience of the device.

Sandbox

A Sandbox is a world within an app. Just like Las Vegas, whatever happens in the app, stays in the app. The app syncs content back to the corporate servers. So the company focuses its management efforts on securing that data within the sandbox.

Sandboxes can limit themselves to certain read-only documents pushed out from corporate. Or they can be close to entire OSes, with their own email and document editing. Unlike MDM, a sandbox environment can be fully FIPS compliant for those businesses who need this.

Sandboxes effectively segregate personal and corporate use. By their nature, all company work must be done within the Sandbox app. This can severely limit the options for users, who are no longer able to decide the best choices for their tools.

VDI/Remote Desktop

VDI is an option when Sandboxing isn't enough control. With VDI, the iPad uses a remote desktop protocol to control a desktop computer (usually Windows) running in a secure data center. So data isn't actually stored on the iPad itself. Unfortunately, the iPad makes a lousy replacement for a real mouse and keyboard. Mapping a desktop interface onto the multitouch display just doesn't fit well.

Conclusion

Each deployment comes with its own requirements. But in general, Mobile Device Management offers the best balance of strong management and familiar experience.

InstallApplication from Apple Store without entering Apple ID?

tyt_g207's picture
No votes yet

Hello everybody,

I'm new to iOS MDM. I would like to know if it's possible to send an InstallApplication command to install an application from AppleStore without entering AppleID? Considering that the device has been registered with an Apple ID of enterprise.

Many thanks,

Which RDP app?

drvcrash's picture
No votes yet

I need an rdp app that will either let me save a session shortcut to the home screen or one that will let me have a default connection that it automatically connects to when opened. Trying to use ipads as pos terminals and dont want users to have to do anything . anyone have an idea?

Daring Fireball: The Misunderstood iPhone

No votes yet

John Gruber's blog Daring Fireball has a great piece on the iPhone's five year anniversary.

The iPod’s success fooled almost everyone (including me) into thinking that Apple’s entry into the phone market would be similar. The iPod was the world’s best portable media player; the “iPhone”, thus, would likely be the world’s best cell phone.

But that’s not what it was. It was the world’s best portable computer. Best not in the sense of being the most powerful, or the fastest, or the most-efficient to use. The thing couldn’t even do copy-and-paste. It was the best because it was always there, always on, always just a button-push away. The disruption was not that we now finally had a nice phone; it was that, for better or for worse, we would now never again be without a computer or the Internet.

In other words, the iPad isn't a large phone. The iPhone is a small iPad.

iOS automation tool Apple Configurator updated to 1.1

No votes yet

Apple has update Apple Configurator, it's tool for automating iOS device deployment and assignment, to version 1.1. From the release notes, the new version:

  • Improved reliability and ease of use when installing paid apps with Volume Purchase Program redemption codes
  • A new preference to disable the automatic removal of apps or profiles installed by the user when a configuration is reapplied to a supervised device
  • A new preference to disable reapplying a configuration each time a supervised device is connected to Apple Configurator
  • The profile editor now indicates when a profile cannot be installed on a supervised device due to a missing value in a required field

The app is available on the Mac App Store.

iPads beat laptops by $7... in annual electricity costs

No votes yet

A study by the Electric Power Research Institute has calculated that an iPad uses only $1.36 worth of electricity over a year. That's less than a 60W compact florescent light bulb, and a fraction of the usage of most laptops.

Device Annual Use Annual Cost
iPad 12 kWh $1.36
iPhone 3G 2.2 kWh $0.25
"Laptop PCs" 72.3 kWh $8.31
60W CFL Bulb 14 kWh $1.61

We aren't sure what the EPRI means by "Laptop PC." But a little back-of-the-evelope calculation for the iPad: 12 kWh/year ÷ 365 days ÷ 10W power plug = 3.28 hours per day of charging time. Sounds about right to me.

(via TUAW)

Which Business Apps are integrated with MDM?

rohanparakh's picture
No votes yet

Typically two kind of business Apps are in demand:
1. File sharing apps
2. Communication apps(email,chat)
3. Anti Virus/Anti Malware apps(lets not talk about iOS here)

Has anyone seen or worked on such kind of apps integrated with MDM specially for authentication purpose.
Also any MDM which provides AV too, and for all the platorms.

Lock out proxy settings?

carlie21's picture
No votes yet

Hi I am new to the forums and would like to know if anyone knows of a way or app that can lock down devices proxy server settings? I have contacted apple who say this isnt possible through xml files or the apple config tool so would like to know if anyone has come across any mdm software that can do this.

We use Ipads in Bank branches and do not want users (customers) to be able to in put a proxy server setting that could potentislly divert customer data to a personal proxy.

Any idea or comments would be much appreciated

Thanks
Carlie Mcnamee

AirWatch Supporting Mac OS X

Cooper.AW's picture
No votes yet

With this new release, IT administrators can maintain security across both iOS and Mac OS X Lion operating systems to ensure consistent policies and profiles throughout their organization. This new update also enables organizations to manage corporate liable, employee liable (BYOD) or shared Mac OS X Lion devices throughout the entire device lifecycle. As part of the company’s commitment to the Mac platforms, AirWatch plans to support the new features in Apple’s upcoming Mac OS X 10.8 release.

The initial OS X management release includes MDM capabilities for web-based enrollment; commands to remotely lock and wipe devices; and device and application list query. Support for profile management capabilities include:

• Passcode and policy settings
• Email (POP, IMAP, SMTP) and exchange settings
• Wi-Fi and VPN configurations
• Certificates and simple certificate enrollment protocol (SCEP)
• Lightweight directory access protocol (LDAP), calendaring extensions to WebDAV (CalDAV) and contact extensions to WebDAV (CardDAV)
• Webclips
• Custom profiles

http://www.businesswire.com/news/home/20120611006567/en

Check In/Out

damntech's picture
No votes yet

Hi we currently have no iOS devices deployed and are in the process of acquiring iPads and an MDM. I have demoed several MDMs all of which have different odds and ends. We are a school district and have multiple users per device with 5 times as many unique users as devices. We were wondering if there is a MDM with an over the air Check In/Out type features or features that can be crafted to make a single user device elegantly resemble the unique user environment we have in our desktop environment?

Thank You

iOS 6 Features for Businesses

No votes yet

Apple has announced iOS 6, in developer preview today and shipping this fall. The full keynote address is available. Several features announced, and/or visible from the presentation, are relevant to business. (Note the developer preview is covered by Apple's non-disclosure agreement. This site respects the NDA and we will discuss only publicly-announced information.)

Apple's voice-enabled "personal assistant" Siri is has received some tutoring. Already on the iPhone 4S, it is coming to the new iPad (3rd Gen.). It can now integrate with Open Table to make restaurant reservations, sure to impress your customers. And for business trips, Siri will be integrated into the steering wheel button for 2014-model cars from several auto makers.

Photo Stream, one of the most helpful innovations of iOS 5, now works with shared groups. Group members can then comment on photos. This is going to be a killer feature for field teams working with photos. Photo upload now works within web forms too (particularly welcome for bloggers like me!).

FaceTime, currently WiFi only, will work over cellular too. Expect your data caps to be hit very quickly. This may be a great time to plan centralized telephony management.

For meetings, the iOS Phone app (yes, it is an app) gets some enhancements as well. When a call comes in, you can choose to Answer or Decline, or "Reply with Message." There's also a "Do Not Disturb" feature to send all calls (except for favorites) direct to voicemail during particular times.

Mail gets a "VIP Inbox" and per-account signatures. Also password-protected Microsoft Office docs can now be opened.

In iOS 6 the Maps app includes turn by turn navigation, 3D maps, flyover, and Siri integration.

Accessibility is already fantastic on iOS, but even this gets improvements. Look for a kiosk mode to disable hardware buttons — possibility a useful features even for non-disabled users.

Finally, some little tidbits mentioned in a quick slide (shown above): IPv6 support over WiFi and LTE, global HTTP proxies ought to force corporate security policies.

iOS 6 is expected this fall, and will work with the following devices:

  • iPhone 3GS and later
  • iPad 2nd & 3rd Gen
  • iPod touch 4th Gen.

Connect with Mobile Iron/Air Watch

TossCoin's picture
Your rating: None (1 vote)

Hi guys, I am working for a software company, which is currently thinking about cooperating with MobileIron or possibly AirWatch. Basically my company is building a tool that allows people to create apps and we'd like to give users a "one click publish" to MDM products like Mobile Iron and AirWatch. I'm wondering if there's a way to connect the two systems to make this possible. For example, is there specific data we need to send with the app file to Mobile Iron or AirWatch?

A use case would be:

1. I create my app in my creation tool.
2. When I'm done I click a "publish" button.
3. The app is automatically saved up to the MDM.
4. The MDM administrator can use the normal process for that MDMD to
deploy it to users.

Some words please? Thanks a lot!

Meetup for iOS Administrators June 21 in NYC: What's New from WWDC

No votes yet

Who Needs WWDC?

We'll have the latest news and gossip from WWDC straight from San Francisco. Connect with your fellow iOS masters, swap stories from the trenches, kibbitz about the announcements from WWDC, and get inspired.

Thursday, June 21

 What's New from WWDC

5:30p Event Begins and Bar Opens. We will have drink tickets compliments of our sponsors.
6:30p Brief Introductions from Our Hosts
7:30p Move upstairs Ace Hotel lobby bar

Check out our afternoon event, iPad® in Business Briefing: How To Increase Revenue & Improve Employee Productivity, starting at 3:30p. Register for that event separately.

Location

Ace Hotel (Liberty Hall)
20 West 29th Street at Broadway
New York, NY 10001

Our Sponsors

About This Site

  • Enterprise iOS is a community for administrators of the iPad, iPhone, and related devices. All content is available to browse. We encourage you to create an account to submit stories, edit wiki pages, and post to our forum.

Comparison of MDM Providers

Recent Activity

Who's New