Typically two kind of business Apps are in demand:
1. File sharing apps
2. Communication apps(email,chat)
3. Anti Virus/Anti Malware apps(lets not talk about iOS here)
Has anyone seen or worked on such kind of apps integrated with MDM specially for authentication purpose.
Also any MDM which provides AV too, and for all the platorms.
Hi I am new to the forums and would like to know if anyone knows of a way or app that can lock down devices proxy server settings? I have contacted apple who say this isnt possible through xml files or the apple config tool so would like to know if anyone has come across any mdm software that can do this.
We use Ipads in Bank branches and do not want users (customers) to be able to in put a proxy server setting that could potentislly divert customer data to a personal proxy.
Any idea or comments would be much appreciated
With this new release, IT administrators can maintain security across both iOS and Mac OS X Lion operating systems to ensure consistent policies and profiles throughout their organization. This new update also enables organizations to manage corporate liable, employee liable (BYOD) or shared Mac OS X Lion devices throughout the entire device lifecycle. As part of the company’s commitment to the Mac platforms, AirWatch plans to support the new features in Apple’s upcoming Mac OS X 10.8 release.
The initial OS X management release includes MDM capabilities for web-based enrollment; commands to remotely lock and wipe devices; and device and application list query. Support for profile management capabilities include:
• Passcode and policy settings
• Email (POP, IMAP, SMTP) and exchange settings
• Wi-Fi and VPN configurations
• Certificates and simple certificate enrollment protocol (SCEP)
• Lightweight directory access protocol (LDAP), calendaring extensions to WebDAV (CalDAV) and contact extensions to WebDAV (CardDAV)
• Custom profiles
Hi we currently have no iOS devices deployed and are in the process of acquiring iPads and an MDM. I have demoed several MDMs all of which have different odds and ends. We are a school district and have multiple users per device with 5 times as many unique users as devices. We were wondering if there is a MDM with an over the air Check In/Out type features or features that can be crafted to make a single user device elegantly resemble the unique user environment we have in our desktop environment?
Apple has announced iOS 6, in developer preview today and shipping this fall. The full keynote address is available. Several features announced, and/or visible from the presentation, are relevant to business. (Note the developer preview is covered by Apple's non-disclosure agreement. This site respects the NDA and we will discuss only publicly-announced information.)
Apple's voice-enabled "personal assistant" Siri is has received some tutoring. Already on the iPhone 4S, it is coming to the new iPad (3rd Gen.). It can now integrate with Open Table to make restaurant reservations, sure to impress your customers. And for business trips, Siri will be integrated into the steering wheel button for 2014-model cars from several auto makers.
Photo Stream, one of the most helpful innovations of iOS 5, now works with shared groups. Group members can then comment on photos. This is going to be a killer feature for field teams working with photos. Photo upload now works within web forms too (particularly welcome for bloggers like me!).
FaceTime, currently WiFi only, will work over cellular too. Expect your data caps to be hit very quickly. This may be a great time to plan centralized telephony management.
For meetings, the iOS Phone app (yes, it is an app) gets some enhancements as well. When a call comes in, you can choose to Answer or Decline, or "Reply with Message." There's also a "Do Not Disturb" feature to send all calls (except for favorites) direct to voicemail during particular times.
Mail gets a "VIP Inbox" and per-account signatures. Also password-protected Microsoft Office docs can now be opened.
In iOS 6 the Maps app includes turn by turn navigation, 3D maps, flyover, and Siri integration.
Accessibility is already fantastic on iOS, but even this gets improvements. Look for a kiosk mode to disable hardware buttons — possibility a useful features even for non-disabled users.
Finally, some little tidbits mentioned in a quick slide (shown above): IPv6 support over WiFi and LTE, global HTTP proxies ought to force corporate security policies.
iOS 6 is expected this fall, and will work with the following devices:
- iPhone 3GS and later
- iPad 2nd & 3rd Gen
- iPod touch 4th Gen.
Hi guys, I am working for a software company, which is currently thinking about cooperating with MobileIron or possibly AirWatch. Basically my company is building a tool that allows people to create apps and we'd like to give users a "one click publish" to MDM products like Mobile Iron and AirWatch. I'm wondering if there's a way to connect the two systems to make this possible. For example, is there specific data we need to send with the app file to Mobile Iron or AirWatch?
A use case would be:
1. I create my app in my creation tool.
2. When I'm done I click a "publish" button.
3. The app is automatically saved up to the MDM.
4. The MDM administrator can use the normal process for that MDMD to
deploy it to users.
Some words please? Thanks a lot!
Who Needs WWDC?
We'll have the latest news and gossip from WWDC straight from San Francisco. Connect with your fellow iOS masters, swap stories from the trenches, kibbitz about the announcements from WWDC, and get inspired.
Thursday, June 21
5:30p Event Begins and Bar Opens. We will have drink tickets compliments of our sponsors.
6:30p Brief Introductions from Our Hosts
7:30p Move upstairs Ace Hotel lobby bar
Check out our afternoon event, iPad® in Business Briefing: How To Increase Revenue & Improve Employee Productivity, starting at 3:30p. Register for that event separately.
Ace Hotel (Liberty Hall)
20 West 29th Street at Broadway
New York, NY 10001
Update 2013 April 23: Greg has released the Apple ID Automation Builder as the successor to this AppleScript. Please check that out too!
Purpose & Features
Deploying a great quantity of iOS devices means creating a great quantity of Apple IDs. This script allows automated Apple ID creation from a spreadsheet. Apple IDs are created without a credit card, which is great for many deployments. There is a "dry run" feature to test the script without actually creating the Apple ID.
- IMPORTANT: Apple uses a velocity check to prevent too many Apple IDs from a single IP address. You must contact your Apple business representative to request that your IP address is whitelisted for a short time.
- Being AppleScript, this runs only on Macs.
- iTunes 10.7 is currently required. Future versions may break the script.
- UI Scripting allows us to script otherwise non-scriptbale interfaces. Turn this on in System Preferences > Accessibility and check "Enable access for assistive devices."
- Apple has strong password requirements. Account creation will fail if the passwords are too weak.
A template CSV file is included. Fill out all columns, keeping the column headers, and save as CSV. Then run the script.
As of iTunes 10.6.1 Apple has required three security questions. The Batch Apple ID Creator allows you to choose the questions from the list below. Each question should be copied into the appropriate spreadsheet column (Security Question 1, 2 or 3) exactly as typed below.
Security Question 1
- What is the first name of your best friend in high school?
- What was the name of your first pet?
- What was the first thing you learned to cook?
- What was the first film you saw in the theater?
- Where did you go the first time you flew on a plane?
- What is the last name of your favorite elementary school teacher?
Security Question 2
- What is your dream job?
- What is your favorite children's book?
- What was the model of your first car?
- What was your childhood nickname?
- Who was your favorite film star or character in school?
- Who was your favorite singer or band in high school?
Security Question 3
- In what city did your parents meet?
- What was the first name of your first boss?
- What is the name of the street where you grew up?
- What is the name of the first beach you visited?
- What was the first album that you purchased?
- What is the name of your favorite sports team?
Errors are not handled gracefully. Although some errors are recoverable, if the script stops, it loses track of its progress. Edit the spreadsheet to continue.
At the end of this script, Apple will send a verification email to the Apple ID. To complete verification, click the link in the message, then re-enter the account address and password.
The files are downloadable from GitHub: https://github.com/aaronfreimark/Apple-ID-AppleScript Feel free to fork and improve.
This script was originally created by Enterprise iOS user Greg Moore, who works for Hope Public Schools in Hope, Arkansas. Aaron Freimark then updated the script to work with iTunes 10.6.1 and the multiple recovery questions. Discuss on EnterpriseiOS.com. This script or derivatives must not be sold. If you make it better, please give back to the community that brought it to you.
I have an question regarding app distribution system via app store.
I have an app on app store which interacts with a different client-servers at various locations. It functions like version 1.0 of iphone app will be able to properly interact with version 1.0 of the client-server. Now the problem is few of my clients are late/reluctant in upgrading their server to which the iphone users connect. Once I release an update(say 2.0 ) for my iphone app there are few client-server which are still running 1.0 version. And if the end users of these clients installs the update (2.0 ) for his iphone app (unknowingly, the client-server which he is gonna connect to is still on 1.0 ), he makes his app unusable.
how to deal with these types of scenarios?
Can I develop my new updates to the application which interacts with the server before upgrading themselves OR can I develop something which automatically rolls back the update if server version mismatches?
Kindly suggest how to deal with this problem!
Would extremely grateful for your suggestions.
Apple has posted a white paper on iOS Security. The document is an overview of device booting, code signing, runtime security, encryption and data protection, keychain, configuration enforcement, and Mobile Device Management.
This document provides details about how security technology and features are implemented within the iOS platform. It also outlines key elements that organizations should understand when evaluating or deploying iOS devices on their networks.
Some fun excerpts:
- When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted.
- If one step of this boot process is unable to load or verify the next, boot-up is stopped and the device displays the “Connect to iTunes” screen. This is called recovery mode. If the Boot ROM is not even able to load or verify LLB, it enters DFU (Device Firmware Upgrade) mode. In both cases, the device must be connected to iTunes via USB and restored to factory default settings.
- To prevent devices from being downgraded to older versions that lack the latest security updates, iOS uses a process called System Software Personalization.
- To ensure that all apps come from a known and approved source and have not been tampered with, iOS requires that all executable code be signed using an Apple-issued certificate.
- At runtime, code signature checks of all executable memory pages are made as they are loaded to ensure that an app has not been modified since it was installed or last updated.
- All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device. This prevents apps from gathering or modifying information stored by other apps.
- Each app has a unique home directory for its files, which is randomly assigned when the app is installed.
- The entire OS partition is mounted read-only.
- System shared library locations are randomized at each device startup.
- The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing.
- The UID is unique to each device and is not recorded by Apple or any of its suppliers. The UID allows data to be cryptographically tied to a particular device.
- The “Erase all content and settings” option in Settings obliterates all the keys in Effaceable Storage, rendering all user data on the device cryptographically inaccessible.
- By setting up a device passcode, the user automatically enables Data Protection.
- Keychain items can only be shared between apps from the same developer.
- Because iOS achieves a reduced attack surface by limiting listening ports and removing unnecessary network utilities such as telnet, shells, or a web server, it doesn’t need firewall software.
- Administrators can enforce complex passcode requirements and other policies using MDM or Exchange ActiveSync,
President Barack Obama receives the Presidential Daily Briefing from Robert Cardillo, Deputy Director of National Intelligence for Intelligence Integration, in the Oval Office, Jan. 31, 2012. Part of the briefing was done using a tablet computer. (Official White House Photo by Pete Souza)
Also, the U.S. Government is going BYOD...
In the world of iOS corporate deployments, there is always a question about how the data is protected on those devices.
The Apple’s answer to that problem is called : Data Protection. A generic term that would need some explanation. I’d like to gather here the state of knowledge about that feature, so everybody can understand what « Data Protection » really is.
To make it simple, since iPhone 3GS every iOS device produced includes a dedicated AES-256 cryptographic chip that is used by the OS itself or third-party applications using some APIs.
The OS uses this chip to encrypt all data on the device using the UID (which is unique) of the device to generate the encryption key.
Data Protection is only an additional layer that allow (or force) the user, by choosing a passcode, to protect the iOS encryption key itself.
Here are some of the most interesting articles/documents on that subject so that you can get a better idea of what Data Protection really is and what it can do:
- Apple: Understanding iOS Data Protection
- Elcomsoft: overcoming iOS Data Protection
- SOGETI: iOS Data Protection in depth
- SOGETI: iOS 5 data protection updates
- SECUREOSIS: Defending iOS Data
And we maintain a List of Apps that support Apple Data Protection.
(originally via iOS4Business.)
User-Agent strings are a standard part of HTTP used to identify a particular client to the web server. The web server can then choose to send customized content to that device.
iOS sends specific User-Agent strings that can identify the specific device and version of iOS. The following tables list the iOS UA prefixes.
|User-Agent prefix||Apple product|
|Apple-iPhone/||iPhone, 3G or 3GS with iOS 3.x|
|Apple-iPhone1C2/||iPhone 3G with iOS 4.x|
|Apple-iPhone2C1/||iPhone 3GS with iOS 4.x|
|Apple-iPhone3C1/||iPhone 4 GSM|
|Apple-iPhone3C2/||iPhone 4 GSM|
|Apple-iPhone3C3/||iPhone 4 CDMA|
|Apple-iPhone5C1/||iPhone 5 GSM|
|Apple-iPhone5C2/||iPhone 5 CDMA|
|Apple-iPhone5C3/||iPhone 5C GSM|
|Apple-iPhone5C4/||iPhone 5C CDMA|
|Apple-iPhone6C1/||iPhone 5S GSM|
|Apple-iPhone6C2/||iPhone 5S CDMA|
|Apple-iPhone7C1/||iPhone 6+ CDMA|
|Apple-iPhone7C2/||iPhone 6 CDMA|
|Apple-iPod/||iPod touch 1st, 2nd or 3rd generation with iOS 3.x|
|Apple-iPod2C1/||iPod touch 2nd generation with iOS 4.x|
|Apple-iPod3C1/||iPod touch 3rd generation with iOS 4.x|
|Apple-iPod4C1/||iPod touch 4th generation|
|Apple-iPod5C1/||iPod touch 5th generation|
|Apple-iPad/||iPad with iOS 3.2.x|
|Apple-iPad1C1/||iPad with iOS 4.2.x|
|Apple-iPad2C1/||iPad 2 WiFi|
|Apple-iPad2C2/||iPad 2 WiFi + 3G GSM|
|Apple-iPad2C3/||iPad 2 WiFi + 3G CDMA|
|Apple-iPad2C4/||iPad Mini - WIFI|
|Apple-iPad2C5/||iPad Mini - WIFI + LTE|
|Apple-iPad3C1/||iPad (3rd generation) WiFi|
|Apple-iPad3C2/||iPad (3rd generation) WiFi + 4G Verizon / International|
|Apple-iPad3C3/||iPad (3rd generation) WiFi + 4G AT&T / International|
|Apple-iPad3C4/||iPad (4th Gen, WiFi Only)|
|Apple-iPad3C5/||iPad (4th Gen, GSM, NA LTE)|
|Apple-iPad3C6/||iPad (4th Gen, CDMA, LTE)|
|Apple-iPad4C1/||iPad Air - WiFi|
|Apple-iPad4C2/||iPad Air - WiFi + LTE|
|Apple-iPad4C4/||iPad Mini with Retina Display - WIFI|
|Apple-iPad4C5/||iPad Mini with Retina Display - WIFI + LTE|
Below is the complete list of known iOS UA identifiers.
Exchange ActiveSync (EAS) is an XML-based protocol that communicates over HTTP (or HTTPS) designed for the synchronization of email, contacts, calendar, tasks and notes from a messaging server to a mobile device. The protocol also provides mobile device management and policy controls. (— Wikipedia, which has a useful history of Exchange ActiveSync versions.)
|iOS Version||Exchange ActiveSync protocol version|
|iOS 3.x||v2.5, v12.1|
|iOS 4.x||v2.5, v12.1, v14.0|
|iOS 5.x||v2.5, v12.1, v14.0|
Pencil in your calendars or tap into iCal: our virtual community is going live with a flesh-and-blood (not too much blood I hope) meet-up in June 21 in New York City. Connect with your follow iOS masters, swap stories from the trenches, kibbitz about the announcements from WWDC, and get inspired. We'll have a sponsor or two so the drinks will be free!
5:30 – 8:00 PM in the Flatiron District. I will post more details very soon.
About This Site
- Comparison of MDM Providers (570,949)
- Complete List of iOS User-Agent Strings (226,064)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (147,740)
- Apple Configurator vs. MDM (111,208)
- Mobile Device Management (75,156)
- Apple Profile Manager (62,193)
- AirWatch (60,718)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (57,010)
- Batch Apple ID Creator (54,821)
- Absolute Manage (54,527)
Comparison of MDM Providers
Forum topic comment by afurbee 22 hours ago
Forum topic comment by afurbee 23 hours ago
Forum topic comment by UESCDurandal 1 day ago
Forum topic comment by David Acland 1 day ago
Forum topic added by bugmeister 1 day ago
Forum topic added by sddu 1 day ago
Forum topic comment by JanMeier 3 days ago
Wiki Page changed by TFiske 3 days ago
Forum topic comment by janeitzey 4 days ago
Story comment by robotech 4 days ago
Forum topic comment by stevie-nz 5 days ago
Forum topic comment by pippenlane 6 days ago
Forum topic comment by pippenlane 1 week ago
Forum topic added by stevie-nz 1 week ago
Forum topic comment by afurbee 1 week ago
Mobile Management Provider changed by JAMFSoftware 1 week ago
Mobile Management Provider changed by codeproof 1 week ago
Forum topic comment by HCCSC John H 1 week ago
Forum topic comment by Jess Murphy 1 week ago
Forum topic added by HCCSC John H 1 week ago