Exchange profile password expiry
Hello,
So in our environment we have an MDM platform which deliveries a exchange payload. All the information is completed apart from the password field as this expires every 90 days as per our corporate policy.
We also have account changes locked down as we don't allow personal email or apple IDs.
What I am experiencing so far is that when an exchange password expires, the user never gets prompted to input the password again, and doesn't have access to the account (due to the lock down) so they can't update the password!
Does anyone have a clever way of managing this other than moving users into a permissive policy group periodically?!
Thanks!
Avoid second Apple ID login when supervising with apple configurator.
Hi,
I have iOS 9.3.1 on an iPad which I am supervising via Apple configurator. It is not DEP enrolled.
I am looking into the what the optimal enrollment flow might be when we need to deploy several hundreds. (If they are not DEP enrolled).
When executing the supervision proces via Apple Configurator 2 then it is activating the iOS devices with the apple ID I am currently logged on with in Configurator. Everything progresses as expected and I end up with a device supervised by my organisation.
However, I am forced to log in with my apple ID AFTER the actual activation. Am I doing something wrong or is the some way of skipping this step?
The purpose of supervising is to avoid no entering the organisation Apple ID several times, which works for activation but iOS still requires me to log in with an apple ID to access iCloud, iTunes, App Store etc.
Building an Update station for iOS
Hello everyone,
Hoping someone here has an idea for me. I work with an IOS reseller and we provide technical support to end users. At the moment we use a caching server in each store, and mix that with manually updating customers iOS devices via iTunes. This is a huge part of the business, and we are inundated with customers requiring updates. This means our techs spend all their time updating devices rather than helping customers with tech queries.
I have looked into bring Apple Configurator 2 to streamline and improve the process, but does anyone have any better ideas on how to build a dedicated updates station? Apple Config 2 workflow works really nicely, but management don't want customers data to backup to our devices so I'm a bit stuck.
All we need it to do is: Plug device in, updates device. Preferably by itself. We can do it manually, but anyone have any better ideas?
Thanks in advance!
G
APNs with Always-On IKEv2 VPN
We have an always-on IKEv2 VPN with a Global HTTP Proxy profile pointing to our internal proxy server.
We are using AirWatch in the cloud to manage the devices.
When the VPN is on APNs doesn't seem to be connecting the devices.
We have opened up the full 17.0.0.0/8 address block into our environment for TCP ports 5523, 2195, 2196 and 443 as described in this apple document - https://support.apple.com/en-gb/HT203609
Do we also need to apply the rule the other way so that the devices can connect back to APNs?
AirWatch seem to suggest that the devices don'e connect back to APNs and instead connect straight back to the console.
Can someone help with this please?
All the new stuff for enterprises in iOS 9.3
Apple's released iOS 9.3 about a week ago, then pulled it for many devices, then re-released it yesterday, hopefully for good. There's a LOT of new features for enterprise in here, and we'll try to break it down for you.
Some of these features require MDM support, so you will need to wait for your MDM to support them. Others only need a configuration profile which you can create with Apple Configurator 2 or by hand (if you are adept at manipulating XML), and then distribute using your MDM. Apple's configuration profile reference is now a public document.
ALL of the new commands require Supervision on your devices to prove that they are corporate-owned. Supervision is available by the Device Enrollment Program, or by the Mac software Apple Configurator, or by using the cross-platform GroundControl (disclaimer: that's my company).
Lost Mode
Requires MDM Support
Supervised Only
Allows MDM to retrieve the longitude and latitude of a device marked “Lost”, and displays custom text (such as a phone number) on the lock screen. Seems to be the enterprise version of “Find My iPhone” without the hassles of Apple IDs and activation lock.
Home Screen Layout
Configuration Profile: Example
Supervised Only
Enforce home screen icon positions, locking apps in place and making them undeletable.
App Whitelist and Blacklist
Configuration Profile: Example
Supervised Only
Prevents apps listed (including all built-in Apple apps except Settings and Phone) from being shown or launchable, or specifies a whitelist of apps that are the ONLY ones that can launch. If you try to include Settings in the payload the device will reject the configuration profile. This is a long-awaited feature and we're happy to have it (although we wish it could hide Settings too).
Shared iPads & Education Features
Configuration Profile & MDM support required
Supervised Only with new shared device mode
Now labeled a “Preview”, Shared iPads are initially being promoted by Apple for education use only. Setup involves multiple steps, and requires several tools. There's a new Apple School Manager system that's a bit like DEP and a bit like our Apple ID Batch Creator. We’ll explore this more in the future. Allows a school to specify users & classes & groups, assign these to specific devices, and log out users from devices.
Set Notifications
Configuration Profile
Supervised Only
Specify which apps should get which notification types (none, banner, modal alert, etc.)
Lock Screen Text
Configuration Profile: Example
Supervised Only
iOS 9.3 now prints (very) small text at the bottom of the lock screen. Two configuration profile keys allow administrators to specify additional information: an Asset Tag and and an "If Lost..." message.
New Restrictions
Configuration Profiles
Supervised Only
New restrictions to block the Apple Music service, block iTunes Radio, prevent changes to Notifications settings, and to restrict Safari password saving to specified domains only.
About the security content of iOS 9.3
Apple has published a list of security updates in iOS 9.3: https://support.apple.com/en-us/HT206166
Iphone Configuration utility for Windows?
I am looking to deploy wifi connection profiles to iOS 9 users in my company. It looks like there was a utility called IPHONE CONFIGURATION UTILITY available for earlier IOS versions but it's not available anymore. Can someone pls advise what tool can i use on a windows platform (preferred) to create such wireless connection profiles for mass deployment ?
Thanks in advance
New MDM Features in iOS 9.3
There's been a lot of press on the new features coming out for iOS 9.3, but most of this hasn't covered the more subtle, MDM functionality enhancements. Namely:
- Ability to enable/disable apps from running
- Ability to reconfigure icon layout on the Home Screen
- Control over notification settings
- Additional restriction options
- Safari auto-fill domain control
We go into more depth in the following article:
http://simplemdm.com/2016/03/04/ios-9-3-to-bring-new-mdm-features/
Feel free to respond, I'll answer any questions the best that I can
iOS MDM profile renewal
Hi,
I was wondering whether anyone can explain what's meant to happen when a managed device's MDM profile is close to expiry.
Should it auto-renew somehow? I ask because in the past I've seen iOS show a Renew button (which never worked for us), and we're constantly getting cases where devices had expired management profiles and need to be re-enrolled (surely re-enrollment isn't how the whole renewal process has to work) .
Thanks
Peter
Installing App Remotely, Gotchas
Wanted to share a useful article on how one can deploy apps to iOS devices remotely. It's geared for those of us who haven't had as much experience with MDM, VPP, and Supervision and are looking for an explanation on the different moving pieces. It also includes a few helpful tips on avoiding some of the annoying gotchas.
Here's the link: http://labs.wrprojects.com/install-apps-remotely-to-ipads-and-iphones/
MDM feature request
Hi,
Can you help me understand what MDM feature you use the most?
Also, If any MDM features you think are important and are missing from current MDM vendors(Can also be about features which are not well implemented).
Appreciate your replies.
Thanks,
Preetham
Updating apps in Single App Mode?
When Single App mode is turned on, is it possible to update an enterprise app that is running without user intervention?
I’ve tried two MDM services. Thus far, when I push an enterprise app update to a supervised device in Single App mode, nothing happens. I have to change the profile to turn off Single App mode and push that profile change, then push the app update, then springboard appears prompting the user to update or not, then re-enable Single App mode and push that profile change when updating is done.
We want our iOS devices to be used in a way such that only our enterprise app is allowed to run, but also have the ability to update the enterprise app remotely without requiring someone with physical access to the devices to press "OK" to accept an app update.
Managed Apple IDs - Hopefully the end of this script!
Apple is finally making an official way to bulk create Apple IDs
Updating device-based VPP apps
Hi.
Does someone know how the process for updating device-based VPP apps with Profile Manager ?
When no Apple ID is set on the device, the trigger in iTunes Store & App Store settings to download automatically the updates of apps is accessible (whereas the first 3 ones that set the automatic downloading of new content purchased are obviously hidden).
So the question could be : did someone have the chance to check if the trigger also applies to device-based VPP apps ?
Best regards.
Basic queries about MDM
Hi,
I'm a newbie to MDM and am still trying to figure out how all the pieces fit together. Have a query I hope the Gurus can help answer.
Is the following correct? From the moment it registers itself with Apple, each device maintains a persistent connection with the APNS service via the "apsd" deamon. This connection serves as the underlying "pipe" that helps the apsd deamon, on its part, offer the publish-subscribe service that helps client apps (aka the subscribes) receive "messages" from the publisher (aka APNS in this case). If this is true then
My query concerns how a device gets its unique token from APNS. Per my understanding, an application needs to register itself with APNS for it to be able to receive notifications...and as a part of this registration process, the APNS service returns a unique App Specific "token" to the app...how does this pan out in the MDM context...what's this app? Who decides the topic to use? The reason for me to ask this is because the MDM Check-In protocol requires the device to send the "Topic" and "Token" during the final TokenUpdate step. Without an app, where does the "Topic" and "Token" come from?
Any responses would be greatly appreciated.
Thanks and Regds
Popular content
- Comparison of MDM Providers (945,601)
- Complete List of iOS User-Agent Strings (481,607)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (290,260)
- How the iPad ruined the lives of IT architects (224,885)
- iOS Devices (222,793)
- Apple Configurator vs. MDM (185,205)
- Apple Profile Manager (127,991)
- Mobile Device Management (120,333)
- Batch Apple ID Creator (112,896)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (108,030)
Recent Activity
-
Mobile Management Provider changed by Frank Klotz 2 years ago
-
Mobile Management Provider changed by bugfrisch 2 years ago
-
Mobile Management Provider changed by taylor 2 years ago
-
Mobile Management Provider changed by dmlarry 2 years ago
-
Mobile Management Provider changed by codeproof 2 years ago
-
Story added by Aaron Freimark 2 years ago
-
Mobile Management Provider changed by SteJohGbg 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by ZuluDesk 3 years ago
-
Wiki Page added by digitalmarketin... 3 years ago
-
Mobile Management Provider changed by Mahesh 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by Neeraj 3 years ago
-
Story added by DaddyOfThr33 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by sb-miradore 3 years ago
-
Story comment by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago