Choosing the right EMM for your business

No votes yet

Having been involved in the Enterprise Mobility Management (EMM) sector for nearly two years, I have seen these technologies mature and evolve. The recent news of VMware purchasing AirWatch has left Gartner’s Leaders Quadrant with only two independent vendors, namely MobileIron and Good Technologies. What this means remains to be seen, but it certainly validates the importance of EMM technologies. With all the progress and changes in this space, choosing the right EMM for your business is becoming increasingly difficult.

Making sense of it all

With close to 50 EMM solutions out there, how does one identify the right one for your business? To simplify matters let’s start with similarities. All Mobile Device Management (MDM) vendors promote their features and benefits, which in reality are almost identical across all solutions because they are closely tied to application point interfaces (API’s) made available by the operating system (OS) vendors like Apple, Google and Microsoft. Every vendor has their own app for all these platforms, and most make use of third-party apps like TouchDown to manage Email on Android devices. In addition most provide an enterprise app store, which links to public apps and custom-developed apps and makes management and deployment of apps easier.

So how do they differ?

Apps Supporting Managed Configuration

No votes yet

Managed Configuration is a feature introduced with iOS 7, and increasingly supported by MDM providers. It allows an iOS app to receive configuration from an MDM service. The MDM service sends a plist dictionary of keys and values to the app on installation. Some MDM services allow token substitution in the values. This enables a username, for example, to be automatically sent to the app so the user does not need to type it in manually.

In theory any app supporting the native preferences system will automatically support managed configuration. In practice some apps are designed with the feature in mind. Below is a list of apps we have found to support this feature.

Please feel free to edit this wiki page and add to the list.

How bad is the OpenSSL "Heartbleed" vulnerability for MDM?

No votes yet

Yesterday a vulnerability came to light in OpenSSL, which underpins much of the security infrastructure on web servers and application servers around the Internet. Today the technology world is on fire about the bug. Basically, any server running OpenSSL versions 1.0.1 through 1.0.1f is at risk to a simple query. There is an online tool available to check your servers.

The bug, however, doesn't only affect SSL. OpenSSL is also commonly used for generating the asymmetric encryption keys that are the foundation of, oh, the Apple Push Notification Service. And APNS is the foundation for MDM.

If your MDM service happens to be vulnerable, or was vulnerable any time in the last two years the bug has been available, then it is possible someone has stolen your server's private APNS key. And if they do that then your MDM is compromised. But since the attack leaves no trace, well it may be better to err on the safe side.

The "safe side" for MDM means revoking your APNS certificate, and re-enrolling all devices. By hand. That is going to be a huge a bucket of pain.

So here is hoping your particular MDM service is not and was not vulnerable. I've heard from a few already, but will wait for official statements to become available before posting. Watch this thread for more as this develops.

Got iTunes Volume Purchasing? Get six iWork & iLife apps for free.

No votes yet

Late last year Apple dropped the price of its suite of productivity apps to precisely zero dollars. Well, that is if you purchased a device after September 13, 2013. That was all well and good for individuals. But if you signed up for the institutional iTunes Volume Purchase Program (VPP) it wasn't so easy to send these "free" apps to devices.

Apple has simplified this — somewhat — and published the new information in a Knowledge Base article. Here is the beef:

  • You need to be enrolled in VPP.
  • You need to have an invoice or purchase order showing you purchased devices after September 13, 2013.
  • Includes Keynote, Pages, Numbers, iPhoto, GarageBand, and iMovie. (Keynote is Apple's PowerPoint alternative and is pretty damn good.) Each of these are normally $10.

See the document for the step by step. By the way, it appears this isn't all you can eat. You will be eligible for a quantity of free apps matching the quantity of devices purchased after the cutoff date. Let us know in the comments what your experience is.

WWDC: Did you get picked?

I won the lottery and am going!
13% (4 votes)
No, but I'm sure my invite was lost in the mail
27% (8 votes)
Didn't apply. Who wants to hang out with developer nerds anyway?
40% (12 votes)
I'm headed to San Francisco anyway, cause that's where the cool cats are
20% (6 votes)
Total votes: 30

QUICK Poll: What MDM Do You Use

bevo_79's picture
Your rating: None (2 votes)

What is everybody's preference for MDMs? We currently have a solution, but are looking to change.

Testing iOS Enterprise App Deployment

No votes yet

My company Tekserve has helped a number of enterprises distribute in-house apps to their employees. All too commonly, the distribution is delayed due to problems with the app provisioning profile. Below is the test we use to make sure apps have a correct provisioning profile and can be distributed correctly.

Step 1: Prepare the iOS device

Make sure the device is not registered on the Apple Developer Portal. Devices registered here may be used for ad-hoc distribution, but that is more limited than Enterprise.

Also, in Settings > General > Profile, the device should not have any provisioning profiles. Delete any profiles that may be listed. (The example below has lots of profiles that should be deleted.)

Step 2: Prepare the app

You should use Xcode to distribute and Save for Enterprise deployment. Select the provisioning profile that matches your app ID. You can not use a team provisioning profile here. Export as an IPA file.

Step 3: Launch Apple Configurator

Use only the “Prepare” pane for the following steps.

Step 4: Set up Apple Configurator as follows

To avoid erasing your device, be sure Supervision is off, and Update iOS is “Never”.

Step 5: Drag the IPA into the “Apps” tab

Check the checkbox when done.

Step 6: Connect the iOS device and click “Prepare”

If there are provisioning errors or bundle ID errors, Configurator will present an error at this step.

Step 7: When done, disconnect the iOS device and tap the app to launch.

The app may present a certificate to confirm that you want to run the app. That is OK. The app should launch successfully and not immediate quit to the home screen.

Microsoft Office for iPad: full-featured, freemium, and finally.

Your rating: None (1 vote)

Microsoft today woke up and smelled the iPads. Now available on the App Store: Excel, Word, and PowerPoint. We are told these are not Lite versions or ported from desktop, but full featured and robust. Free to download, they promise faithful read-only access to your Office docs. Document editing and sharing is unlocked with an Office360 subscription.

(Microsoft also announced an MDM offering that ties into Active Directory. That should be interesting to explore soon.)

Watch a video of the event (viewable on iPad!) or check out the reviews on several prominent sites:

Word, via Ars Technica

Excel, via TUAW

Like it? Tell us in the comments.

Users getting around Supervision profiles?...

wchestnutt's picture
No votes yet

Hi Everyone.

We have a fleet of devices out that are supervised by our dedicated terminal and provisioned with MDM in line with CESG guidelines.

My question is that it seems a user has wiped the device by entering the passcode too many times wrong, then taken the liberty to reinstall the mdm etc (in this case symantec app store). So in terms of reporting from our admin side the device looks normal, but in actual fact some of the restrictions have been removed such as game center, allowing connection to other macs, and allowing installation of other certificates due to the Supervision profile being removed!?..

How would we get around this and how can we enforce policy that stops users being able to do this.

Kind regards,

Apple Finally Kills off iPad 2 - Relaunches 16GB iPad 4 with Retina Display

benhuckle's picture
Your rating: None (4 votes)

I'm glad it's finally gone. It's a much better deal.

The 16GB iPad 4 is priced at £329/$399.

Cannot Complete iPhone Setup

sosullivan60's picture
No votes yet

I came across this issue when I got an iphone returned to me from a terminated employee.

I wanted to reset the iphone back to factory settings. When it came to the Apple ID section in the setup, it did not give me the option to bypass entering the Apple ID, but instead required me to enter an Apple ID and password. I did not have the credentials, and couldn't get past this step. As a result I couldn't finish the setup of the iphone, and now it is just a brick, and unusable.

I want to know if there is an Enterprise solution that I can use so that I can avoid this happening in the future. In other words, I want to keep the employee from creating and setting up the iphone with their Apple ID. Can I lock this step in the setup, or is there another way to keep employees from setting up there own Apple Id on a company owned device.

Thanks for your help with this.

VPP's Managed Distribution your experience?

danny33c's picture
No votes yet

If your MDM is able to use Managed Distribution instead of code redemption I'd like to know what your experience has been like. We are using Casper MDM and as of March 12, 2014 it has not been implemented.

I read the early posts from November from the AirWatch users, is that going any better?

iPad Cases - Which ones are you using?

danny33c's picture
Your rating: None (2 votes)

Not positive if this is the correct head forum topic for this but...

I'm wondering which iPad cases you use and why you chose that one.

We started with 300 iPad 4's and the Apple case. They worked pretty good, we had very few broken screens. Apple stopped production on the rubber case and now only have the leather ones. We ordered 700 more iPad Airs, and in haste, ordered a case from Jison. It is not the best case, and we are experience a very high breakage rate.

We are finding that cases are either very rugged (protective), but not full featured as in ways to prop up, easy access to buttons, etc. OR the case is full featured, but not very rugged.

Have you found a case that is both very protective yet has good prop and access to iPad features?

Thanks,
Dan

Apple Configurator 1.5 encourages MDM enrollment & integrates with Bretford carts

Your rating: None (1 vote)

Happy Birthday! Everyone's favorite iOS mass deployment tool, Apple Configurator, is another dot-release old. Download for free from the Mac App Store.

Quote:

What's New in Version 1.5

Apple Configurator 1.5 contains improvements and bug fixes including:

  • Enroll both unsupervised and supervised devices in MDM using enrollment URLs
  • Integration with new Bretford PowerSync+ Carts and Stations to report progress and status and display physical port numbers
  • Support for a new iOS setting to require a passcode for initial AirPlay connection

About the security content of iOS 7.1

No votes yet

An extensive list of the security fixes in iOS 7: http://support.apple.com/kb/HT6162

About This Site

  • Enterprise iOS is a community for administrators of the iPad, iPhone, and related devices. All content is available to browse. We encourage you to create an account to submit stories, edit wiki pages, and post to our forum.

Comparison of MDM Providers

Recent Activity

Who's New