Our annual WWDC meeting was a big success, cramming over 50 people into a space designed for quite a few less even so, it was a great meeting of the minds, or at least a clinking of the glasses. Our sponsors MobileIron, Acronis and Tekserve deserve a very special shout-out for lubricating the whole shebang.
What do you think about repeating this next year, in a slightly larger space?
Photos after the break.
Apple, Inc. quotes “The iPhone is being used in 97% of Fortune 500, and the iPad is used in 98% of Fortune 500 and 93% of the Global 500 companies”.
What these numbers really mean? This means either employee bought their own devices (iPads, iPod Touch, iPhones) to connect to corporate network for checking emails or employee got their iPhone through corporate mobility programs or few brave companies deployed iPads for a specific use case.
What is their potential use? Mainly to use corporate emails, phone calls, imessages and other personal stuff.
While the devices are perfectly capable of handling many complex corporate applications that are in use as intranet applications or windows applications they are still restricted for several reasons until now. Even intranet sites are not mobile optimized to be viewed in iPhone or iPads. If you ask the question why, here are some obvious answers…
• We can’t manage iOS devices similar to how we manage windows laptops
• User experience is bad when they need to login through each App individually
• Data is not secured or encrypted on the device
• Secure connectivity to corporate network cannot be easily configured or managed
• App distribution is not easy – Users need to manually download the app and upgrade them
• Cost is high to develop enterprise Apps due to limited developers with Objective-C experience
At WWDC, Apple has clear response and answers for all these questions. With the introduction of new programming language “Swift”, opening up Touch ID and keychain to 3rd party Apps, App extensions, and B2B Apps they made adoption to enterprise easy and quick. There were several sessions focused on enterprise app development and deployment and dedicated resources to provide additional information. This will accelerate the migration of boring, non-intuitive windows applications and intranet sites to iOS Apps which will be secured, silently installed and managed by corporate programs.
Here are the details if you still think the questions are not answered…
Within the next few years this will change where new applications, functionality and use cases will be developed specifically for iOS devices once ROI (Return On Investement) can be justified through increase in employee productivity.
Stay tuned for more updates and feel free to add your comments…!
I've been going to Apple's Worldwide Developer Conference for many years, and this is one to remember. Not only are there a ton of new features for Mac and iOS, but this was perhaps the first WWDC with a section dedicated to Enterprise. ENTERPRISE! On Apple's biggest stage of the year. Excuse me while I take a moment.
OK, so in no particular order, here are some of my favorite enterprise features in iOS 8. It isn't the only list — see Apple's own list and Ryan Faas's too, among others. And there may or may not be additional features hiding within the Apple Developer Pre-Release Library.
- Continuity — silently create an Automatic HotSpot among Macs, iPads and iPhones, and stuff just flows between them. What stuff? iMessages already did this trick but now SMS messages do too. Web pages. Draft emails. Notes. Oh, and phone calls! You can now make calls from your Mac or iPad that quietly route through your iPhone to the carrier. I'm sure there is more here. This is a big feature. The Mac is now an accessory to your iPhone.
- Plugins for Shared Storage — this has the potential to be huge. Effectively connects any app to your enterprise document store for opening and saving.
- Interactive Notifications — Now you can respond to SMS messages & calendar appointments without leaving the Notification Center. More exciting, developers can create their own notification center plugins called Widgets. Lots of possibilities here.
- Improvements to Mail — New gestures, multiple windows (well, almost), VIP lists, per-message S/MIME controls, out-of-office controls
- QuickType — Not only predictive spelling, but predictive words and phrases too. Will pump new life into Damn You Autocorrect.
- Pluggable Keyboards — This one has me excited. For starters, I want to see this 2012 keyboard concept see the light of day.
- Exchange Calendar improvements — free/busy (yay!)
- Group Messaging improvements — Big improvements here, and this may replace similar systems for small-team communication. iMessage has proven to be quite secure.
- Expanded Data Protection — In addition to Mail, more of Apple apps are now encrypted (when you use a passcode): Calendar, Contacts, Reminders, Notes, and Messages.
- Managed Books and PDFs — automatically push these documents to managed devices
- New MDM Tools — Set device name, check last iCloud backup time, certificate-based SSO
- Use TouchID in Apps — Use your fingerprint instead of your password. Note this isn't necessary more secure, but it's quicker
iOS 8 Beta is available today from the Apple Developer Site. It is scheduled to be publicly released this Fall (Northern hemisphere, we assume). It will run on all devices down to iPhone 4S (not 4) and the three-year-old iPad 2.
What did I miss? Comment below. And if you are in San Fran tomorrow, join me us at [annual WWDC meetup!
I have a dilemma. My boss wants me to signup for the Enterprise Developer Program but I don't have the legal authority to act on behalf of my company. This is the third time he has asked me to complete this task and I have explained I don't have the authority to complete the registration. I'm not sure what to do and want some advice to complete it or tell him what to do.
Can someone help me or has someone experienced the same problem with there boss and how did they solve it?
We also want to sign up for the Apple Deployment Program but it is the same problem with sign up.
I'll be live-tweeting the WWDC keynote tomorrow, focusing on Apple's announcements to enterprise users. Tune into @EnterpriseiOS beginning at 10 am PDT to follow along!
What's in store? iOS 8 is a safe bet. For the enterprise? No idea. But each year Apple seems to add more and more enterprise-focused features. I look forward to updating this chart.
Can you push install apps over-the-air with MDM on supervised devices (if you have activated supervision via Apple Configurator, not using Device Enrollment Program)?
Meraki Whitepaper (Deploying Apple iOS in Education - https://meraki.cisco.com/lib/pdf/meraki_whitepaper_ios.pdf - chapter 10) says that on “[s]upervised devices [you] must be re-connected to Apple Configurator for app updates and [...] to remove any unsanctioned apps on the device.”
Does this mean MDM (and specifically Meraki) can't deploy apps over the air? And if so, is it just a limitation to them, or can MDM in general not do this unless they are using Device Enrollment Program?
Once each year Apple parts the blackout curtains and lets us peek at the future. The event is the Apple Worldwide Developer Conference, and this year both the keynote and the "Platform State of the Union" are being streamed live.
Date and Time:
Monday, June 2, 10 AM PDT / 1 PM EDT
Live streaming video requires Safari 4 or later on OS X v10.6 or later; Safari on iOS 4.2 or later. Streaming via Apple TV requires second- or third-generation Apple TV with software 5.0.2 or later.
It's the next best thing to being there. (And if you ARE going to be there, be sure to join us at our meeting in San Fran Tuesday night!
Apple has introduced education pricing for the iPad Air and Retina iPad Mini. Looks like $30 off in the US and around £20 in the UK.
While importing a placeholder for some iPads I was peeking through profilemanager.log , when I found this gem.
 [2014/05/22 16:17:21.942] I: Imported placeholder device "MH-Gary Ho_iPad Mini45", SerialNumber=F7NMXXXXXX84, IMEI=, MEID=, UDID=, DeviceID=, AirplayPassword=
What I did next was add a new column AirplayPassword= to the placeholder CSV and put a password in.
Uploaded the placeholder for an AppleTV and it added the Airplay password to my AppleTV Device in ProfileManager.
Just yesterday I added 20 AppleTVs to Profile Manager, I could have saved a few steps.
Following the uncharacteristically brief information found in this Support document, I have had no luck at all.
I've been trying to successfully move Apple Configurator and all its data from an old, slow Mac Mini to a much faster Mac Mini with more RAM, a more robust processor, etc. Using Migration Assistant, I've restored everything from a Time Machine backup - all user accounts, applications, etc. I verified that all the required directories & whatnot were copied over.
Nothing worked from the very beginning. I first continually got the "Unable to attach device to Apple Configurator" while running Configurator, and "iTunes could not connect to this iPad. Could not allocate a resource" when attaching a new iPad.
Doing some investigating, I came across tidbits of information which lead me to the /var/db/lockdown folder, which seems to contain a plist file for every supervised iPad connected to the Mac. This folder was correctly transferred with Migration Assistant.
But another file, /var/db/lockdown/SystemConfiguration.plist, contains only the UUID of the old Mac. When I changed the contents of this file to hold the UUID of the new Mac, I was finally able to get the 'Trust this computer?' message on the iPad, which then allowed it to be visible in Configurator.
In the long run, the most essential feature - loading up and removing paid apps from supervised iPads - does not work.
Every other Configurator task works as expected, from installing profiles to updating iOS. It correctly shows all the apps in our catalog, free and paid, but it fails when attempting to use a paid code, indicating that I must login to the VPP-linked AppleID in iTunes. Naturally, that does not fix anything.
Has anybody here @ enterpriseiOS successfully moved configurator from one Mac to another?
We are using supervised iDevices managed by Datomo.
User have the opportunity to install private apps in the unmannaged sector of the devices.
Our business apps are in the managed sector without opportunity for the user to move data between the sectors.
We are looking for a opportunity to deny the use of airprint on the iDevices because we don't want the user to redirect printjobs of business-data to a privat pc in wlan with airprint-simultator like "Presto Collobos".
Any ideas? Airprint is configurable but i can't deny the use.
Is there a posibility to deny the bonjour-protocol? Or to redirect it to dev/nul?
Maybe a proxy-setting for bonjour?
Is there a app who will catch the airprint-traffic before leaving the iDevice?
Apple has published a list of security content in iOS 7.1.1, which was released this afternoon. Here are the highlights:
- 'CFNetwork HTTPProtocol:' An attacker in a privileged network position can obtain web site credentials
- IOKit Kernel: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization
- Security - Secure Transport: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL
- WebKit: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Quite a bit for a dot-dot-one release. Set your compliance rules accordingly and encourage updates.
I'm curious: do any of you have stats on how quickly your users update?
MobileIron and Good confirm invulnerability to "Heartbleed" OpenSSL attack (updated with more providers)
We've been following the recent disclosure of a massive OpenSSL bug and its affect on MDM. This is a potentially major issue for device management. Due to the trust chain of Apple's APNS, an exposed MDM server may require all devices to be unenrolled and reenrolled by hand.
We've heard good news so far (excuse the pun) from
two three four providers:
Good Technology says:
Good Technology has confirmed that the versions of OpenSSL used by all Good servers and applications are not subject to the Heartbleed vulnerability.
- All released versions of VSP, Sentry, Connector, Atlas, Connected Cloud and cloud-hosted BYOD portal are NOT affected by the vulnerability and NO action is required by our customers.
- The on-premise BYOD Portal MAY by affected by the vulnerability, depending on the version of OpenSSL that is packaged with your version of Linux currently installed on your BYOD Portal server.
Update 4/10 5:50p: Maas360 is also fine.
I've reached out to other vendors but have not yet heard a response. If you have any news please share below, and I will update the thread.
It is worth repeating that the vulnerability is not the fault of the MDM vendor and not the fault of Apple. It's in a library of cryptographic functions that is very commonly used within other applications.
Having been involved in the Enterprise Mobility Management (EMM) sector for nearly two years, I have seen these technologies mature and evolve. The recent news of VMware purchasing AirWatch has left Gartner’s Leaders Quadrant with only two independent vendors, namely MobileIron and Good Technologies. What this means remains to be seen, but it certainly validates the importance of EMM technologies. With all the progress and changes in this space, choosing the right EMM for your business is becoming increasingly difficult.
Making sense of it all
With close to 50 EMM solutions out there, how does one identify the right one for your business? To simplify matters let’s start with similarities. All Mobile Device Management (MDM) vendors promote their features and benefits, which in reality are almost identical across all solutions because they are closely tied to application point interfaces (API’s) made available by the operating system (OS) vendors like Apple, Google and Microsoft. Every vendor has their own app for all these platforms, and most make use of third-party apps like TouchDown to manage Email on Android devices. In addition most provide an enterprise app store, which links to public apps and custom-developed apps and makes management and deployment of apps easier.
So how do they differ?
- Comparison of MDM Providers (713,575)
- Complete List of iOS User-Agent Strings (334,046)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (217,626)
- Apple Configurator vs. MDM (144,234)
- iOS Devices (104,300)
- Mobile Device Management (93,058)
- Apple Profile Manager (86,945)
- Batch Apple ID Creator (80,678)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (80,300)
- AirWatch (75,280)
Comparison of MDM Providers
Forum topic added by BannerBomb 2 days ago
Mobile Management Provider changed by ZuluDesk 6 days ago
Story comment by chammocks 1 week ago
Forum topic comment by kylepmorris 1 week ago
Forum topic comment by cathvan 1 week ago
Forum topic added by taylor 1 week ago
Forum topic comment by AhrimanSefid 1 week ago
Forum topic comment by feroj 1 week ago
Forum topic comment by AhrimanSefid 1 week ago
Forum topic added by AhrimanSefid 1 week ago
Forum topic comment by jacobanthony 1 week ago
Forum topic comment by priyaa 2 weeks ago
Forum topic comment by dhiyar 2 weeks ago
Forum topic comment by jetskigc 2 weeks ago
Forum topic added by jetskigc 2 weeks ago
Forum topic comment by DavidMaxy 2 weeks ago
Mobile Management Provider comment by Joel Ekstein 2 weeks ago
Forum topic added by taylor 3 weeks ago
Forum topic comment by ZuluDesk 3 weeks ago
Forum topic comment by Aaron Freimark 3 weeks ago