Apple's iOS 5 Changes to .mobileconfig Enhance Security and Add Features (updated)

Your rating: None (4 votes)

(Update: AirWatch sent a useful summary of the changes. I've added them below.)

With the release of iOS 5, Apple has added some new features to its .mobileconfig specification. This is the fundamental specification for how Mobile Device Management services interface with the iPhone and iPad. This is the reason why so many MDM providers offer similar features. MDM providers are limited to providing new features until Apple updates this spec. So when Apple adds keys here, expect MDM providers to follow -- and the best to follow quickly.

Email

The most significant changes are with email payloads. A set of new keys allow for enhanced security.

PreventMove, if set to true, forces this email account into a fence. That is, messages received by this account cannot be moved into another account. This also prevents forwarding or replying from a different account than the original account.

PreventAppSheet, if set to true, prevents this account from being used in third-party applications.

SMIMEEnabled, and its companions SMIMESigningCertificateUUID and SMIMEEncryptionCertificateUUID, allow for signed and encrypted mail. SCEP-based credentials managed by the MDM system may be used here.

iCloud

There are a number of new keys for allows control over iCloud.

allowCloudBackup permits or disables iCloud device backup.

allowCloudDocumentSync will disable document syncing, while allowCloudKeyValueSync will disable key-value syncing, for apps that use that iCloud technology (not every app is document-based). Finally, allowPhotoStream can be used to disable iCloud storage of device photos.

Restrictions

forceITunesStorePasswordEntry prevents iTunes from saving your backup password. So you'll need to add it every time.

allowUntrustedTLSPrompt enhances SSL security by rejecting invalid certificates. The default behavior is to prompt the user, who may not think before tapping.

Here's a biggie: You can now disable voice and/or data roaming.

Wi-Fi

Wi-Fi payloads gain an AutoJoin keyword. It also more specifically describes known Wi-Fi networks by allowing specification of the EncryptionType and ProxyType.

Query

Battery Life can now be queried.

Share your ideas

bdogd's picture

bdogd

Joined: Nov 19, 2010

Good info

Your rating: None

Thanks Aaron.

This is great info and a good summary of what is new.

Top
Scoosh's picture

Scoosh

Joined: Dec 7, 2010

allowCloudKeyValueSync

Your rating: None (1 vote)

One of the MDM vendors indicated that allowCloudKeyValueSync will be folded under allowCloudDocumentSync

Top

Recent Activity