iphone in Business Mobile Device Management



Similar documents
ipad in Business Mobile Device Management

Deploying iphone and ipad Mobile Device Management

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

LabTech Mobile Device Management Overview

Absolute Manage MDM. John Wu Systems Engineer

PMDP is simple to set up, start using, and maintain

Deploying iphone and ipad Security Overview

ios Enterprise Deployment Overview

ipad in Business Security

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

ManageEngine Desktop Central. Mobile Device Management User Guide

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

iphone in Business How-To Setup Guide for Users

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

McAfee Enterprise Mobility Management

iphone in Business Security Overview

Deploying iphone and ipad Apple Configurator

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

QuickStart Guide for Mobile Device Management

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

Introduction to AirWatch and Configurator

QuickStart Guide for Mobile Device Management. Version 8.6

FINAL DRAFT. APPLE ios 9 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) CONFIGURATION TABLE. Version 1, Release 0.1.

Managing OS X with Configuration Profiles

ENTERPRISE SECURITY. ios Security Lecture 5 COMPSCI 702

Deploying iphone and ipad Apple Configurator

Mobile Device Management and Security Glossary

Mobile Device Management ios Policies

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

Networking & Internet: Enterprise Deployment

Systems Manager Cloud Based Mobile Device Management

Bell Mobile Device Management (MDM)

Telstra Mobile Device Management (T MDM) Getting Started Guide

iphone and ipad in Business Deployment Scenarios

Cloud Services MDM. ios User Guide

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

AirWatch for Android Devices

Vodafone Secure Device Manager Administration User Guide

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Fromdistance MDM Feature Sets. Symbian^3 & S60. Windows Mobile

Workplace-as-a-Service BYOD Management

Ensuring the security of your mobile business intelligence

DEVICE MANAGEMENT EXTENSIONS

Sophos Mobile Control Technical Guide. Product version: 3

Guidance End User Devices Security Guidance: Apple ios 7

Cisco Mobile Collaboration Management Service

The Centrify Vision: Unified Access Management

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

Kaspersky Security for Mobile Administrator's Guide

Mobile Device Management Solution Hexnode MDM

BES10 Cloud architecture and data flows

Windows Phone 8.1 Mobile Device Management Overview

Corporate-level device management for BlackBerry, ios and Android

QuickStart Guide for Managing Mobile Devices. Version 9.2

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

company policies are adhered to and all parties (traders,

Sophos Mobile Control Technical Guide. Product version: 3.5

Mobility Manager 9.5. Users Guide

Copyright 2013, 3CX Ltd.

Copyright 2013, 3CX Ltd.

Configuration Profiles Reference Guide

itunes: About ios backups

Mobile Device Management for CFAES

Prerequisites Guide for ios

Managing Mobility. 10 top tips for Enterprise Mobility Management

User Manual for Version Mobile Device Management (MDM) User Manual

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Kaseya 2. User Guide. Version 1.0

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

ios Education Deployment Overview

Mobile Device Management Version 8. Last updated:

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Sophos Mobile Control User guide for Apple ios. Product version: 4

End User Devices Security Guidance: Apple ios 8

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

AirWatch for ios Devices

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

IOS MDM PROTOCOL SIMPLE COMMAND REFERENCE

User Guide. Version R9. English

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

Thanks for joining We ll start at 10am

Product Manual. Mobile Device Managment Version 8.1. Last Updated: 06/07/15

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

System Configuration and Deployment Guide

How To Use A Microsoft Mobile Security Software For A Corporate Account On A Mobile Device

Introduction to the ios Platform Guide

Mobile Configuration Profiles for ios Devices Technical Note

Mobile Device Management

User Guide. Version R92. English

Kaseya 2. User Guide. Version 7.0. English

Oracle Mobile Security

Systems Manager Cloud-Based Enterprise Mobility Management

Manage Mobile Devices

Mobile Device Manager. Windows User Guide (Windows Phone 8/RT)

ipad Deployment Guide

Transcription:

19 iphone in Business Mobile Device Management iphone supports Mobile Device Management, giving businesses the ability to manage scaled deployments of iphone across their organizations. These Mobile Device Management capabilities are built upon existing ios technologies like Configuration Profiles, Over-the-Air Enrollment, and the Apple Push Notification service and can be integrated with in-house or third-party server solutions. This gives IT departments the ability to securely enroll iphone in an enterprise environment, wirelessly configure and update settings, monitor compliance with corporate policies, and even remotely wipe or lock managed iphone devices. Managing iphone Management of iphone takes place via a connection to a mobile device management server. As noted, this server can be built in-house by IT or purchased from a third-party solution provider. When a mobile device management server wants to communicate with iphone, a silent notification is sent to the device prompting it to check in with the server. The device communicates with the server to see if there are tasks pending and responds with the appropriate actions. These tasks can include updating policies, providing requested device or network information, or removing settings and data. Management functions are completed behind the scenes with no user interaction required. For example, if an IT department updates its VPN infrastructure, the mobile device management server can configure iphone with new account information over the air. The next time VPN is used by the employee, the appropriate configuration is already in place, so the employee doesn t need to call the help desk or manually modify settings. To illustrate the capabilities of Mobile Device Management, this document is organized into four categories of deployment: Enroll, Configure, Query, and Manage. Firewall Apple Push Notification Service Third-Party MDM Server

20 Enroll The first step in managing iphone is to enroll a device with a mobile device management server. This creates a relationship between the device and the server, allowing the device to be managed on demand without further user interaction. This can be done wirelessly or by connecting iphone to a computer via USB. As a scalable way to securely enroll devices in an enterprise environment, iphone supports a process called Over-the-Air Enrollment. Using Over-the-Air Enrollment, your enterprise can provide a secure web portal through which users can enroll their devices for management. The server can then configure managed devices with the appropriate restrictions and account access. Process Overview The process of Over-the-Air Enrollment involves three phases that, when combined in an automated workflow, provide a secure way to provision devices within the enterprise. These phases include: 1. User authentication User authentication ensures that incoming enrollment requests are from authorized users and that the user s device information is captured prior to proceeding with certificate enrollment. Administrators can prompt the user to begin the process of enrollment by providing a URL via email or SMS notification. iphone and SCEP iphone supports the Simple Certificate Enrollment Protocol (SCEP). SCEP is an Internet draft in the IETF, and is designed to provide a simplified way of handling certificate distribution for large-scale deployments. This enables over-the-air enrollment of identity certificates to iphone that can be used for authentication to corporate services. 2. Certificate enrollment After the user is authenticated, iphone generates a certificate enrollment request using the Simple Certificate Enrollment Protocol (SCEP). This enrollment request communicates directly to the enterprise Certificate Authority (CA), and enables iphone to receive the identity certificate from the CA in response. 3. Device configuration Once an identity certificate is installed, iphone can receive encrypted configuration information over the air. This information can only be installed on the device it is intended for and contains settings for iphone to connect to the mobile device management server. At the end of the enrollment process, the user will be presented with an installation screen that describes what access rights the mobile device management server will have on the device. By agreeing to the profile installation, the user s device is automatically enrolled without further interaction.

21 Configure Once a device is enrolled as a managed device, it can be dynamically configured with settings and policies by the mobile device management server. The server sends configurations, known as Configuration Profiles, to the device that are installed automatically. Configuration Profiles are XML files that contain configuration information and settings that permit iphone to work with your enterprise systems, including account information, passcode policies, restrictions, and other device settings. When combined with the previously discussed process of enrollment, device configuration provides IT with assurance that only trusted users are accessing corporate services, and that their devices are properly configured with established policies. And because Configuration Profiles can be signed, encrypted, and locked, the settings cannot be altered or shared with others. Supported configurable settings Accounts Exchange ActiveSync IMAP/ POP email VPN Wi-Fi LDAP CalDAV CardDAV Subscribed calendars Policies Require passcode Allow simple value Require alphanumeric value Passcode length Number of complex characters Maximum passcode age Time before auto-lock Number of unique passcodes before reuse Grace period for device lock Number of failed attempts before wipe Control Configuration Profile removal by user Restrictions App installation Camera Screen capture Automatic sync of mail accounts while roaming Voice dialing when locked In-application purchasing Require encrypted backups to itunes Explicit music & podcasts in itunes Allowed content ratings for movies, TV shows, apps Safari security preferences YouTube itunes Store App Store Safari Other settings Certificates and identities Web Clips APN settings

22 Query In addition to configuring devices, a mobile device management server has the ability to query devices for a variety of information. This information can be used to ensure that devices continue to comply with required policies. The mobile device management server determines the frequency at which it gathers information. Supported queries Device information Unique Device Identifier (UDID) Device name ios and build version Model name and number Serial number Capacity and space available IMEI Modem firmware Network information ICCID Bluetooth and Wi-Fi MAC addresses Current carrier network SIM carrier network Carrier settings version Phone number Data roaming setting (on/off) Compliance and security information Configuration Profiles installed Certificates installed with expiry dates List of all restrictions enforced Hardware encryption capability Passcode present Applications Applications installed (app ID, name, version, size, and app data size) Provisioning Profiles installed with expiry dates Manage When a device is managed, it can be administered by the mobile device management server through a set of specific actions. Remote wipe A mobile device management server can remotely wipe an iphone. This will permanently delete all media and data on the iphone, restoring it to factory settings. Remote lock The server locks the iphone and requires the device passcode to unlock it. Clear passcode This action temporarily removes the device passcode for users who have forgotten it. If the device has a policy requiring a passcode, the user will be required to create a new one. Configuration and Provisioning Profiles To configure devices and provision in-house applications, mobile device management servers can add and remove Configuration Profiles and Application Provisioning Profiles remotely.

23 Process Overview This example depicts a basic deployment of a mobile device management server. 1 Firewall 3 2 4 Apple Push Notification Service Third-Party MDM Server 5 1 2 3 4 5 A Configuration Profile containing mobile device management server information is sent to the device. The user is presented with information about what will be managed and/or queried by the server. The user installs the profile to opt in to the device being managed. Device enrollment takes place as the profile is installed. The server validates the device and allows access. The server sends a push notification prompting the device to check in for tasks or queries. The device connects directly to the server over HTTPS. The server sends commands or requests information. For more information on Mobile Device Management, visit www.apple.com/iphone/business/integration 2010 Apple Inc. All rights reserved. Apple, the Apple logo, iphone, and Safari are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. itunes Music Store is a service mark of Apple Inc., registered in the U.S. and other countries. The Bluetooth word mark is a registered trademark owned by Bluetooth SIG, Inc., and any use of such marks by Apple is under license. Other product and company names mentioned herein may be trademarks of their respective companies. Product specifications are subject to change without notice. This material is provided for information purposes only; Apple assumes no liability related to its use. June 2010 L419825A

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information