Mobile Device Management ios Policies Introduction ios policies allow administrators to use mobile device management features of CentraStage and push them, over the air (OTA), to ios devices (in other words, they don t need to be connected to a specific network to pick up these settings). This document describes what sort of settings you can configure using CentraStage MDM policies, and how to configure a policy and apply it to your ios devices (including ensuring that users can t remove the policy once you ve applied it!). What can be configured? CentraStage Mobile Device Management policies allow you to control your ios devices in the following ways: Passcode policies (e.g. enforcing minimum and maximum passcode lengths, age etc) Restrictions configuration (with more than 50 policy options to choose from more details in the Q&A section below). VPN setup (e.g. where a VPN should connect to, and what credentials to use) Wi-Fi credentials Please note, there can only be one ios policy per device. Groups or filters cannot be used when targeting devices as this could result in multiple policies being pushed to devices - to avoid this, only one policy will be able to be switched on at any one time. Requirements To be able to create and manage MDM policies, your role must include the ability to manage policy permissions. Creating and applying an MDM policy For our example we will create an MDM policy so that our users will be able to automatically get connected to their corporate Wi-Fi network at two different office locations as well as via VPN. Additionally, we will disable FaceTime and the use of Camera. 1. Add a new profile policy. 2. Name it and choose Mobile Device Management as the type then click next.
3. Change the removal policy setting to Require password to remove this policy. 4. Click on Add a setting. 5. We will add a Passcode setting but leave the default settings. Scroll down to review the Passcode policy settings and click Submit. 7. Click on Add a setting again, and choose to add an additional setting for Restrictions and click Next. 8. Uncheck Allow FaceTime and Allow use of Camera, then click Submit.
9. Click on Add a setting again, and add an additional setting for VPN and click Next. 10. Add required configuration settings for VPN then click Submit. 11. Finally, add two settings for Wi-Fi for each office location - submitting each time.
12. After the required settings have been added click Save. 13. We are now ready to apply these settings to our mobile devices. Enable the setting and click on Push Changes. This policy will then be pushed, over the air, to ios devices.
14. To disable this policy, simply switch it off. Questions and Answers on MDM ios policies Q What restrictions can I put on an ios device using Centrastage MDM policies? A The following table shows all the restrictions currently available: ios Restrictions Allow use of camera Allow icloud Keychain sync (ios 7) Allow installing apps Allow screen capture Allow voice dialing Allow FaceTime Allow automatic sync when roaming Allow Siri Allow photo stream Allow shared stream Allow diagnostic data to be sent to Apple Allow user to accept untrusted TLS certificates Force encrypted backup Allow automatic updates to certificate trust settings (ios 7)
ios Restrictions Allow Siri while locked Force limited ad tracking (ios 7) Allow Passbook notifications while locked Allow fingerprint for unlock (ios 7) Allow in-app purchases Force users to enter itunes Store password for all purchases Allow multiplayer gaming Allow adding Game Center friends Show Control Center in lock screen (ios 7) Show Notification Center in lock screen (ios 7) Show Today view in lock screen (ios 7) Allow documents from managed apps in unmanaged apps (ios 7) Allow documents from unmanaged apps in managed apps (ios 7) Allow use of itunes Store Allow explicit music and podcasts Rating Apps Rating Movies Rating TV Shows Show imessage Allow app removal Allow Game Center Allow Bookstore Allow Bookstore erotica Allow UI configuration profile installation Allow use of Safari Allow modifying account settings (ios 7) Enable Safari autofill Allow AirDrop (ios 7) Force Safari fraud warning Allow changes to cellular data usage for apps (ios 7) Enable Safari javascript Allow user-generated content in Siri (ios 7) Block Safari popups Allow modifying Find My Friends settings (ios 7) Allow icloud backup Allow host pairing (ios 7) Allow icloud document sync Q Why is my MDM policy turned off when I first create it? A To avoid confusion over which policy takes precedence for a device, its only possible to apply 1 policy. Turning on an MDM policy for an account automatically turns off any others that are enabled we wanted to make sure that only ever happens as part of a conscious decision on your part, rather than (for example) creating a new policy just to view some of the settings. As a result, MDM policies must be explicitly turned on once created. Q Can I manage Android devices using Centrastage MDM? A For this release of MDM policies, it is not possible to apply restrictions or settings to Android devices. This is, however, planned for a future release.