One of the smartest things a company can do to support their employees is allow them to work from their own customizable devices. Enterprise mobility and flexibility are prized in the workplace, but it also entail a lot of extra work for IT to keep corporate data secure. Fortunately, Apple’s management framework provides smart ways to manage both corporate data and apps discreetly- seamlessly separating work data from personal data while keeping users informed on how their devices are being managed.
Apple’s unified management framework for enterprise mobility
Apple’s unified management framework for iOS supports both corporate-owned and user-owned, as well as personally-owned, devices. With it, IT can:
- Configure and update settings
- Deploy applications
- Monitor compliance
- Query devices
- Remotely wipe or lock devices
The framework is already built into iOS, allowing devices to be managed with a light touch as well as full control by third-party mobile device management (MDM) solutions without degrading user experience or compromising employee privacy.
Managing corporate data
With iOS, IT doesn’t have to lock down employee devices. Key technologies control the flow of corporate data between apps and prevent any of it from slipping through the cracks to the user’s personal apps or cloud services.
Managed content covers the installation, configuration, management, and removal of App Store and custom in-house apps, accounts, books, and domains.
- Managed Apps: These apps can be from the App Store or custom in-house apps, and are installed over the air using MDM. Managed apps often contain sensitive information and provide more control than apps downloaded by the user. The MDM server can remove managed apps and their associated data on demand, or specify whether they should be removed when the MDM profile is removed. The MDM server can also prevent corporate data from getting backed up to iTunes and iCloud.
- Managed Accounts: MDM gets your users up and running quickly by setting up mail and other accounts automatically. Account payloads can also be pre-populated with a user’s name, email address, and certificate identities for authentication and signing.
- Managed Books: With MDM, books, ePub literature, and PDF documents can be automatically pushed to user devices, so employees always have what they need. When no longer needed, the materials can be removed remotely.
- Managed Domains: Downloads through the Safari browser are considered managed documents if they originate from a managed domain. MDM ensures that downloads from those domains comply with all managed document settings and are managed by default.
Managed distribution lets IT use the MDM solution or Apple Configurator 2 to manage apps and books purchased from the Apple Business Manager. Users can be prompted when apps are ready to be installed on their device, or they can be silently pushed through without prompting.
Managed app configuration
With managed app configuration, MDM uses the native iOS management framework to configure apps during or after deployment. This allows users to start using them right away without requiring custom setup and demonstrates to IT that corporate data within the apps is being handled securely.
Managed data flow
MDM solutions provide specific features that enable corporate data to be managed at such a level that none of it leaks out to the user’s personal apps and cloud services.
- Managed Open In: Open In management keeps attachments or documents originating from managed sources from opening in unmanaged destinations, and vice versa
- Managed Extensions: App extensions give third-party developers a way to provide functionality to other apps, or even to key systems built into iOS like Notification Center, which enables new business workflows between apps
When a device is managed, an MDM server can perform a variety of administrative tasks to ensure corporate data is kept secure without compromising enterprise mobility. This includes changing configuration settings automatically without user interaction, performing an iOS update on passcode-locked devices, locking or wiping a device remotely, or clearing the password lock so users can reset forgotten passwords.
With iOS 9.3 or later, your MDM solution can place a device in Lost Mode remotely. This locks the device and allows a message with a phone number displayed on the Lock screen. Supervised devices can also be located if they are lost or stolen because MDM remotely queries their location the last time they were online.
Contact WEI about corporate data management solutions today
Apple’s unified management framework in iOS gives your enterprise the best of both worlds. IT is able to configure, manage, and secure devices, as well as control corporate data, while users enjoy enterprise mobility on the devices they love to use. Contact WEI today to learn how we can help your design a custom corporate data management solution.