You've decided to manage your company iPads and iPhones after reading our FAQ and meeting with your account manager. Great! Now you need to decide what to actually do with them. Just by enrolling your devices, you gain a lot of powerful features, like the ability for our team to assist with remote lock, unlock, and wipe commands, screen sharing with our support desk, and deploying App Store apps, but there's so much more.
One very important thing to remember is to familiarize yourself with iOS Enrollment Types - depending on how you'll be enrolling your devices, certain profiles may not be supported, or the experience of auto-installing an app may be different. We always recommend Supervising your devices whenever possible for the best user experience and most powerful management capabilities.
App Store Apps
Once your devices are enrolled in support, we can deploy any apps licensed to your Apple Business Manager account to them. If your devices are supervised, the apps install and auto-update completely silently. If your devices are unsupervised, users will be prompted to provide consent before the app will install. These decisions are some of the easiest to make - just let us know what apps all your devices need.
MDM Profiles (managed settings)
iPhone and iPad management is handled by MDM Profiles. These profiles are configuration files that tell the device what a specific setting should be locked to and prevent users from changing it. MDM Profiles can include settings like a password policy, wifi network/password payloads, and even VPN settings.
We always manage looking at your devices and thinking about what you want to manage first. Looking at Apple's list of MDM Profiles is dizzying and often unhelpful - just because one can manage something doesn't mean one should. You'll have a much better and more productive experience if you have an idea of what you'd like - our team can translate that into what's possible within Apple's frameworks and help you move forward.
And finally, remember, not all profiles are created equally based on how your devices are enrolled. For example, we can deploy a wifi network to any enrolled device, but we can't restrict the use of Safari on unsupervised devices. The more of your devices you supervise, the more consistent your experience will be.
Some great places to begin
Passcode profiles - any mobile device that carries company data should be protected by a passcode. Passcode profiles for iPhones and iPads ensure that your mobile users have this business-critical security measure in place. Not only can you control the length and complexity requirements of your passcode, but also set a limit to the number of failed attempts required before the device locks or erases itself.
Lock Screen - with a passcode in place, it's also important that your mobile device's screen locks itself after a few minutes of inactivity. This makes sure that if you have to step away from your iPhone or iPad for any reason, a bad actor couldn't pick it up and access your data without knowing your passcode. The lock screen can also be customized with short messages, like a company contact telephone number or a reminder about your acceptable use policy.
Wifi networks - do you have a central office or multiple office locations? We can help you configure Wifi profiles to allow your iPhones and iPads to automatically connect to an office network.
Web clips - if you have a website (or a few) your team will need frequent access to, these profiles can add those websites to the home screens of your devices.
Single app mode - often called "kiosk mode", this profile allows us to set an iPad or iPhone to only run a single application. Like most profiles that take away functionality from the device, this is only available for supervised devices.
DNS filtering - are you currently using Cisco Secure Client's Umbrella module to filter your DNS queries on your supported computers? Cisco has released a Cisco Security app that can extend this functionality to your mobile devices as well. Please note that this may not always be appropriate if you're managing user-owned devices and is best served for organization-owned (supervised) devices to respect user privacy.
Restrictions - this is the largest and most complex type of profile and one that behaves very differently depending on how you enrolled your devices. Just about every feature of an iPhone or iPad can be toggled on or off as your organization requires. Need to prevent your users from erasing the device? Restrict the "Erase all Content and Settings" function. Have concerns about users taking photos in sensitive locations? Disable the camera. Have certain apps you need to prevent from running in your classroom? We can create a list of blocked apps to keep them from launching. If you're a security-conscious organization, a solid Restrictions profile is a must - just remember that most restrictions require your devices to be supervised.
Reach out if you have questions
As always, if you have questions about managing your iPhones and iPads, reach out to your account manager. There are strict guidelines and limitations to iOS management and we'll do our best to navigate them together with you.
Comments
0 comments
Article is closed for comments.