1. Home
  2. SureMDM
  3. iOS Management
  4. How to manage Apple devices in enterprises through EMM?

How to manage Apple devices in enterprises through EMM?

KB ID: 42G2009977
Views: 486
Updated: June 2021

iPods, iPhones, and iPads have been shaking up the consumer tech market for many years now. Apple’s intuitive design approach and user-friendly features have not only fascinated consumers but also given a boost to businesses. Seamless and consistent end-user mobile experience for employees was the biggest motivator for businesses to explore Apple devices for enterprise use. Moreover, continuous additions of enterprise-friendly features in recent years have made Apple products even more lucrative for businesses.

With its vast array of products, Apple has been helping enterprises to enhance productivity, cut costs, and attain superior security. Before the development of iOS business products, purposefully built & secured rugged handheld devices or Blackberries were the only options available to enterprises. With a large number of people accustomed to iOS products, they found previously-used enterprise devices outdated. These people desired to have similar iOS products at workplaces to maintain consistency in device usage. Popularity among consumers as well as the impressive state-of-art security framework of Apple products have paved the way to enterprise iOS adoptions.

Using iOS (consumer) devices extensively in enterprises gave birth to the BYOD (Bring Your Own Device) concept. Enterprises may have either corporate-owned devices, employee-owned devices, or a combination of both which need to be managed through Dedicated Devices (formerly called COSU or Corporate-Owned Single-Use) & BYOD policies. For BYOD, Apple has added some groundbreaking enterprise features such as MDM, ABM & VPP. Later iOS introduced many Dedicated Devices related features to manage corporate-owned devices too.

Enterprise features offered by Apple:

Apple was the pioneer to realize the importance of device management and data security for enterprises. It offers some below mentioned key features:

Mobile Device Management (MDM) is a framework offered by Apple to manage iOS devices. This feature, now available inbuilt all iOS 7+ devices, empowers IT admins to manage and secure both corporate & employee-owned devices. It also helps to manage and distribute apps wirelessly. It is a powerful tool to configure device settings, handling large-scale deployments, and ensures data and device security.

Apple offers two vital tools called Profile manager and Apple configurator.

  • Profile Manager is a free MDM application offered by Apple. It allows IT admins to configure and enforce policies on Macs and iOS devices. Also, it can prevent users to work on specific IOS features like iCloud and Airdrop, camera, Safari web browser, and more. Devices can be remotely locked or wiped out through this feature.
  • Apple configurator is another Mac tool offered by Apple which can push configuration profiles to devices via USB to pass on content and apps and access profiles as well, with a secured set up. It can be downloaded from the Apple app store and can be used to configure up to 30 devices at once. It is also useful to enable supervised mode on iOS devices which is essential for Dedicated Devices deployments.

Apple Business Manager(ABM) is another way of enrolling devices for IT management. Devices enrolled with ABM, auto-enrolls to pre-configured MDM servers when it is turned on for the first time. It enables admins to configure any profiles and apps which are enrolled on the MDM server and can apply to the devices. ABM also enables MDM solutions to supervise an iOS device wirelessly.

Volume Purchase Program (VPP) is used to find, buy and deploy apps as per business needs. IT admins can buy apps and e-books in bulk and distribute them among users.1 B2B apps also can be built specifically to business needs by third-party developers. Employees can also take the benefit of the iBook store through the VPP program.

Key benefits of MDM offered by Apple:

Hardware/software data details can be gathered through MDM. Hardware details include the device name, type, model, battery level, and serial number whereas, software details feature iOS versions, a list of apps, and storage capacity.

Traditional Containerization which involves wrapping enterprise apps with a 3rd party SDK to protect enterprise data from private apps is no longer needed in iOS. MDM framework segregates apps pushed via EMM as a managed app and offers multiple policy options to make sure data from enterprise apps cannot be accessed by personal apps.

Locking or wiping of devices completely can be performed through MDM in the case of loss or theft of devices.

Lost mode is useful when a device is stolen, then it can be locked completely by using an activation lock. With MDM, it is possible to unlock the device when it is back to admin or another verified user by using the activation lock bypass code.

Kiosk mode enables users to transform their iOS devices into a kiosk by using guided access. It restricts other applications except the apps allowed by admins.

Separate MDM agent need not be installed in every device, as all iOS devices have their own in-built MDM.

Enterprise single sign-on enables users to get signed in with a single user name & password for all enterprise apps on the devices.

Initiate software updates via MDM enables admins to manage operating systems & apps update remotely through MDM.

File-level data protection is useful for BYOD. It enables encryption of data on devices and prevents sharing between personal and enterprise apps.

Per-app, VPN enables administrators to allow selective VPN access to only whitelisted enterprise apps.

Apple’s MDM vs third-party EMM solutions:

Apple’s free MDM solution (Apple Configurator and Profile Manager) serves a variety of benefits to enterprises. However, it consists of some limitations too:

An enterprise might have a variety of devices and platforms such as Windows, Android, and iOS which they have to manage together. But unfortunately, Apple offered MDM supports only iOS devices.

  • While Apple provided an MDM solution as a feature, complete with supporting all commands available in iOS MDM protocol defined by Apple, a comprehensive EMM solution goes beyond just pushing commands. Advanced EMM features like Enterprise App Store, Enterprise File Store, Telecom Management, Location Tracking, Geo-Fencing, Security Policies, Compliance policies are must for an effective EMM strategy.
  • EMM solution often needs to work in conjunction with existing IT infrastructure for organizations. It has to integrate well with LDAP/Active Directory, Exchange Active Sync, VPN, RADIUS to give a consistent and secure user experience to employees. Unfortunately, Apple’s Profile Manager fails to do this effectively.

iOS products are incredible and more compatible for enterprise use than any other platform. With the latest versions of iOS, Apple has shown remarkable improvements. Besides, iOS now has more advanced features required by IT organizations. From easy deployment to secured management and control of devices,  Apple has emerged as a mature player for enterprise products. However, Apple’s MDM solutions are lacking some essential features that third-party EMM vendors can provide. Though Apple-provided MDM is quite helpful for SMBs, large deployments require more than what currently iOS MDM offers. 42Gears’ SureMDM can support all the platforms including Android, Windows, and iOS. Also, it can work well with large deployments and it overcomes all the iOS limitations. It’s a complete package with all the needed functionality through which enterprises can manage and control a variety of products on all platforms including iOS.

References

http://images.apple.com/business/docs/iOS_Deployment_Overview_Business.pdf

For more details on our products, click here 
If you need further assistance, please submit a ticket here

Related Articles