Deep Dive – iOS Device Management for iPhones and iPads

iPhones and iPads are excellent for business environments or educational use. Here are some great tips on how to keep security risks at a minimum with the help of simple iPad and iPhone device management software.

Whether iPhone, iPad or Mac, Apple devices are perfect for work. You just need the correct MacOS / iPhone device management solution


The Way We Work Is Changing

While MacBooks are great for work, you might question why iPhones, iPads remain underutilized in your organization. Sometimes, these hyper-portable devices are even more useful than laptops.

With an iPhone or iPad, people can work more innovatively in places which used to be completely unpractical.

They are powerful, integrate seamlessly with device management software and have a wide range of built-in security features. Leaving anti-Apple partisans to one side, practically everyone, from a primary school student to a high level executive, enjoys using them too. This is especially important as high user acceptance is one of the best ways to reduce IT support calls and drive productivity in teams.

While they might not be the best option for organizations operating on a very tight budget, iPhone and iPads are also enterprise-ready and a great procurement choice for all kinds of uses.

In truth, businesses, organizations and schools can easily and securely leverage the power of the iPhone, iPad and other Apple devices for professional and educational purposes with just a few simple tools and a clever iPad / iPhone device management policy. This article explains how to get started.

The Truth About iPad and iPhone Device Management

Organizations need to maintain a degree of control over all devices capable of accessing sensitive information or workplace resources over the network – iOS devices are no exception.

A very effective way to minimize security risks is to link each new corporately-owned iPhone and iPad to mobile device management software and use this for remote monitoring, to safeguard corporate information and to implement restrictions when needed.

As you might already suspect, workers also use their personal devices to access resources, work on documents and to remotely read or reply to emails all the time. Even if you don’t intend to procure iPhones and iPads for a project or team, mobile device management software is a must in all cases.

The major motive behind the use of iPad and iPhone device management software is not just precautionary though. It speeds up the process of getting iOS devices into the hands of users, fully-configured and preloaded with all the necessary apps, settings and user permissions. Whether for 10 or 1000 workers, the scalable nature of the different tools keeps everything manageable.

5 Key Benefits of A Device Management Strategy

  • Set up devices quickly and deploy them with necessary apps
    The entire setup process for each work device involves several separate configurations for accounts, apps and policies. Instead of implementing every single configuration by hand on each device, you should use specially developed iOS device management software to streamline and improve the entire process.
  • Ensure all devices are used as you intend
    iOS devices are also designed for the consumer market and are supported by the second largest consumer app store with almost 2 million different apps. You might want to create you own app whitelist or limit specific device functions for legal or security reasons. Via MDM, individual device capabilities are exposed and can be activated/deactivated accordingly. Creating an enterprise app store is also a piece of cake.

  • Safeguard corporate assets on devices
    Mobile devices are not exclusively connected to the organization’s protected network. Users can use untrusted public Wi-Fi hotspots which can open the door for sensitive data being intercepted by third-parties. Not only that, but private apps can, often unknowingly, access company data stored on mobile devices. iPad / iPhone device management software can address these concerns by making individual apps and data flows manageable or by forcing secure VPN connections.

  • Keep monitoring and new installs during use easy
    A level of visibility and control over devices in operation is needed to update software, install new applications and to generally remain flexible to new demands or requirements. Having to recollect all devices just to make changes is not effective. Likewise, your workers will need IT support if they are to make the changes themselves, costing time and money. Ongoing demands and hurdles are more easily taken care of remotely with an iOS device management solution.

  • Have a process ready for the end of a device’s life cycle
    What happens when a worker leaves the company or when a device needs to be reconfigured for a new purpose? A solution for deleting or transferring data in response to a lost device, employee departure or when re-purposing a device is essential.

2 Important Tools You’ll Need

1) MDM Solution

A mobile device management (MDM) solution is essential and recommended by Apple. It gives you a single point of contact for almost all device management tasks, like device registration, user management, pushing apps to devices, setting device policies and updating software.

It also acts as a reporting tool and reference for all the devices currently integrated into the company network.

There are several mobile device management solutions that are suitable for iPad and iPhones and some even offer a free trial. Often, organisations can pick between cloud-based or on-premises solutions.

2) Apple Business Manager / Apple School Manager

A range of iOS device management tools from Apple which require the MDM solution in place are also essential.

Apple Business Manager (ABM) is a web-based portal that helps IT administrators to automate deployment of iOS, macOS and tvOS devices in organizations starting the moment you purchase devices from Apple or a reseller.

A separate web portal called Apple School Manager is also available which simplifies educational deployments. As previously mentioned, a mobile device management solution is required to use all tools.

Both pack the Device Enrollment Program (DEP) and Volume Purchasing Program (VPP) into a single portal.

Automate Device Enrollment with DEP

The Apple Device Enrollment Program helps companies and educational institutions easily and quickly enroll a large quantity of corporate devices into your MDM solution, automatically enabling iOS devices to be used as soon as they are unpacked. This solves the challenge of enrolling large numbers of devices efficiently.

Simplify Bulk Purchases and App Distribution with Volume Purchasing Plan (VPP)

Apple’s VPP (Volume Purchase Program) enables companies and educational institutions to centrally purchase app licenses in bulk for iOS and macOS devices. Once the right apps have been selected for mobile users, they can be rolled out to the iOS devices quickly and easily via the MDM solution and companies retain ownership of app licenses too.

We’ve explored managing devices with Apple Business Manager in a lot more detail elsewhere, including which major aspects you need to take into account, when you need to use it and which costs might be involved.

Make Sure You Leverage These Built-In Enterprise Features

One key to making sure iPads and iPhones are used safely and effectively is to make the most out of the built-in features they offer. iPad and iPhone device management shares similar approaches with their Android counterparts, but these devices also have unique features which need to be utilized.

Managed Apps

With the Managed App setting, sensitive data which is accessed by iPhones and iPads can be isolated and controlled. Any app installed by iOS device management software is automatically manageable and remains distinct from other privately installed apps. You can regulate communication between both types or apps and more effectively secure and control what can interact with company resources and the network.

Building upon this principal, “managed domains”, native e-mail apps and Safari can also be controlled by specifying managed URLs and subdomains. Once set up, downloaded documents can only be used with managed apps.

Managed Open In

Via the managed open in configuration, you can specify which apps are capable of opening documents. An example would be pushing a managed version of Microsoft Word to devices and only allowing Word documents to be viewed and processed via other managed apps. When combined with the managed app and managed domain features, it is possible to regulate how company data may flow through and be stored by each device.

Per-App VPN

VPNs prevent your mobile users from relying on unsecured public Wi-Fi networks and let them send and receive data safely. A per-app VPN configuration ensures that only managed apps use the company’s VPN connection, resulting in a lower VPN load and secure data access for the user. Device management software for iPhone and iPad support all kinds of VPN protocols, including L2TP, Cisco IPSec and Open VPN.

Managed Contacts

Admins can define if contact information from managed accounts (e.g. a company Exchange profile) can be read or used by unmanaged apps/accounts. Leveraging this feature is necessary for basic GDPR compliance and to prevent private, third party apps from unlawfully accessing work contact information.

User Enrollment (for iOS 13 + / iPadOS)

User Enrollment is designed for companies implementing BYOD (Bring Your Own Device). When privately owned iPads and iPhones are used at work, User Enrollment creates a separate APFS volume for all corporate data associated with managed apps, and users use a second Managed Apple ID. In an way, it creates a second persona on the device and ensures more transparent data separation.

One of the biggest advantages of User Enrollment is the improved protections over the user’s own privacy, delivering superb user acceptance.

The policy restrictions available are limited and include the following:

Force unlock password and pairing password with AirPlay Disable automatic-backups (Enterprise Books, Notes, Highlights) or diagnostic reports Force lock-screen
Disable lock screen, notification preview + Today View Prevent managed apps from syncing with iCloud Disable screenshots and Siri
Force encrypted backups Force fraud warning in Safari and Wrist Detection with Apple Watch Disable Control Center from lock screen

Make sure you read our report on User Enrollment to learn more about BYOD with iPhones and iPads.

Supervised Mode

For scenarios where corporate-owned devices are used – when perhaps no private use is allowed at all – there is “supervised mode”. In addition to making mobile device management on Apple devices unremovable, supervised mode unlocks a greater degree of management over the device.

Supervised mode goes hand-in-hand with the automated deployment feature in Apple Business Manager. It is best option when deploying large amounts of corporate-owned iPhones or iPads at once, especially when stringent data security rules or strict legal requirements have to be followed.

Supervised-mode gives you all the features of User Enrollment plus extra restrictions and controls over the following areas:

  • Pre-installed apps: Safari, iTunes, Facetime, Messages
  • Basic device functions: App installation and removal, camera, multiplayer gaming.
  • Connectivity: AirDrop, AirPlay, AirPrint, Bluetooth, USB, iCloud documents and data
  • Explicit content
  • Credentials: Password sharing and Autofill, fingerprint modification

Whether for BYOD or corporately owned devices, an iOS device management solution is perfect for creating differentiated device management policies based on what teams and departments need. As you can push policies over the air, it also makes implementation easier.

Free Beginner’s Guide to MDM »

For newcomers to the topic of mobile device management, take a look at our free white paper to learn what MDM involves and why it is so important to modern, digital businesses.

Key Takeaway

iPhones and iPads are fantastic mobile devices which can empower workers. By leveraging built-in iOS device management features and a mobile device management solution, it’s convenient, low-risk and cost effective to deploy and set up iPhones and iPads for all kinds of enterprise use cases.

Simply activate Cortado MDM for free for 14 days to get started.

Learn more …