ipad in Business Mobile Device Management

Similar documents
Managing Devices and Corporate Data on ios

Integration with Apple Configurator 2. VMware Workspace ONE UEM 1902

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments

ipad in Business Deployment Scenarios November 2010 Microsoft Exchange ActiveSync Standards-Based Services Virtual Private Networks

Deployment Scenarios June Microsoft Exchange ActiveSync. Standards-based Servers. Virtual Private Networks. Digital Certificates

ipad in Business Deployment Scenarios and Device Configuration Overview April 2010 Microsoft Exchange IMAP, CalDAV, and LDAP

ios Deployment Overview for Enterprise

Building a BYOD Program Using Jamf Pro. Technical Paper Jamf Pro or Later 2 February 2018

VMware AirWatch ios Platform Guide Deploying and managing ios devices

VMware AirWatch ios Platform Guide Deploying and managing ios devices. Workspace ONE UEM v9.4

ipad in Business Security Overview

VMware AirWatch ios Platform Guide Deploying and managing ios devices

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

Mobile Device Growth 1

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

QuickStart Guide for Mobile Device Management. Version 8.7

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

VMware AirWatch ios Platform Guide Deploying and managing ios devices

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Compliance Manager ZENworks Mobile Management 3.0.x January 2015

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

AirWatch for Android Devices for AirWatch InBox

7P MDM Server x - ios Client Guide 7P Mobile Device Management. Doc.Rel: 1.0/

Windows 8/RT Features Matrix

VMware Workspace ONE UEM Integration with Apple School Manager

VMware Workspace ONE UEM ios Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

ios Supervised Devices

7P MDM Server x - ios Client Guide 7P Mobile Device Management. Doc.Rel: 1.0/

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Mobility Manager 9.5. Users Guide

McAfee Enterprise Mobility Management 12.0 Software

AirWatch for Android Devices for Skype for Business

ENTERPRISE SECURITY IN ios Lecture 17b

Systems Manager Cloud-Based Enterprise Mobility Management

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

AirWatch for ios Devices

ENTERPRISE SECURITY IN ios Lecture 17b

Pulse Workspace Appliance. Administration Guide

Sophos Mobile in Central

Apple ios Enterprise Mobility Management (cloud based)

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

SECURE, CENTRALIZED, SIMPLE

Functionality Restriction Settings for ios

QuickStart Guide for Managing Mobile Devices. Version

Sophos Mobile in Central

Enterprise Security Solutions by Quick Heal. Seqrite.

GlobalSign Enterprise Solutions

Mobile Device Management. Get more out of ipad and iphone in higher education

Application / Document Management. MaaS360 e-learning Portal Course 3

Vodafone Secure Device Manager Administration User Guide

VMware AirWatch Symbian Platform Guide Deploying and managing Symbian devices

iphone OS Enterprise Deployment Guide Second Edition, for Version 3.1 or later

Integrating Cisco Identity Services Engine with NotifyMDM

Sophos Mobile Control SaaS startup guide. Product version: 6.1

Xperia TM. in Business. Product overview. Read about the enterprise policies and features supported in Xperia devices. March 2018

Mobile Device Management 101. Get more out of ipad in Education

AirWatch Container. VMware Workspace ONE UEM

Deploying ipad to Patients

Apple OS Deployment Guide for the Enterprise

NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown

COPYRIGHTED MATERIAL. chapter 1. How Do I Configure My iphone? 2

Symantec Mobile Management 7.1 Implementation Guide

Sophos Mobile as a Service

Sophos Mobile Control SaaS startup guide. Product version: 7

Deploying ipad to Patients Setup Guide

The purpose of this document is to help you to get started with your ipad to access Lilly resources such as , calendar, Lilly apps and more.

Contents. 3 Procedures. 3 ipad given to a new user. 3 Syncing. 3 Requesting a New App. 4 ipad Setup. 7 Apple ID Creation. 9 Setup Account

Mobile Device Management Administrator Guide

Workspace MDM Management Site Manual

Sophos Mobile as a Service

ForeScout Extended Module for VMware AirWatch MDM

Mobile Device Management Guide

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

Sophos Mobile Control startup guide. Product version: 7

The Device Has Left the Building

VMware AirWatch Bring Your Own Device (BYOD) and Privacy Guide Supporting Bring Your Own Device deployments

MobileIron Cloud R39

VMware AirWatch Bring Your Own Device (BYOD) and Privacy Guide Supporting Bring Your Own Device deployments

IPHONE DEP REGISTRATION... 4 IPHONE DEP REGISTRATION... 3

Sophos Mobile Control Administrator guide. Product version: 5.1

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Go Ahead Bring Your Own Device to Work... 1 Requirements... 1

Xperia TM. in Business. Product overview. Read about the enterprise policies and features supported in Xperia devices.

Verizon MDM UEM Unified Endpoint Management

Bring Your Own Device. Peter Silva Technical Marketing Manager

Dell Management Portal. Apple Device Enrollment Program

ForeScout Extended Module for MaaS360

Comodo IT and Security Manager Software Version 6.5

Comodo IT and Security Manager Software Version 6.4

Comodo IT and Security Manager Software Version 5.5

Organization Administration

ios Deployment Reference

Junos Pulse Supported Mobile Platforms

SEPARATING WORK AND PERSONAL

Sophos Mobile. startup guide. Product Version: 8.5

3CX Mobile Device Manager

Sophos Mobile Control Technical guide

Workspace Secure Container for Mobile Devices

2017 NMUG CLASSES MANAGING THE IPHONE AND IPAD IN IOS 10

Organization Administration

Transcription:

ipad in Business Mobile Device Management ipad supports Mobile Device Management, giving businesses the ability to manage scaled deployments of ipad across their organizations. These Mobile Device Management capabilities are built upon existing ios technologies like Configuration Profiles, Over-the-Air Enrollment, and the Apple Push Notification service and can be integrated with third-party server solutions. This gives IT departments the ability to securely enroll ipad in an enterprise environment, wirelessly configure and update settings, monitor compliance with corporate policies, and even remotely wipe or lock managed ipad devices. Managing ipad Management of ipad takes place via a connection to a Mobile Device Management server. As noted, this server can be purchased from a third-party solution provider. When a Mobile Device Management server wants to communicate with ipad, a silent notification is sent to the device prompting it to check in with the server. The device communicates with the server to see if there are tasks pending and responds with the appropriate actions. These tasks can include updating policies, providing requested device or network information, or removing settings and data. Management functions are completed behind the scenes with no user interaction required. For example, if an IT department updates its VPN infrastructure, the Mobile Device Management server can configure ipad with new account information overthe-air. The next time VPN is used by the employee, the appropriate configuration is already in place, so the employee doesn t need to call the help desk or manually modify settings. To illustrate the capabilities of Mobile Device Management, this document is organized into four categories of deployment: Enroll, Configure, Query, and Manage. Firewall Apple Push Notification Service Third-Party MDM Server

2 Enroll The first step in managing ipad is to enroll a device with a Mobile Device Management server. This creates a relationship between the device and the server, allowing the device to be managed on demand without further user interaction. This can be done wirelessly or by connecting ipad to a computer via USB. As a scalable way to securely enroll devices in an enterprise environment, ipad supports a process called Over-the-Air Enrollment. Using Over-the-Air Enrollment, your enterprise can provide a secure web portal through which users can enroll their devices for management. The server can then configure managed devices with the appropriate restrictions and account access. Process Overview The process of Over-the-Air Enrollment involves three phases that, when combined in an automated workflow, provide a secure way to provision devices within the enterprise. These phases include: ipad and SCEP ipad supports the Simple Certificate Enrollment Protocol (SCEP). SCEP is an Internet draft in the IETF, and is designed to provide a simplified way of handling certificate distribution for large-scale deployments. This enables overthe-air enrollment of identity certificates to ipad that can be used for authentication to corporate services. 1. User authentication User authentication ensures that incoming enrollment requests are from authorized users and that the user s device information is captured prior to proceeding with certificate enrollment. Administrators can prompt the user to begin the process of enrollment by providing a URL via email or SMS notification. 2. Certificate enrollment After the user is authenticated, ipad generates a certificate enrollment request using the Simple Certificate Enrollment Protocol (SCEP). This enrollment request communicates directly to the enterprise Certificate Authority (CA), and enables ipad to receive the identity certificate from the CA in response. 3. Device configuration Once an identity certificate is installed, ipad can receive encrypted configuration information over-the-air. This information can only be installed on the device it is intended for and contains settings for ipad to connect to the Mobile Device Management server. At the end of the enrollment process, the user will be presented with an installation screen that describes what access rights the Mobile Device Management server will have on the device. By agreeing to the profile installation, the user s device is automatically enrolled without further interaction.

3 Configure Once a device is enrolled as a managed device, it can be dynamically configured with settings and policies by the Mobile Device Management server. The server sends configurations, known as Configuration Profiles, to the device that are installed automatically. Configuration Profiles are XML files that contain configuration information and settings that permit ipad to work with your enterprise systems, including account information, passcode policies, restrictions, and other device settings. When combined with the previously discussed process of enrollment, device configuration provides IT with assurance that only trusted users are accessing corporate services, and that their devices are properly configured with established policies. And because Configuration Profiles can be signed, encrypted, and locked, the settings cannot be altered or shared with others. Supported configurable settings Accounts Exchange ActiveSync IMAP/POP email VPN Wi-Fi LDAP CalDAV CardDAV Subscribed calendars Policies Require passcode Allow simple value Require alphanumeric value Passcode length Number of complex characters Maximum passcode age Time before auto-lock Number of unique passcodes before reuse Grace period for device lock Number of failed attempts before wipe Control Configuration Profile removal by user Restrictions App installation Camera Screen capture Automatic sync of mail accounts while roaming Voice dialing when locked In-application purchasing Require encrypted backups to itunes Explicit music & podcasts in itunes Allowed content ratings for movies, TV shows, apps YouTube itunes Store App Store Safari Safari security preferences Other settings Certificates and identities Web Clips APN settings

4 Query In addition to configuring devices, a Mobile Device Management server has the ability to query devices for a variety of information. This information can be used to ensure that devices continue to comply with required policies. The Mobile Device Management server determines the frequency at which it gathers information. Supported queries Device information Unique Device Identifier (UDID) Device name ios and build version Model name and number Serial number Capacity and space available IMEI Modem firmware Network information ICCID Bluetooth and Wi-Fi MAC addresses Current carrier network SIM carrier network Carrier settings version Phone number Data roaming setting (on/off) Compliance and security information Configuration Profiles installed Certificates installed with expiry dates List of all restrictions enforced Hardware encryption capability Passcode present Applications Applications installed (app ID, name, version, size, and app data size) Provisioning Profiles installed with expiry dates Manage When a device is managed, it can be administered by the Mobile Device Management server through a set of specific actions. Supported actions Remote wipe A Mobile Device Management server can remotely wipe an ipad. This will permanently delete all media and data on the ipad, restoring it to factory settings. Remote lock The server locks the ipad and requires the device passcode to unlock it. Clear passcode This action temporarily removes the device passcode for users who have forgotten it. If the device has a policy requiring a passcode, the user will be required to create a new one. Configuration and Provisioning Profiles To configure devices and provision in-house applications, Mobile Device Management servers can add and remove Configuration Profiles and Application Provisioning Profiles remotely.

5 Process Overview This example depicts a basic deployment of a Mobile Device Management server. 1 Firewall 3 2 4 Apple Push Notification Service Third-Party MDM Server 5 1 2 3 4 5 A Configuration Profile containing Mobile Device Management server information is sent to the device. The user is presented with information about what will be managed and/or queried by the server. The user installs the profile to opt in to the device being managed. Device enrollment takes place as the profile is installed. The server validates the device and allows access. The server sends a push notification prompting the device to check in for tasks or queries. The device connects directly to the server over HTTPS. The server sends commands or requests information. For more information on Mobile Device Management, visit www.apple.com/ipad/business/integration 2011 Apple Inc. All rights reserved. Apple, the Apple logo, ipad, itunes, and Safari are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. itunes Store is a service mark of Apple Inc., registered in the U.S. and other countries. The Bluetooth word mark is a registered trademark owned by Bluetooth SIG, Inc., and any use of such marks by Apple is under license. Other product and company names mentioned herein may be trademarks of their respective companies. Product specifications are subject to change without notice. This material is provided for information purposes only; Apple assumes no liability related to its use. March 2011 L422501B

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback