July 9, 2018 By Dan Cheuvront 5 min read

As organizations have gradually embraced mobile technology over the years to boost productivity, the task of protecting enterprise networks has become increasingly difficult for IT and security professionals. Each device represents a potentially vulnerable endpoint, and cybercriminals have mastered the art of exploiting these weaknesses to infiltrate corporate networks.

Fortunately, each iteration of Apple’s iOS has made security teams’ jobs easier by introducing new features that can be applied to mobile device management (MDM).

Below is a brief history to show how each release marked another crucial step in the evolution of enterprise mobility.

Apple and the Dawn of Mobile Device Management

In 2010, Apple released iOS 4, which opened the door to the enterprise with MDM capabilities. IT and security leaders gained the ability to enroll iOS devices over the air (OTA) to perform basic MDM functions. These functions included locate, lock and wipe. As an added benefit, iOS 4 also introduced mobile application management (MAM) capabilities, enabling security teams to push apps down to devices and set compliance rules.

The following year, iOS 5 introduced Siri, iCloud and OTA operating system (OS) updates, which could also be managed by an MDM solution. By this point, enrolled devices were subject to more customization from an IT security standpoint, such as disabling Siri and determining what could be synced and backed up to iCloud.

Enterprise Containment and the BYOD Model

The release of iOS 6 in 2012 brought a new facet to MDM capabilities by providing application programming interfaces (APIs) to private developers. At that time, MDM solutions aimed to capitalize on a then-rising enterprise need: containment.

By this point, iOS devices had gained popularity for personal use, and businesses were just catching on to their versatility. The APIs released in this version allowed IT teams to containerize and separate their enterprise information within the user’s device, which brought about the bring-your-own-device (BYOD) model. During this time, organizations frequently used a corporate-owned device model as their standard practice for mobile productivity.

However, the option of containing enterprise data on a user’s personal device — as opposed to purchasing, setting up and deploying a new device — proved to be the more cost-effective business model.

Aside from the BYOD aspect, iOS 6 introduced a supervised mode, making it easier for IT teams to manage corporate-owned devices. Supervised mode gave IT full administrative rights to the device and set restrictions to prevent the user from falling out of compliance.

New Look, New Management Capabilities

In 2013, iOS 7 packed a punch with a completely new OS redesign, upgraded security features and better management capabilities. One of the most noticeable and innovative features of iOS 7 was TouchID. This new security measure was the first of its kind within the Apple product line to use biometric data instead of a passcode for device access. It also provided APIs to enable or disable MDM solutions, allowing IT teams to use TouchID for access to the enterprise container, as well as the device itself.

With iOS 7, Apple included another feature that has saved many an administrator from endless headaches: disabling Activation Lock. The idea behind this feature was that if a device were lost or stolen, it could not be wiped without entering the associated Apple ID.

This feature was a major pain point for IT teams because users often enabled Activation Lock while setting up their device and, when their employment ended, IT teams were left with devices they could not wipe. Since the release of iOS 7, IT teams have been able to toggle the feature on and off and remotely wipe devices (as needed) without having to wait days or weeks to complete the task.

From 2014 through 2016, subsequent releases of iOS 8, 9 and 10 added more capabilities for the supervised mode, such as the Device Enrollment Program (DEP) and an advanced kiosk mode. DEP enabled IT teams to curate their devices, settings, apps and content before they were sent out to users. Once a device was turned on, the user would go through the enrollment process and everything he or she needed would be pushed down over the air. Apple has since expanded on DEP by allowing for retroactive purchases and retailers that are not Apple partners.

The kiosk mode enhancements allowed administrators to control which apps were shown to the user, helping them boost productivity and reduce the risk of users falling out of compliance or downloading malicious apps. These improvements also enabled administrators to control users’ wallpapers and standardize how apps were arranged on their devices.

As superficial as this seems, it was a big win for administrators because it allowed them to establish continuity across all enterprises devices for more granular visibility.

Watch the on-demand webinar: SOS! Remote Support for iOS & Android With UEM

Facing Forward With Biometric Authentication

iOS 11 was released in the fall of 2017 alongside Apple’s 10th-anniversary edition iPhone, which included a new feature called FaceID. Aside from the new hardware features, iOS 11 introduced a new classroom feature, which administrators of educational institutions can use to limit what students have access to on their iOS devices while still providing a rich experience that coincides with their lesson plan. Teachers can now turn off screens, push out apps and deliver presentations from a central device to all their students at once.

Since iOS entered the enterprise, IT teams have needed some form of remote support. Users might be miles away from their IT representative and need fast, effective help. For years, the only method of delivering remote support was through AirPlay, which required both the IT representative and user to be on the same Wi-Fi network. With iOS 11, remote assistance is available with software such as TeamViewer to provide a live look at a user’s device. This feature also integrates with the organization’s MDM solution.

Notable iOS MDM Enterprise Features by Version

  • iOS 4: Apple enters the MDM and MAM field for easy device management for the enterprise.
  • iOS 5: Siri, iCloud and OTA OS updates are introduced — thus bringing granular controls and automatic actions via MDM compliance rules.
  • iOS 6: Apple releases APIs that MDM solutions use to separate work and personal data and a supervised mode, which gives the organization full admin rights over the device.
  • iOS 7: With a full OS redesign, Apple introduces its biometric security feature, TouchID, which can be enabled and disabled via an MDM solution. iOS 7 also brings about the much-desired ability to disable Activation Lock, allowing administrators to remotely wipe a device without an Apple ID.
  • iOS 8: Apple Configurator becomes an OTA solution with DEP, so IT teams can configure and deploy their devices without touching each one.
  • iOS 9: Supervised mode with enhanced kiosk mode, including app lock and app compliance, enables IT administrators to dictate which apps are visible to users for a more customized device.
  • iOS 10: Small enhancements to the supervised mode, such as enabling dictation and spellcheck, are introduced.
  • iOS 11: Apple introduces FaceID, Apple Classroom settings can be managed via MDM and remote support like TeamViewer directly integrates with MDM solutions.
Scroll to view full table

What’s Next for iOS and MDM?

Each iteration of iOS introduces more features that can be applied to MDM capabilities, making the jobs of IT and security leaders easier. Over the years, iOS device management has grown from basic commands to in-depth, complex and customized solutions that fit organizations perfectly. With iOS 12 coming in the fall of 2018, we can only speculate as to what capabilities IT administrators will be able to manage through an MDM solution.

Watch the on-demand webinar: SOS! Remote Support for iOS & Android With UEM

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today