As organizations have gradually embraced mobile technology over the years to boost productivity, the task of protecting enterprise networks has become increasingly difficult for IT and security professionals. Each device represents a potentially vulnerable endpoint, and cybercriminals have mastered the art of exploiting these weaknesses to infiltrate corporate networks.
Fortunately, each iteration of Apple’s iOS has made security teams’ jobs easier by introducing new features that can be applied to mobile device management (MDM).
Below is a brief history to show how each release marked another crucial step in the evolution of enterprise mobility.
Apple and the Dawn of Mobile Device Management
In 2010, Apple released iOS 4, which opened the door to the enterprise with MDM capabilities. IT and security leaders gained the ability to enroll iOS devices over the air (OTA) to perform basic MDM functions. These functions included locate, lock and wipe. As an added benefit, iOS 4 also introduced mobile application management (MAM) capabilities, enabling security teams to push apps down to devices and set compliance rules.
The following year, iOS 5 introduced Siri, iCloud and OTA operating system (OS) updates, which could also be managed by an MDM solution. By this point, enrolled devices were subject to more customization from an IT security standpoint, such as disabling Siri and determining what could be synced and backed up to iCloud.
Enterprise Containment and the BYOD Model
The release of iOS 6 in 2012 brought a new facet to MDM capabilities by providing application programming interfaces (APIs) to private developers. At that time, MDM solutions aimed to capitalize on a then-rising enterprise need: containment.
By this point, iOS devices had gained popularity for personal use, and businesses were just catching on to their versatility. The APIs released in this version allowed IT teams to containerize and separate their enterprise information within the user’s device, which brought about the bring-your-own-device (BYOD) model. During this time, organizations frequently used a corporate-owned device model as their standard practice for mobile productivity.
However, the option of containing enterprise data on a user’s personal device — as opposed to purchasing, setting up and deploying a new device — proved to be the more cost-effective business model.
Aside from the BYOD aspect, iOS 6 introduced a supervised mode, making it easier for IT teams to manage corporate-owned devices. Supervised mode gave IT full administrative rights to the device and set restrictions to prevent the user from falling out of compliance.
New Look, New Management Capabilities
In 2013, iOS 7 packed a punch with a completely new OS redesign, upgraded security features and better management capabilities. One of the most noticeable and innovative features of iOS 7 was TouchID. This new security measure was the first of its kind within the Apple product line to use biometric data instead of a passcode for device access. It also provided APIs to enable or disable MDM solutions, allowing IT teams to use TouchID for access to the enterprise container, as well as the device itself.
With iOS 7, Apple included another feature that has saved many an administrator from endless headaches: disabling Activation Lock. The idea behind this feature was that if a device were lost or stolen, it could not be wiped without entering the associated Apple ID.
This feature was a major pain point for IT teams because users often enabled Activation Lock while setting up their device and, when their employment ended, IT teams were left with devices they could not wipe. Since the release of iOS 7, IT teams have been able to toggle the feature on and off and remotely wipe devices (as needed) without having to wait days or weeks to complete the task.
From 2014 through 2016, subsequent releases of iOS 8, 9 and 10 added more capabilities for the supervised mode, such as the Device Enrollment Program (DEP) and an advanced kiosk mode. DEP enabled IT teams to curate their devices, settings, apps and content before they were sent out to users. Once a device was turned on, the user would go through the enrollment process and everything he or she needed would be pushed down over the air. Apple has since expanded on DEP by allowing for retroactive purchases and retailers that are not Apple partners.
The kiosk mode enhancements allowed administrators to control which apps were shown to the user, helping them boost productivity and reduce the risk of users falling out of compliance or downloading malicious apps. These improvements also enabled administrators to control users’ wallpapers and standardize how apps were arranged on their devices.
As superficial as this seems, it was a big win for administrators because it allowed them to establish continuity across all enterprises devices for more granular visibility.
Facing Forward With Biometric Authentication
iOS 11 was released in the fall of 2017 alongside Apple’s 10th-anniversary edition iPhone, which included a new feature called FaceID. Much like TouchID is used for identity and access management (IAM) within the device itself, FaceID performs a quick scan of the user’s face to provide more secure biometric authentication than the traditional fingerprint method. As far as MDM capabilities go, FaceID falls under the same APIs as TouchID.
Aside from the new hardware features, iOS 11 introduced a new classroom feature, which administrators of educational institutions can use to limit what students have access to on their iOS devices while still providing a rich experience that coincides with their lesson plan. Teachers can now turn off screens, push out apps and deliver presentations from a central device to all their students at once.
Since iOS entered the enterprise, IT teams have needed some form of remote support. Users might be miles away from their IT representative and need fast, effective help. For years, the only method of delivering remote support was through AirPlay, which required both the IT representative and user to be on the same Wi-Fi network. With iOS 11, remote assistance is available with software such as TeamViewer to provide a live look at a user’s device. This feature also integrates with the organization’s MDM solution.
Notable iOS MDM Enterprise Features by Version
What’s Next for iOS and MDM?
Each iteration of iOS introduces more features that can be applied to MDM capabilities, making the jobs of IT and security leaders easier. Over the years, iOS device management has grown from basic commands to in-depth, complex and customized solutions that fit organizations perfectly. With iOS 12 coming in the fall of 2018, we can only speculate as to what capabilities IT administrators will be able to manage through an MDM solution.