Management of iOS devices takes place via a connection to the Mobile Device Management server. The device communicates with the server to see if there are tasks pending and responds with the appropriate actions. These tasks can include updating policies, providing requested device or network information, or removing settings and data.

 

 

When an MDM Server wants to communicate with an iPhone or iPad, a silent notification is sent to the device via Apple Push Notification service, prompting it to check in with the server. The process of notifying the device does not send any proprietary information to or from the Apple Push Notification service. The only task performed by the push notification is to wake the device so it checks in with the MDM server.

All configuration information, settings, and queries are sent directly from the server to the iOS device over encrypted SSl/TLS connection between the device and the MDM server.

 

 

 

User Authentication

User authentication ensures that incoming enrolment requests are from authorised users, and that the users device information is captured prior to proceeding with certificate enrolment

 

Certificate Enrolment

After the user is authenticated, iOS generates a certificate enrolment request using the Simple Certificate Enrollment Protocol (SCEP). This enrolment request communicates directly to the enterprise Certificate Authority (CA), and enables the Phone or iPad to receive the identity certificate from the CA is response.

 

Device Configuration

Once the device is installed, the device can receive encrypted configuration information over the air. This information can only be installed on the device it is intended for and contains the settings needed to connect to the MDM server.

At the end of the enrolment process, the user will be presented with an installation screen that describes what access rights the MDM server will have on the device. By agreeing to the profile installation, the user's device is automatically enrolled without further interaction.

Once the iPhone or iPad are enrolled as managed devices, they can be dynamically configured with settings, queried for information, or remotely wiped by the MDM server.

Configuration Examples

Accounts

  • Exchange, IMAP & POP
  • Wi -Fi
  • VPN
  • LDAP

Device Functionallity

  • Allow installing of apps
  • Allow use of camera
  • Allow facetime
  • Allow screen capture
  • Allow syncing while roaming
  • Allow in app purchase

Applications

  • Allow use of YouTube
  • Allow use of iTunes Store
  • Allow use of Safari
  • Set Safari security preferences

Content ratings

  • Allow explicit music and podcasts
  • Set ratings region
  • Set allowed content ratings

Passcode Policies

  • Require passcode on device
  • Minimum passcode length
  • Maximun number of failed attempts
Product Logos Aproove
© opalcs 2011 
Site by Komodo Software