The launch of Apple iOS 10, dubbed the ‘biggest iOS release ever’, is extremely significant for enterprises. The stand out development is the effort Apple has put into integrating its partner ecosystem.
In short, this means enterprises can now easily deploy and secure work-ready apps on iOS devices and also have a broader pool of industry-leading apps to choose from. All the complex development and integration work has been done up front, so it’s just a question of choosing the appropriate apps to get users up and running quickly. And this, of course, helps drives productivity.
In tandem with this, the introduction of the supervised controls in iOS 10 makes it much easier to deploy and securely manage large fleets of devices in any organisation of any size. This ranges from global enterprises to smaller operations, whether it’s a specific field sales team or HR meeting room.
Another important development is the fact that iOS 10 also allows OS updates to be installed on macOS through MDM, which is a significant step towards convergence of desktop and mobile management in the enterprise.
Let’s dig a little deeper, looking at some of the features and why iOS 10 can truly be called a mature enterprise OS.
Integration with Cisco for communication apps
The first point that needs emphasising is tight integration with Cisco QoS. It's designed to improve enterprise services within the iOS platform. Business applications delivered through EMM automatically get better performance on Cisco networks.
It can further prioritise performance specific enterprise apps, like voice and video, to ensure the best possible user experience. This ability to fast-track certain business apps will be important for mission-critical communications apps.
At the same time, the Cisco Spark app has been integrated with native iOS calling features. They will look and feel like calls made using Apple’s native phone app.
The Device Enrolment Programme and its importance
Macs enrolled in Apple’s Device Enrolment Programme (DEP) are able to install major macOS updates, too. As a result, enterprise customers can use MDM to update any device running macOS Sierra.
Importantly, Sierra supports a new payload to configure the IP firewall and allow IT admins to apply policy restrictions to Apple Music, iCloud Keychain sync, iCloud photo library, Back to My Mac, Find My Mac, Notes sharing and more.
In short, EMM platforms can now be used to secure and manage most Apple devices, including iPhone, iPad, wearables, and now macOS, which takes us a significant step closer to IT admins being able to manage and secure both mobile and desktop devices through a single EMM platform.
Devices in the DEP can also deploy an MDM-initiated activation lock, enabling EMM providers to enforce an activation lock on the device and override the activation lock if required.
Notifications and Messaging
New controls help the IT department improve the user experience by customising how notifications for different apps are displayed. IT can also turn off notifications for mission-critical apps or restrict notifications to a certain level for selected apps, enabling greater levels of security for enterprise data – for example, restricting data access to levels that are appropriate to roles.
iOS 10 also introduced the Messages App Store, allowing developers to create apps to be used in iMessage. Enterprises can build these applications as well, essentially delivering entire workflows into a text message. For instance, if an approval needs to be made, the approver notification can be made over iMessage and the approval can be taken directly from the message without having to use a separate app.
Many organisations have blocked VPN access from iOS devices because it did not support Extensive Authentication Protocol (EAP). However, iOS 10 now supports VPN IKEv2 EAP-only mode, which enables organisations to provide secure VPN connectivity from iOS devices.
iOS 10 security has eliminated a vulnerability that previously allowed a user to automatically unlock a Mac computer with an Apple Watch and without having to type in a password. Now, once a user unlocks an Apple Watch, it needs to stay in contact with the user’s skin to stay unlocked — if the user takes it off, it locks back down. This stops access to a MacBook via a stolen Apple Watch.
Another security feature measures how long it takes the signal to go from an Apple Watch to a Mac. The user must be within three metres before the Mac will unlock. This helps prevent relay attacks that rebroadcast the signal from an Apple Watch across further distances.
Security features from iOS 9.3
iOS 10 incorporates a couple of security features from its predecessor iOS 9.3. These include app blacklisting and lost mode. App blacklisting enables IT admins to stop users from accessing restricted apps. Users might download blacklisted apps but EMM controls block the app from being used. Devices can also be locked down so employees can only access company approved apps.
Lost mode enables IT administrators to designate managed devices as ‘lost’. Given the generally high rate of lost devices, it’s a useful feature. ‘Lost’ devices report their geolocation to enterprise mobile management even when location services are disabled on the device.
Improved interoperability – but need for security
New iOS 10 features also allow users to easily download apps and share data across all of their devices, whether this is an iPhone, iPad, Mac laptops and even an Apple watch. These features can provide significant productivity boosts, but IT departments may need to factor in extra security measures to ensure enterprise data is not at risk.
For instance, a feature called Universal Clipboard makes it easier to move content between Mac and iOS devices without the need for AirDrop or other solutions. If a user copies text, photos or videos onto a device clipboard, this content is automatically uploaded to iCloud so it can be pasted onto another device.
However, Universal Clipboard could potentially lead to data loss unless enterprises have controls in place to block users from copying and pasting large amounts of data into unauthorised apps.
Integration with leading vendor apps
Apple’s commitment has extended beyond its technological improvements to the OS. The firm has worked with a wide range of leading vendors, such as MobileIron, Cisco, IBM, Box, Docusign and more to create integrated experiences that solve business problems.
Technologies like App Config Community make it easy to deploy these applications – administrators don’t need to know about details of the app’s functionality but rather can simply deploy apps that automatically configure themselves and make users productive.
Today, we can say with certainty that iOS is a fully mature enterprise platform. iOS 10 is less about new features and more about integration with its partner ecosystem. This lifts app integration and approval workloads from IT and makes app deployment easier, quicker and more secure.
And because OS updates can now be deployed on any iOS or macOS, a significant step has been taken towards true desktop and mobile convergence in the enterprise.
Sean Ginevan, senior director of strategy of MobileIron
Image source: GokGak / Shutterstock.com