As most are well aware, iOS tablets have garnered a great deal of appeal for utilization within businesses. For that matter, utilization of all iOS devices available for daily tasks has become a common ask amongst a multitude of workers. The People-centric IT (PCIT) trend has many industry segments receiving requests to connect people's personal devices and/or companies themselves supplying them to their workers. As mentioned in previous BYOD Basics entries, BYOD which include iOS devices, places great strain on IT professionals to resolve conflict between empowering the person as well as protecting corporate data. A planned deployment of Windows Server 2012 R2 and System Center 2012 R2 can help ease that conundrum, but still requires proper planning to ensure all requirements for both enablement and security are met.
To begin, IT professionals must break down support of iOS devices in the workplace into the following areas:
- Unified management – Management of PCIT enabled devices should be delivered through a single console to ensure simplicity in device management administration
- Enabling worker productivity– Providing corporate resources to the information worker while not compromising security
- Registration and enrollment– Providing an easy yet secure experience enabling corporate resources on a personally-owned or non-corporate device
One of the challenges that iOS devices will always face is the lack of ability to join a domain. Domain joining applies features like Windows login scripts and Group Policy which are not applicable for non-Windows devices. This IT trust issue is a limitation for IT departments tasked with protecting network resources. The lack of domain affiliation by an iOS device means that the user is denied access to resources, or must continually provide credentials as resources are accessed making the experience frustrating for the end user. Hence the reason Workplace Join was created. Workplace Join provides iOS devices with certificates delivered only after the IT professional can confirm that the device is affiliated to a known-trusted user and help the iOS device authenticate within a Windows 8.1 network. Workplace join is however only one piece of the PCIT puzzle.
Device management is another key element needed to apply policies, perform software inventories, or supply apps. Enrollment of personally owned devices only occurs when the device owner consents to allowing some IT-side administrative control of the device. Once enrollment is completed, management of said iOS devices utilizes Apple Push Notification Services in order to maintain regular communication with the device on any network connection. This assures that all iOS device requirements are addressed in regards to both protecting company data and resources as well as empowerment of the employees.
Ty Balascio, a Senior Program Manager focused on managing iOS devices in the workplace using System Center products, provides further insight into deployment and enablement of iOS devices from within the workplace.
User initiating enrollment
Offering the management profile
Enrollment profile installed
Staying productive at work on iOS devices
Microsoft has heavily invested in supporting all of the most typical user requirements when working from their iOS device. For example, the following capabilities are possible for an enrolled iOS device in an enterprise when using System Center 2012 R2 Configuration Manager:
Connecting to the corporate network
Need to push a Wi-Fi configuration for wireless access? No problem. How about VPN profiles or authentication certificates? You can push those configurations too. We support a rich array of network settings configurable for mobile devices. Because mobile devices are... well...mobile, all of the capabilities described within this blog function from any network connection, anywhere.
User-driven access to company resources
The Company Portal app for iOS provides your users with a convenient interface for gaining access to resources necessary for work. Whether it is a deep-link to the Apple AppStore, an Internet / intranet resource web-clip on the home screen of the device, or even an internal line-of-business app, the Company Portal on iOS devices will enable your users to discover, request, and install the tools they need.
Do your users rely on more than one device in the workplace? What happens when those devices become damaged, lost, or replaced? For most IT departments it means an IT support ticket to de-provision, wipe data, or perform remote-lock. With the Company Portal app the end-user is now empowered to handle those actions for themselves. So the next time someone from the Sales team leaves a laptop in a taxicab, they can quickly hop on their iPhone and kick off a WIPE action to protect the corporate data. At Microsoft, we view PCIT as both a mechanism for user empowerment as well as an approach to reducing the burden placed on IT professionals when it comes to handling common tasks the user could handle – when empowered with the right tools!
Discovering and accessing a company resource
Unified management
Policy
Most mobile devices support an implementation of mobile device management. We worked hard to build an IT-Pro experience that enables common settings and controls to flow consistently across all platforms. Set a PIN requirement once, and confidently know it will reach all devices; no matter which platform it applies. Some settings supported by Apple will only be applicable to iOS. For example, restricting access to Safari or AppStore content rating policies. With System Center 2012 R2 Configuration Manager, the most common settings and restrictions are supported.
Device state
How many iOS devices are in use within your organization? What iOS version are they running? What corporate apps have they installed? Are any devices in your org jailbroken? All decision data points necessary for compliance and inventory control are present and routinely refreshed.
IT-command-and-control
For corporate-owned devices, your IT department will appreciate the level of protection and compliance possible for iOS devices. Whether the need arises to quickly issue a factory-reset command or push apps / updates to apps, System Center puts you in control. Even for the employee-owned device, the IT department remotely controls the ability to remove devices from the network, and along with it all of the apps and company resources provided; all while leaving family photos and personal apps intact.
System Center 2012 R2 Configuration Manager, Windows Intune, and Windows Server provide a secure and reliable People-centric IT solution when enabling an iOS device in the workplace. Balance is achieved via providing the freedom and convenience for users to be productive as they see fit, but on your organization`s compliance and protection terms.
Download System Center 2012 R2 Configuration Manager Preview and Windows Server 2012 R2 Preview to start exploring the possibilities of securely enabling iOS devices within your organization.