iOS 15: Delivering on the Needs of the Enterprise
From an enterprise perspective, iOS 15 incorporates many features customers have been asking for.
No doubt, this coincides with Apple’s performance in the enterprise space as 79% of mobile business use comes from iPhone and iPad. Furthermore, macOS X and iOS enjoy a combined 34.9% operating system (OS) distribution share among enterprise endpoints.
And just like WWDC 2020, there is still a great emphasis on user privacy and corporate data security, especially for the ever-growing Bring Your Own Device (BYOD) market (67% of employees use personal device at work and 59% of organizations have already adopted BYOD).
With that in mind, here are some of the enterprise-based highlights from WWDC 2021.
Managed pasteboard leverages Managed Open-In settings and prevents the accidental copying and pasting of sensitive data from a managed or corporate app to an unmanaged or personal app and vice versa.
Using unsecured apps to access or utilize sensitive company data is a larger problem than most people realize, as 41% of employees are using personal apps for corporate information.
With managed pasteboard, the paste function will be visible; however, the user will be notified that pasting is not allowed by policy.
Required apps allow Mobile Device Management (MDM) vendors to designate one app as a required app.
On unsupervised devices, users will not be prompted when SOTI MobiControl requests the device to install the required app. Instead, the user consents to the app when they accept the terms of installation for SOTI MobiControl.
This feature is ideal for installing an app that is essential for business-critical functions to be carried out.
Shared iPad for Business
Shared iPad for business is a smart, affordable way to ensure remote workers have the tools and apps they need to stay productive without needing to purchase an individual iPad for everyone.
Now, Apple has introduced three new options to increase security and flexibility when sharing an iPad in the workplace:
- Temporary Session Only: This prevents users from logging in using their managed Apple ID. The main benefits are that it’s perfectly suited for Kiosk Mode scenarios and it limits the amount of corporate data stored on the device (as the conclusion of each temporary session wipes the device clean). It also maximizes the space available for the user logging in because they don’t have to share the available space with any other user.
- Temporary Session Timeout: This automatically logs users out from a temporary session after a specified period of inactivity.
- User Session Timeout: This automatically logs a user out from a standard/regular user session after a specified period of inactivity.
After temporary users log out of the iPad, all associated data is removed, thus leaving the device somewhat of a “blank slate” for the next temporary user.
OS Update Management
To better control the OS update versions available to end users, Enterprise Mobility Management (EMM) administrators have three options available to them:
- Latest releases of both the latest and previous major versions: On the device, both the latest major version (e.g., iOS 15) and the previous major version (i.e., iOS 14.6) are available.
- Latest release of the previous major version only: Only the latest release of the previous major version (e.g., iOS 14.6) is available.
- Latest release of the major version only: Only the latest release of the latest major version (e.g., iOS 15) is available.
Organizations may not want to update to a new major version because they have not tested it and, as such, are reluctant to do so. With these new options in OS update management, IT departments can prevent users from accidentally updating to an unsupported major version of iOS for a longer period of time (previously OS updates could only be deferred for up to 90 days).
Focusing on BYOD with Account Based User Enrollment
Account based user enrollment integrates the user enrollment workflow into iOS settings to reduce friction for BYOD users. This new feature already leverages the three existing components of standard user enrollment:
- Managed Apple ID: This is owned by the organization.
- Data separation: At enrollment, a separate container is created to store the apps, data, and other information managed by the organization without impacting the personal data already on the device.
- Management capabilities: These are limited to those required by the organization to secure corporate data while respecting user privacy and to manage the business side of the device.
With account-based user enrollment, in the settings section of an Apple device (an area users are very familiar with), end users are able to clearly see which parts of the system are managed by the organization and which are not.
Introducing the Future of Device Management: Declarative Device Management
Apple’s current MDM protocol is built to be “reactive.” When an organization needs to apply a policy to a device, the device and MDM may “talk to each other” numerous times before the MDM can apply the policy to the device.
Also, if a change occurs on the device itself, there’s no way for the MDM to know about it without polling for information. In other words, the device does not initiate the conversation with the MDM solution.
Declarative device management – the next generation of device management – is meant to be “proactive” so that an MDM can “declare” conditional policies that the device can apply whenever those conditions are met. This effectively moves a lot of the heavy lifting from the MDM server to the device – and devices can now inform the MDM server when specific changes occur.
Though initially only supported for User Enrollment workflows, declarative device management promises to deliver significant gains in efficiency for the MDM server and more up-to-date information about devices for the IT administrator.
Enterprises and consumers behave in different ways. Enterprises may be reluctant to update their OS versions while consumers have fewer problems doing so. Meanwhile, some people are hesitant to add corporate management to their personal devices.
With these updates, Apple is working on making the whole experience better and, by extension, making all parties involved more comfortable with device enrollment, management and usability.
As such, Apple is making significant headway in the enterprise space when you consider the following:
Learn More About SOTI and Apple
You can contact us anytime with your questions about SOTI and Apple. You can also request a free demo or try the SOTI ONE Platform with a free 30-day trial or check out the following resources: