WavebreakMediaMicro - Fotolia
Apple's iPhone is a popular choice for business users, but some organizations have struggled to fully secure and manage these devices.
With iOS 13, Apple introduced several new features that could make the task of securing and managing iPhones easier for mobile administrators. While these mobile device management (MDM) features for iOS 13 are all helpful in certain situations, IT professionals must determine when and how to use them.
Key iOS 13 mobile device management features
One notable iOS 13 mobile device management feature that Apple introduced is automatic enrollment. This feature, alongside Apple Business Manager, allows IT to create a separate business file system in conjunction with a dedicated iCloud account.
Mobile admins would need to create this file system during the enrollment process, and if IT unenrolls the device, the iPhone would delete the business files. These business file systems contain data for email attachments, calendars, Notes, iCloud repository information, and more.
Apple has added a major component for enterprise security by providing a mechanism to separate personal data from the business file system. This feature essentially produces two distinct areas on the device by creating a unique business identity in Apple's iCloud service separate from a personal identity and is enabled by the automatic enrollment feature above.
IT can create the business identity when the device is provisioned through the use of an MDM platform. This separation allows mobile admins to wipe corporate data and apps on a business iPhone without affecting the personal apps and data of the device. This is critically important for organizations with BYOD deployments, but it still could be helpful for corporate-owned devices that employees use for personal tasks.
Apple also enhanced Managed IDs for business as an iOS 13 mobile device management feature, which are more useful now that IT can link these IDs to business iCloud accounts during enrollment. IT professionals can connect users' business accounts with iCloud Notes and iCloud Drive to keep all business data segregated from the personal data.
This makes any business files or data less likely to leak into the personal part of the device. This is critical from a security perspective, as most users carry a significant amount of sensitive data with them on their devices. This data segregation also makes it easier for admins to provision devices for use with corporate systems, which has not always been an easy task.
Automated Device Enrollment alongside Apple Device Management allows organizations to build a custom and branded webpage that users access to enroll their devices. This allows organizations to provide users important information, such as terms and conditions for use, privacy policies, support Q&A, app use policies and customized personnel information. It also allows IT to deploy company-specified apps and data in a separate and controlled segment of the Apple device, which is crucial for device security.
Many organizations are also interested in limiting the types of actions users can take with their devices. IT can enforce several new corporate restrictions with iOS 13 mobile device management, ensuring unauthorized apps and services can't access segmented parts of the device. Some of the restrictions IT can deploy via MDM include enabling or disabling attributes such as Find My Friends, Find My Device, Wi-Fi power and QuickPath keyboard. These policies help organizations avoid unsafe user behaviors that could compromise the device.
With iOS 13, Apple also released APIs to extend Face ID and Touch ID for a single sign-on capability. When integrated into mobile apps, these authentication methods can allow easier device access for users and boost security with multi-factor authentication capabilities. Stealing user credentials is one of the primary attack vectors for infiltrating corporate systems, so this iOS 13 mobile device management feature will help prevent such attacks.