Enterprise mobility continues to gain adoption as a critical success factor in today’s competitive business environment. BYOD and user-choice programs abound, more and more large companies are developing their own corporate apps as an integral component of employee toolkits.
Yet, with the growing number and types of mobile devices in the workplace today, supporting, managing, and securing devices to promote employee productivity and to safeguard corporate assets presents a very real challenge. In this slideshow, Nick Thompson, solutions engineer and area expert at JAMF Software, features five best practices enterprises can adopt to succeed with mobile device management (MDM). The result is less hassle in supporting employees, increased overall productivity and assurance that valuable company assets are secure.
Lead: Adopting MDM best practices can result in less hassle in supporting employees, increased overall productivity and assurance that valuable company assets are secure.
Managing Enterprise iOS Devices
Click through for five best practices organizations can adopt to succeed with mobile device management (MDM), as identified by Nick Thompson, solutions engineer and area expert at JAMF Software.
Zero Touch Deployments with DEP
Before you can use MDM to manage your iOS devices, you first have to enroll them. There are several methods for enrolling a mobile device, but the most seamless is through Apple’s Device Enrollment Program (DEP), which entails a three step process:
- Step 1: Sign up for DEP at https://deploy.apple.com and add your MDM server to the DEP portal.
- Step 2: Then, purchase devices and link them to your DEP account. Once that’s done, you can ship them directly to users.
- Step 3: When a user turns on their iOS device on for the first time, it will be enrolled, configured, and ready for additional management – all without having to touch it.
Eliminate Containers for iOS Management
In the world of MDM, a container is an additional app designed to serve as a secure location for corporate info such as email, calendars, contacts, and even web browsing. Organizations are drawn to this concept, but in reality, it adds unnecessary bulk to iOS and gets in the way of a good user experience. Containers became popular among some MDM solutions for helping overcome Android security flaws.
The reality is that iOS native apps (Mail, Calendar, Contacts, and Safari) are already secure. There is simply no need for a “secure” email container. To preserve the best experience for users, simply use configuration profiles. A profile has the ability to add an Exchange account to iOS, which will in turn provide access to corporate email and calendars.
Manage Activation Lock w/ MDM
Activation Lock is designed to prevent theft of iPhones and iPads. By requiring an owner’s Apple ID and password, not just anyone can activate a device. This feature is great for consumers, but can cause problems for IT admins who need to reassign devices to users. Without an MDM solution, Activation Lock is a nightmare to manage and has caused many organizations to simply ban their users from using Apple IDs altogether.
As long as a device is enrolled in an MDM server and is supervised, you can generate an Activation Lock Bypass Code in case you receive a device that is locked to a previous user’s Apple ID. Once you have the code, you can enter it into the password field during the Setup Assistant and the device is unlocked.
Deploy Apps to Users or Devices with VPP
The rich library of apps in the iOS App Store can help your employees achieve even more, whether it’s turning an iPad into a cash register or transforming business processes such as managing a sales cycle or signing contracts. With an app strategy and MDM to manage your app deployments, you will ensure users have the apps they need to be productive.
- Step 1: Sign up for VPP at https://deploy.apple.com and link your VPP account to your MDM server.
- Step 2: Find and purchase app licenses from the VPP web store, including free apps.
- Step 3: App licenses are automatically added to your MDM server.
- Step 4: Choose to assign apps to either devices directly or to a user’s Apple ID.
Note: If you assign to user’s Apple ID, then first invite users to participate in your VPP deployment via email or push notification. Once they accept, the process will be completed.
- Step 5: Apps are deployed to either the device or the user’s Apple ID, and no interaction is required.
Individual Apple IDs for Users
A personal Apple ID account allows users to take full advantage of iOS and the App Store. For example, allowing users to have an Apple ID enables them to access services such as FaceTime, iMessage, Find My iPhone and iCloud.
Since the VPP store now allows you to license apps via the “Managed Distribution” method, you can simply assign apps to a user’s device or Apple ID without permanently transferring ownership to the user. This way, IT doesn’t have to spend hours creating Apple IDs specific to a device.