GreasedGradient

Some tidbits while tinkering.

Category: iOS

LAUSD and Cheapo MDM

I’m actually a big fan of using Apple software like Configurator and Profile Manager to do MDM on the cheap – and using ActiveSync profiles means that most people will be able to secure the information on the device, which is what most companies need.

But the particular needs of the LA Unified School District don’t really fit neatly in here.

Thanks to a whole range of news articles (the best one, I think is from Ars Technica), the LAUSD has now found out that users can easily delete their ActiveSync profile to return to an ‘unmanaged’ state.  I’m seriously amazed they could get this far down this path, with a $1B project, likely lots of support from Apple directly, and not realise that profiles can be deleted?

Apple has, in effect, always gone for a model where a device could, one way or another, be put back to a ‘virgin’ state. Even if this particular method wasn’t used, there are plenty of others to restore an iPad, with the only minor issues being getting access to specific enterprise apps.  It’s not rocket science.

The key is whether you secure your data at the app level, and whether you provide enough benefit that your users continue to elect to be under management.  In business, this is easy (lost devices can be claimed via insurance, lost data is harder), and for home users, parents could just take away the device.  But for education, where programs will rely on access to these iPads, it has a unique need to securely lock down the device entirely, but being a school, doesn’t have the budget for good MDM to help.

One of the things I’m not aware of yet it any features around device management, particularly ‘supervised’ mode in the new versions of Apple Server iOS management tools and iOS that will prevent this.  We have the functionality to, with Activation Lock, as well as supervised modes, but have not seen or tested the ability to lock down the ability to remove profiles in iOS7.  Though, with this sort of news hitting Apple in education (though not really their fault) one could imagine this being a feature introduced in iOS7.1, if it’s not in already…

SSO and Mobile

Thankfully, Apple have finally brought SSO to the table for mobile apps.

I think it’s really important – in fact, I was going to do a post how mobile apps are probably the best application of SSO, considering how users keep the device with them, and the current methods of authentication are painful (passwords on a mobile device take a long time and are error prone), and so many apps just save the password anyway to save the hassle.

The are some issues I see with SSO on mobile, and will need to be used carefully to avoid breaking two-factor authentication models, but it’s a huge win for business, and I hope it will be available via the SDK shortly.  I am really excited to see the new security features in iOS7, and keen to try them out!

Expect some posts about the Enterprise licensing (also massive improvement of enterprise management), and I’m keen to see the applications of the per-app encryption, and per-app VPN connectivity too.  It has simply huge ramifications for BYOD, and how it’s able to be accessed may be the difference between whether MDM remains relevant, or becomes even more integral to enterprise mobile management.

More on iOS7 to come for sure!

Extra Bluetooth Functionality in iOS7

Another really cool feature of ios7 is the new additional bluetooth capability.  Some major news sites have covered this, such as 9to5Mac, and the essence is the most complete bluetooth LE coverage in a mobile device so far.  So comprehensive in fact, I wonder how long it will take Android to catch up – particularly as we are still waiting for the official google bluetooth stack.

The ability to have push notification flow through to bluetooth devices, and the mechanisms to allow ‘always on’ will really improve the accessory market for iOS, and it certainly an area booming right now. I’m really looking forward to the advances we can get from Bluetooth LE! The iPhone, and to a lesser extent Android, will really have the capability to be the device ‘keyed in’ to a fully connected environment. I just wish the iPhone had more sensors onboard, but will see what the next iPhone brings.