6 Things Every CIO Should Know About iOS 10.3
Russ Mohr | March 27, 2017
With iOS 10.3 Apple has launched a major release of new features for business and education customers. In the past, most major iOS enhancements were announced at Apple’s Worldwide Developer Conference (WWDC), and then delivered in the fall. However, for the last two years, Apple has focused its “dot 3” releases on enabling the modern mobile enterprise and classroom. Here’s what you need to know.
1. Better Wi-Fi Controls
A new iOS restriction will allow admins to control which Wi-Fi networks supervised (corporate-owned) devices can connect to. This capability allows mobile admins to limit Wi-Fi connections to just the networks their organization has deployed. When an end user opens Wi-Fi settings on their device, they will see only the networks that were configured by their administrator, and those Wi-Fi networks will only be visible when the device is in range of the access point. Wi-Fi restrictions will be especially attractive to organizations that want to restrict kiosk-mode and point-of-sale devices from connecting to untrusted networks.
2. Email Just Got More Secure
Apple is adding support for oAuth 2.0 in the native email client to provide native security capabilities that go beyond username and password. The new authentication option is available to organizations that deploy Exchange services with Microsoft Office 365 and Active Directory File Services (ADFS). When oAuth 2.0 is deployed, a token is used to verify the connection. Together with improvements around S/MIME, the secure email protocol that uses certificates for signing and encrypting email, Apple is demonstrating a serious commitment to securing enterprise email on iOS devices while at the same time improving the user experience.
3. tvOS management: It’s not just for iPhones and iPads
Apple is making a significant investment in beefing up controls for tvOS. New iOS 10.3 EMM controls that allow admins to remotely shut down and restart iOS devices are also being extended to tvOS 10.2 and later devices. Other enhancements allow admins to deploy configurations like certificates, Wi-Fi networks, and global proxies that were previously only available to iOS devices. From a security standpoint, admins will also have more control over how tvOS devices use AirPlay, when a passcode is required, and which apps can be used on an Apple TV.
4. Continued investment in Education
The Shared iPad in Education program was introduced in iOS 9.3. It includes a cloud component called Apple School Manager (ASM) and a teaching app called Classroom. It also requires enrollment with DEP and EMM management. Currently the program is only intended for educational institutions, however, with iOS 10.3, Apple is introducing the concept of an unmanaged Classroom 2.0 app that can be used by any institution. Apple is also making some incremental improvements to the existing Shared iPad in Education program and continues to invest heavily in education. For more information about Apple’s education programs, check out Apple’s education website.
5. iOS has a new File System
One of the biggest changes in iOS 10.3 is something most people won’t even notice. The file system, which has been running on Macs since 1985, is also the underlying structure on which iOS and tvOS runs. With the release of 10.3, it has now been updated for the first time since the inception of the iPhone in 2007. The new Apple File System (APFS) update is optimized for SSDs and Flash memory, and it’s designed to prioritize latency, which means things will happen faster on your device. It also supports encrypting data with multiple keys, which may indicate that some practical new capabilities around data protection will be coming in future releases. APFS will make its first appearance on iOS 10.3 devices, with macOS and tvOS to follow. If your organization is deploying in-house apps, you should thoroughly test them against iOS 10.3. And don’t forget that Apple will soon deprecate support for 32-bit apps.
6. Better controls for company-owned devices
Many of the new capabilities in iOS 10.3 can only be deployed to supervised devices. Device supervision is Apple’s methodology for corporate devices that are tightly restricted to business-mandated functions and are allocated additional levels of controls. Companies that participate in Apple’s Device Enrollment Program (DEP) can supervise devices over the air when they are enrolled with MobileIron. Apple has also indicated that some iOS restrictions that were available for all iOS devices in the past will now be deprecated and only made available to supervised devices. Examples of past restriction deprecations for non-supervised devices include the ability to allow the use of Safari, FaceTime, and Siri. Apple doesn’t provide dates for these deprecations, but if your organization is deploying iOS restrictions to BYOD devices, it might be worth reviewing your current restriction policies.
The takeaway: iOS 10.3 puts more control in the hands of IT
With the release of iOS 10.3, Apple continues to deliver powerful enterprise features that are particularly attractive to organizations deploying corporate-owned, single-use (COSU) devices such as retail kiosks. For example, new Wi-Fi network restrictions and the ability to remotely shut down and restart devices offer greater security control over mobile devices and users. Many of the new features are ideal for organizations with supervised devices, and will likely increase the use of DEP for enrolling supervised devices.As a result, iOS 10.3 is more than just a point release from Apple. Organizations such as retail and educational institutions should take a closer look at how these new features can help them better manage and secure their mobile fleets.
To learn more, tune into our podcast on iOS 10.3.