iOS 7 Enterprise Features

Jake Woodhams
Jake Woodhams | September 17, 2013
Product Releases
Mobile Security

I love the new iOS 7 look-and-feel and a lot of the cool new consumer features, but at MobileIron, what we’re even more stoked about are all the new iOS 7 Enterprise Features and Capabilities. iOS 7 Business features don’t have the panache of consumer functionality, so most of these new capabilities only made it to the “and a whole lot more” Keynote slide near the end of Craig Federighi’s iOS 7 WWDC presentation and haven’t gotten much attention in the press. But don’t for a minute think the new iOS 7 Enterprise functionality isn’t game changing. Apple’s iOS 7 Enterprise features are about enabling and mainstreaming mobile technology and facilitating new use cases in business and education via MDM (and who’s better at MDM than MobileIron?), while preserving the elegant Apple end-user experience. We’ve always agreed with Apple that technology should have a great end-user experience and we’ve always been about enabling mobility in Enterprise. Now Apple has given us new tools in iOS 7.

iOS 7 Enterprise Features

  • Open In Management
  • Managed App Configuration
  • Per App VPN
  • Enterprise Single Sign-On (SSO)

Let’s take a look at four of the new Enterprise capabilities enabled in iOS 7.

Open In Management

I’ll start with what Apple calls “Open In Management”. “Managed apps” can be in-house apps or public Apple App Store apps; managed app installation on the end-user iOS device is instantiated from the MobileIron Enterprise App Storefront. “Unmanaged apps” are apps that the end-user independently installs, typically from the Apple App Store. In pragmatic terms, think of managed apps as business apps and unmanaged apps as personal apps.

The concepts of managed and unmanaged apps aren’t new to MDM in iOS 7. But the Open In Management in iOS 7 extends Apple’s MDM protocol with new parameters to implement data protection options for managed apps. MobileIron can now implement an optional control on whether documents and attachments can be opened from managed apps only by other managed apps or by all apps. There’s also a corresponding control for unmanaged apps that prevents personal data from being opened in managed apps.

Consider a pretty common use case. Many companies use Microsoft’s Office 365 solution for productivity apps and Sharepoint for collaboration. With the Office 365 app and MobileIron Docs@Work app managed on an iOS 7 endpoint, a Managed Open In control can be implemented that allows the end-user to open and edit company documents, accessed on Sharepoint via the Docs@Work app, in Office 365. At the same time, a control can be implemented that prevents the end-user from opening company documents from the Sharepoint in an unmanaged, personal cloud-based content locker like Dropbox. The company gets what it needs — mobile end-users have productivity technologies that are secure and policy compliant. Users get what they want — flexible mobile technology that meets both work and personal needs.

Managed App Configuration

Next, let’s look at Managed App Configuration. Think about things that often need to be configured with Enterprise apps. The most common are probably server names, LDAP credentials, and certificates. Sometimes these configurations vary based on things like geography and department. It’s hard for end-users to configure these parameters and it’s hard for IT to manage at scale. In iOS 7, Apple has extended their protocol to allow companies like MobileIron to automatically distribute app configurations to managed apps. For the mobile end-user, managed apps “just work” after installation; for IT, it’s much easier to manage at scale. Everybody wins.

One of the biggest advantages of mobility is obviously that you can work wherever and whenever you want. For traditional IT though, this has been a recurrent nightmare because when users are mobile, they’re seldom connected to trusted networks and IT needs assurances that corporate data and managed devices are secured. Legacy VPN technologies were designed for nomadic devices like laptops, not always-on mobile devices like smartphones and tablets. IOS 7’s new Per App VPN and On-Demand VPN capabilities start moving things in the right direction. With MobileIron and iOS 7, managed apps can be assigned to VPN rules that tack up a secure VPN connection to the corporate network when these apps need to access secured resources. The rules are pretty flexible and granular and the solution is dynamic and transparent to the mobile end-user.

Enterprise Single Sign-On (SSO)

Finally, I will highlight an iOS 7 feature Apple’s calling Enterprise Single Sign-On (SSO). Think about the nuisance of repeatedly entering user credentials whenever you access enterprise resources. For most people, this is tolerable in the laptop world, but a real practical barrier to the utility of mobile devices in the enterprise. Apple’s Enterprise SSO feature leverages common enterprise technology — Kerberos — to try to simplify things so that mobile users only login once for all corporate resources. After the initial login, the SSO technology handles authentication and entitlement transparently as the end-user accesses corporate resources. This is pretty exciting stuff.

Now, why did I decide to highlight these four features from iOS 7? As I mentioned earlier, Apple is giving us new ways to enable mobility in the Enterprise. We know this at MobileIron because in iOS 7, Apple is providing generalized tools that complement many of the things we’ve been doing with our AppConnect program. Our customers tell us how much they need these enablement features to give mobile users what they want while meeting their security and compliance needs. We’ll continue to innovate with AppConnect of course. But what Apple’s doing with iOS 7 is really exciting.

You can learn more about iOS 7 Enterprise Features by clicking here.