Don’t worry, I’m not going to break out into another cover that no one wants to hear. There’s just so many enterprises going through a crash course in enabling remote work. At the same time, employees no longer have the luxury of walking over to IT and asking questions about gaining access and signing into enterprise apps to do their jobs. There’s enough to worry about during these times; gaining remote access to enterprise apps and data shouldn’t be one of them.
Part 3 of our how-to webinar series focuses on the basics of distributing, configuring, and enabling secure access to all enterprise apps, whether they live on-premises or in the cloud. This blog provides some high-level best practices for Android, iOS, macOS, and Windows 10, but I encourage everyone to check out the webinar for a more detailed walk-through on how to build out a solution your end-users will love.
Apps make the world go round, but it’s IT’s job to get them properly deployed on employees’ devices. There are some inherent challenges that come with app distribution, such as inconsistent public availability across various app marketplaces, private enterprise apps, and potentially applications developed for in-house only.
- Public: MobileIron integrates with every leading app marketplace like Apple Business Manager (ABM) on iOS/macOS/tvOS, Managed Google Play on Android, and Microsoft Store for Business on Windows 10.
- Private Apps: ABM, Managed Google Play, and Microsoft Store for Business allow for enterprises to distribute their apps privately to their end-users without making them available publicly.
- In-house Apps: Distributing applications through ABM, Google Play, and Microsoft Store is the best way to manage your application lifecycle. However, I know there are areas where in-house app distribution is still prevalent and needed. In-house app distribution is still heavily used for desktop (macOS and Windows 10) applications. With MobileIron, enterprises can distribute PKG, DMG, app, Win32, MSI, and MSIX. For distributing in-house apps on mobile, IPA and APKs are also supported.
How many of you have memorized all of your company URLs to login to your enterprise apps? I know I haven’t. Some platforms like iOS and Android in the Enterprise have built managed application configurations to make it extremely easy to configure.
We can break down the options for app configuration by the following platforms:
- iOS: Appconfig Community presents key/value pairs in an easy to understand UI directly from the MobileIron console. Managed app configuration through plists is also available, but administrators need to research if their application vendor supports managed app config and the various types of values.
- Android Enterprise: Administrators can easily determine if the application supports managed app config when adding the application in MobileIron’s unified endpoint management (UEM) platform (video below).
- macOS: For Microsoft 365 apps, MobileIron has an auto account configuration to prepopulate their email address and automatically sign into Microsoft apps. You can also configure many applications through plists and custom configurations. Lastly, you can always bring your favorite scripts into MobileIron and run them once or at a specified time interval.
- Windows 10: Microsoft 365 Apps (formerly known as Office 365 ProPlus) can be configured initially through the Office customization tool. Most applications like Zoom, Google Chrome, Microsoft Apps, and others still support group policy objects (GPO). MobileIron can automatically ingest these ADMX templates and administrators can configure them easily through our GPO settings configuration.
Secure Access to On-Premises
Once we’ve prepared our apps for distribution and configuration, enterprises may need to enable a remote access VPN like MobileIron Tunnel for access to on-premises resources. MobileIron Tunnel is available on Android, iOS, macOS, and Windows 10 and is incredibly easy to configure and scale based on remote work needs. Some of the deployment options include per-app, on-demand, or always-on VPN to protect data in transit. The webinar series goes into a bit more detail on how to configure MobileIron Tunnel on each platform.
Secure Access to Cloud
As companies transition to remote work, their corporate data also migrates away from an on-premises datacenter to SaaS-based services like Zoom, Salesforce, Slack, and Microsoft 365. Mobileiron’s mission is to eliminate passwords and promote a seamless end-user experience. The webinar goes into configuring MobileIron zero sign-on for any SAML 2.0 or WS-Federation service, applying conditional access rules to only authorized devices and apps, and creating easy-to-understand remediation pages based on your policy set.
When you combine everything together, users get the applications they need, app configurations like URLs pre-populated, and seamless authentication to on-premises and/or in the cloud with no passwords in sight.
Any organization can enroll an unlimited number of new users and devices in MobileIron’s UEM platform at no additional cost through June 15, 2020 to secure access to applications. Click here to learn more or register for a series of upcoming webinars that go into more detail on Apple, Android in the Enterprise, and detecting/remediating threats on the device.