What’s New with MobileIron EMM

We are excited to bring you another new release of MobileIron enterprise mobility management (EMM). Let me tell you about some of the powerful new features now available to support macOS, Android enterprise and Windows 10 mobile devices and desktops. The following updates are included in the on-prem version of the MobileIron EMM platform.

macOS support

Macs continue to gain acceptance in the enterprise, and we have extended the reach of MobileIron EMM to help you secure and manage them alongside your organization’s iOS, Android and Windows 10 mobile devices and desktops. You now have additional visibility into the encryption status of Macs, which enables you to easily identify desktops that present increased security risks due to lack of encryption, and take corrective actions. And speaking of encryption and security, you can now use MobileIron EMM to activate Apple’s FileVault 2 encryption on a Mac’s primary drive in order to protect data at rest. Also included in our macOS enhancements is the ability to use Apps Gatekeeper, which enables you to specify the conditions in which apps are allowed to be downloaded and executed on Macs you manage. This provides another line of defense against malicious apps. Also important to point out is that you can now distribute apps on Macs, and use labels and corporate-based VPP to assign correct apps to users, just as you do with iOS. Not only is the complete app inventory visible in the MobileIron EMM console, but the App Catalog also supports features such as description and rating, categories and search. Also important to note is that you can now define Policy and Compliance for Macs, just as you do for Android, iOS and Windows 10 mobile devices and desktops. Account creation during DEP (Apple’s Device Enrollment program) enables you to specify admin account and primary user account creation. And finally, we are pleased to report that all Mac restrictions (through Sierra 10.12) are now supported.

Secure Android enterprise deployments

We’ve also introduced some nice enhancements for Android enterprise (formerly Android for Work). First, you can now manage runtime permissions on behalf of your users. This means you can prevent apps from accessing too many permissions, or enable permissions for apps (e.g., allowing location permissions for navigation apps), so that your users aren’t forced to make the determination . Another feature I’d like to point out is the ability to restrict input methods and accessibility services. Why is this important? Because Android input methods (keyboards) and accessibility services are shared between work and personal profiles. This poses security challenges, as some keyboard apps are a springboard for the introduction of malware. For example, some keyboard apps track keystrokes and see what’s on the user’s screen. So, to combat this potential intrusion, you can now allow only keyboards that you have deemed trustworthy. Also included in this release of MobileIron EMM is a new feature for Android enterprise that helps to keep your corporate Android devices protected and secure by enforcing the Google Play Verify Apps. This feature requires security verification of apps in order to prevent harmful activities. And finally, using MobileIron EMM, you can enable or disable a system app in the work profile or work managed device. For instance, as you know a set of applications are often included in the system image by the device OEM or the carrier. If you feel that some of these apps are not desirable, or perhaps required but not made available (e.g., system camera), you can easily override system defaults to make changes as you see fit.

Improved Windows 10 support

Now let me share with you some of the key updates we’ve made in support of Windows 10 mobile devices and desktops. First up, you now have the ability to schedule a window of time in which large applications can be installed, whether UWP, MSI Wrapped Win32, or simply Win32. This means that you can prevent the installation of large applications during times that will likely cause performance degradation (and a dose of frustration) for your users. Next, MobileIron EMM now gives you additional control over your Windows 10 devices. For example, you can now restrict access to Control Panel, Task Manager, File Explorer, Registry Editor, USB access and write access to USB/removable storage devices. This helps to improve security for your organization. We’ve also introduced new controls to enable configuration of Outlook clients for your Windows 10 devices (requires MobileIron Bridge). The client can be used with both Outlook 2010 and Outlook 2013. Another improvement you should know about is the ability to control additional Windows 10 desktop settings, including desktop background, lock screen, screensaver and desktop shortcuts (also requires MobileIron Bridge). Control of these settings from your MobileIron EMM console means better manageability and an improved user experience.

Custom branding for Apps@Work

Before we wrap up here, one other new feature I want to make sure you are are of is Apps@Work custom branding. As a reminder, Apps@Work is an enterprise application storefront that manages both in-house developed apps and third-party business apps that can be delivered to your users. You can now include a customized logo, colors, splash screen and name for your enterprise app store. In doing so, you can ensure that the user experience is consistent with your corporate branding. This added level of familiarity will help to reduce user confusion, as well as the number of help desk calls.

So, there you have it, the top highlights of our latest release of MobileIron EMM. I hope that you found this information to be helpful, and invite you stay tuned for additional updates down the road. Thanks for reading!

Matthew Law

Product Marketing Manager - Mobile Security at MobileIron

About the author

Matt Law has more than 20 years of combined experience in tech product management, product marketing and sales. Prior to joining MobileIron as a product marketing manager for mobile security, he served in similar roles in the areas of high-performance computing (HPC), backup and recovery (BAR), continuous data protection (CDP) and desktop virtualization.  A Florida native, and graduate of the University of South Florida in Tampa, Matt migrated west via Colorado, and now resides in Southern California with his wife and two children. In his spare time, he enjoys outdoor activities, loud guitars and open chords.