What’s New: MobileIron UEM April 2018
Our MobileIron product team continues to keep the pedal to the metal to enable support for new use cases that help to improve enterprise security and provide an excellent user experience. Let me take just a few minutes to tell you about the improvements we’ve made to our unified endpoint management (UEM) platform over the past month or so. Good stuff!
Microsoft Azure AD integration
MobileIron Cloud UEM now enables admins to sync users from Azure Active Directory (AD). Azure AD enables admins to leverage integration with an identity provider (IdP) such as on-prem Microsoft Active Directory Federation Services (ADFS), Azure AD’s identity-as-a-service (IDaaS), or a SAML-based IdP. As a result, organizations can add on-prem corporate directories, external certificate authorities (CAs), and certificates to MobileIron Cloud by means of secure HTTPS without an onsite MobileIron Connector. With the ability to use Azure AD for user source and IdP, organizations can choose one of the following deployment methods that best meet their needs:
- Azure AD for both user source and auth
- Azure AD for user source and cloud-based IdP (pure cloud/zero footprint)
- Azure AD for user source and ADFS (hybrid/common footprint)
Integration with derived credentials
Derived credentials are trusted user identities for mobile devices. They are derived from smart cards, which are also known as personal identity verification or PIV cards. Derived credentials make it possible for users of federal government agencies to securely access sensitive data from their mobile devices without a smart card. As a result, organizations benefit from strong security without requiring employees to use a smart card on mobile devices.
MobileIron Cloud UEM now offers several benefits through our integration with Entrust Datacard:
- Compliance with various federal regulations including NIST SP 800-157
- Multi-factor authentication to backend services using certificates
- Credentials are securely generated on the device, not distributed over the air
- Credentials are securely stored on the device inside MobileIron AppConnect
Continued improvements for macOS endpoints
MobileIron has continued to innovate new ways for securely enabling employees to use their preferred devices for work, including a personal or company-owned Mac. That’s because MobileIron empowers customers to provision, configure, secure, monitor, and retire all of their endpoints, including mobile and desktop, using a single platform. Now we’re taking those capabilities even further.
MobileIron UEM now offers support for per-app VPN with MobileIron Tunnel, which can be found on the Apple App Store. IT can now apply per-app VPN to apps from the Mac App Store or to third-party (in-house) apps. MobileIron Tunnel enables employees to gain secure, instant access to business information by providing secure network connectivity and dynamic access control on any device. By leveraging MobileIron Tunnel for macOS, you can provide zero-touch, per-app VPN connectivity to resources behind the corporate firewall so your Mac users can securely access the productivity apps and content they need. Since only authorized business data can flow through MobileIron Tunnel, organizations don’t have to worry about threats from personal apps or malicious downloads.
We’ve also introduced the ability to reset the password of a local admin account created during enrollment into Apple Device Enrollment Program (DEP) for macOS (10.13 and later). Previously, the password created for the admin account during the DEP registration process was created en masse, but our new feature makes it very easy for admins to change the password for particular devices whenever necessary. To learn more about securing and managing Macs in your enterprise, check out our latest white paper, “Securing macOS in the modern work era.”
Android alpha and beta channel releases
Let’s take a quick look at a couple of improvements we’ve made in support of the Android platform. MobileIron Core and Cloud now support alpha and beta channel releases from Google Play to help admins deliver private apps in different stages of the lifecycle to different users. The ability to manage a phased delivery for new apps helps improve app quality while also ensuring a smoother, more controlled rollout. Production versions of apps can also be deployed to users, while deployment of early versions of apps can be limited to IT teams (beta release) or developers (alpha release).
These are just some of the highlights from our latest releases of MobileIron UEM, and we’re excited to share even more great innovations from our roadmap in the near future. Stay tuned for additional updates down the road!