What iOS 9 means for App Distribution and Enterprise Device Enrollment & Management
With iOS 9, Apple has introduced many exciting new features for mobile device enrollment, app distribution and device management.
Apple’s Device Enrollment Program (DEP) enables Enterprises to require enrollment by corporate-owned devices via MDM (mobile device management). Alternately, the MDM server can hold a device in Setup Assistant until it’s completely setup. Further, Setup Assistant may be configured to disable specific setup panes including Touch ID, Apple Pay, and Zoom. iOS 9 adds Android Migration to the list, thus preventing unwanted data from being migrated to a corporate iOS device from an unknown Android device. While DEP does not support Bring Your Own Device (BYOD) deployments, MDM is still supported in this situation and can be used to manage the iOS device—though employees have the ability to remove it.
From a distribution perspective, Apple’s Volume Purchase Program (VPP) finally allows companies to purchase apps—such as productivity tools—in bulk, often at a discount. Support for VPP Managed Distribution has been expanded to include 26 countries, and purchased apps are now available in any country that sells the app. In other words, if your company is based in the US but also has offices in the UK, the apps may be purchased in the US and downloaded in the UK as well.
Prior to iOS 9, users were required to assign VPP apps to employees with an Apple ID. Now administrators may also assign VPP Managed Distribution apps to devices or re-assign apps from an employee to a device without re-installing the app or losing employee data. Users also have the ability to revoke apps from employees or devices and then re-assign the licenses to a different employee or device. This comes in handy when managing a licensing budget during staff transitions, though it’s important to communicate that paid, company-provided apps are available to employees only during their employment with the company.
Enterprise app distribution also involves a new “explicit employee trust flow” when distributed outside the app store, via MDM. What this means is that the developer profile will show up in an alert as untrusted. Whereas previously employees could establish “trust” directly from the alert, now they must go into Settings to assert a developer’s trustworthiness. This provides additional security, hopefully preventing employees from inadvertently trusting a malicious app. Administrators also have the ability to prevent users from trusting certain apps altogether, meaning some may only receive Enterprise apps via MDM (which are always implicitly trusted upon install).
In addition, iOS 9 offers Exchange Active Sync 16 (EAS16) improvements. These include better reliability when using iOS to create meeting invites as well as other improvements to the meeting-creation and modification process. In addition, the calendar performs better across all-day event time zones and now supports attachments and the inclusion of physical locations.
Configuration profiles enable administrators to apply the same settings to a large number of devices. And new profiles like Network Usage Rules let administrators specify whether managed apps can use or roam on a cellular network, helpful in preventing excessive costs associated with data usage. Additional profiles include those for SSO and VPN settings.
Traditionally, Enterprise BYOD devices have been unsupervised. iOS 9 introduces several new restrictions upon such devices (including Disable Screen Recording, Trust New Authors and Treat AirDrop as Unmanaged Destination). With Apple’s next major iOS release, restrictions on App installation, App removal, FaceTime, Safari, iTunes, Explicit Content, iCloud documents and data, Multiplayer gaming, and Add GameCenter Friends will be available only for supervised devices.
The Propelics team has deep experience helping enterprise customers tackle new technologies and develop mobile strategies that streamline business processes to dramatically boost revenue and reduce costs. These highlights of what’s new in Enterprise Device Enrollment, App Distribution and Device Management will help prepare your company as employees upgrade to iOS 9. But be sure to check out our IT Strategy for Mobile Kickstart to better prepare your IT for integrating the new iOS into your mobile enterprise strategy or our Mobile UI/UX Design Kickstart to ensure your mobile apps are up-to-date and take advantage of the latest design and interaction modalities.