Who says Apple isn't enterprise focused? Check out the history of enterprise management improvements in iOS from 2007-2013. - Jack Madden - BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.
Jack Madden's Blog

Past Articles

Who says Apple isn't enterprise focused? Check out the history of enterprise management improvements in iOS from 2007-2013.

Written on Apr 30 2013 6,399 views, 1 comment


by Jack Madden

A lot of people criticize Apple for not being an "enterprise focused" company. This consumer focus manifests itself in a myriad of different ways, from how the company markets their products, deals with bulk purchases, and addresses security and enterprise management capabilities. For years this didn't really matter, since Apple only had a small market share of desktops and laptops and companies just sort of dealt with them as they came up.

But everything changed when Apple released the iPhone and iPad, as users started bringing those into their work environments on their own, en mass. Whether or not Apple was serious about the enterprise didn't matter to those users one bit.

All that said, Apple has actually made quite a few improvements to iOS (the OS that iPhones and iPads run) over the years. As we gear up for Apple's WWDC in June (with fingers' crossed that we'll get even more enterprise management features in iOS 7), I thought it would be good to take a look at just how far Apple has come over the years when it comes to improving the enterprise management aspects of iOS.

(By the way I've compiled a similar list for Android which I'll post tomorrow, as Google IO is coming up soon too and we also hope that they announce more management features for Android.)

Anyway, let's look at iOS through the years, from the perspective of enterprise management. You'll see that Apple is actually quite serious about it!

2007: The original iPhone

The Apple iPhone was first announced in January 2007 and released that June. When it debuted it was solidly a consumer device, more closely related to an MP3 player than to any kind of enterprise device. There was absolutely no way to manage it, and it didn't even support Exchange ActiveSync (EAS), so it was completely ignored by IT. The original iPhone did support POP and IMAP email, so technically it could be used with Exchange if you chose to turn those on. (And hey, there was always Outlook Web Access!) But generally since there was no way to enforce any management policies, it was only high-power executives that got corporate email on their iPhones. When Apple said the iPhone supported Exchange, it was a bit of a stretch.

There were also other reasons the original iPhone wasn’t a considered a “corporate” phone. For one, it had to be activated and synced with iTunes, and how many IT departments would have allowed iTunes on users’ computers at the time? Also businesses didn't like it because it was expensive and only available from a few carriers in each country.

Still, the browser—and the fact that it was actually usable—did make the iPhone valuable for some corporate users. And while there were no 3rd-party apps at that time, it did have a built-in VPN client. While most of the conventional knowledge in 2007 was saying that the iPhone was not appropropriate for corporate use, there were some people saying it was a great phone and a great work tool, and that companies would be better served by trying to figure out how to support it.

2008: Configuration profiles, Exchange support, and the first (basic) over the air management

Apple announced and released the beta of the second version of iOS (which was then known as “iPhone OS”) in March 2008, announced the second generation hardware (iPhone 3G) in June, and released them both in July. This was a huge deal, because iPhone OS 2 supported Microsoft Exchange ActiveSync for corporate email and new configuration profiles to manage device settings. Also this was the release that allowed 3rd apps to be developed using the newly-released iPhone SDK.

For corporate users, Exchange ActiveSync (EAS) support meant that email, calendars, contacts, and global address lookup could be accessed from the iPhone, though there wasn’t yet support for other features like tasks, creating meetings, out of office notifications, or follow-up flags.

More importantly, EAS brought a degree of over the air (OTA) management to iPhones for the first time. IT could now do basic things like remote wipe and enforce password policy, although there wasn’t yet support for device encryption. The lack of encryption was a problem for many environments, but despite this there were still some sweeping declarations of “Hurray! Now the iPhone is a corporate phone!” Of course the next time a new set of advancements came around there were even more sweeping declarations of its corporate acceptability. (“Okay guys, this time we really mean it’s a corporate phone!”) Naturally thanks to the consumerization of IT, employee demand brought these devices into the workplace anyway, regardless of whether or not analysts considered them to be “corporate ready.”

The configuration profiles introduced in iPhone OS 2 later become the basis for many future iOS MDM advancements. (Configuration profiles are XML files that specify settings for a range of security and administrative features on the device.) In 2008 Apple also introduced the iPhone Configuration Utility, a tool for creating these configuration profiles. Profiles could be installed via email attachments, downloading them from a server, or installed directly to a device using a USB cable. 

Initially, configuration profiles didn’t provide any way to manage a device over the air, but EAS could take care of that. To some degree, profiles were more a matter of convenience because they didn’t do much that you couldn’t already do in the UI.

The first profiles contained settings for passcode policy, WiFi, VPN, POP and IMAP mail accounts, Exchange accounts, and carrier access point name settings (these determine how the device connects to the telecom data network, something that’s usually not a concern for most MDM situations). Profiles could also be used to install certificates on devices, and the profiles themselves could be signed. All of the settings and credentials installed by a profile get removed from the device if the profile was removed.

Overall, while there were huge enterprise improvements in iPhone OS 2, there were still stumbling blocks. One issue was that the devices had to be activated with iTunes, and users could update devices on their own, making it harder for IT to authorize new OS updates like they were used to doing. Users could also backup and restore devices on their own, which was another security risk. The lack of encryption also meant that the iPhone was still a "no-go" for many regulated industries. 

2009: Encryption

The iPhone OS 3 beta and SDK were released in March 2009, while the third generation of the hardware, the iPhone 3GS, was announced in early June 2009 and released later that month.

There were a few new important management features, including the ability to encrypt an iPhone, more ways to restrict its behavior, and the ability to prevent configuration profiles from being removed. General new features for the iPhone included cut/copy/paste, the MobileMe service (which allowed end users to locate and wipe lost iPhones), and the Apple Push Notification Service.

The new device restrictions featured in configuration profiles included policies for blocking explicit content, Mobile Safari, the YouTube app, the iTunes store, downloading apps from the Apple App Store, and the camera. Other features included the ability to ensure that backups were encrypted and the ability to add web clips (shortcuts), LDAP lookup, and calendar subscriptions.

Over the air management was still limited to Exchange ActiveSync, but at least with now with encryption a whole new class of use cases could be supported. Users, on the other hand, continued to run amok.

2010: Over the air configuration profiles

In April 2010, Apple announced the beta for iOS 4 (renamed from iPhone OS after the iPad was introduced), and the iPhone 4 was announced and released in June. iOS 4 included a few more options for device restrictions, but by far the most important new feature was the ability to manage devices and profiles wirelessly over the air.

Remember that before iOS 4, the only way to manage devices wirelessly over the air was through the fairly limited capabilities provided by Exchange ActiveSync. iOS 4 brought a whole new range of over the air management capabilities: First, it gave IT the ability to manage configuration profiles—and all of their associated settings—over the air. Second, it gave an alternative way to manage the device itself that was much richer that EAS.

Companies could also use these new over the air capabilities to distribute in-house apps via provisioning profiles, (which are similar to configuration profiles). It was no longer necessary to use iTunes or the iPhone Configuration Utility to install enterprise-signed apps.

The available device restrictions were upgraded, and included the ability to prevent screen capture, automatic mail syncing while roaming, voice dialing while locked, and in-app purchases.

It’s widely acknowledged that the changes that came with iOS 4 were a revolution in mobile device management and really launched the MDM industry for iPhone.

2011: No more need for iTunes

The beta for iOS 5 was announced in June 2011, and it introduced iCloud, Siri, and the ability to do over the air activations and OS updates. This meant no more need for users or admins to have iTunes, a huge plus for enterprises!

July 2011 brought the Volume Purchasing Program for Business and the Custom B2B program, a way for developers to use the Apple App Store to distribute apps to select audiences. The iPhone 4S was announced and released in October 2011.

2012: Apple Configurator

The biggest iOS management news of 2012 was the debut of the Apple Configurator, which could backup iOS device images, create golden images for mass deployments, and “supervise” devices. (Supervising devices with the Apple Configurator means checking users’ images in and out on different devices, returning devices to a base-line state, installing apps, etc.)

This was followed up by the iOS 6 beta in June. In iOS 6, devices supervised using the Apple Configurator could be locked down to a single app, use a global HTTP proxy, and have a few more feature restrictions. iOS 6 also revamped privacy settings so that users have per-app control over access to photos, calendars, contacts, and reminders. The iPhone 5 itself was announced and released in September 2012.

2013: What will iOS 7 bring?

I’m not going to try to predict what Apple will do in iOS 7, but stay tuned for some articles on how changes to iOS management features could potentially impact the enterprise mobility management industry. The good news is that Apple has been making steady progress with enterprise management capabilities for iOS over the past six years, so I'm sure we'll see even more great stuff in iOS 7!

 

 
 




Our Books


Comments

jlscott wrote re: Who says Apple isn't enterprise focused? Check out the history of enterprise management improvements in iOS from 2007-2013.
on Wed, May 15 2013 8:16 AM Link To This Comment

Apple have definitely made great strides in improving the enterprise manageability of their devices but it definitely needs to go further. Key improvements I would like to see are better application deployment methods and full control over all aspects of the system (e.g. why can I lock down a lot of apps but not Notepad?).

App deployment is not fit for enterprise because of the need to enter iTunes credentials on install. Apple could overcome this by allowing organisations to register one corporate ID and have it silently used (via MDM) for all corporate devices.

I would also like the ability to centrally manage and control individual app settings (not just restrictions via app wrapping).

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.