As usual, there have been a few hiccups with the most recent iOS rollout.
Citrix XenMobile users discovered an issue where iOS 7 devices that are locked with a password will essentially report themselves as being out of compliance with password policies. For right now, the only options are to either disable or make exceptions for those policies, or hope that iOS 7 users are okay with having their devices being blocked until the bug is fixed. Yikes!
This isn’t the first time we’ve seen issues with an iOS release; remember there were problems with iOS 6.1 and Exchange back in February.
The obvious question that comes up is “can’t we just use MDM to prevent users from updating to iOS 7 until this issue gets fixed?”
Unfortunately the answer is no. Even with all the device restrictions available through the iOS MDM protocol, preventing the user from updating the device just isn’t possible. For most versions of Android, there’s even less control over the device.
Sure, you could make a policy that blocks devices with iOS 7 from accessing enterprise resources until you know that it’s bug free, and then at that time you could force everybody to move to it by blocking devices with older versions of iOS. Or if you want more control over the client, you could go the mobile app management-only route. If you’re using enterprise signed apps you can have full control over when updates are pushed out, but if you’re using apps that are distributed through public app stores, there can still be issues with buggy updates.
But neither of these options are ideal. And on the other side of the issue, we’re penned in by the effects of consumerization and FUIT. With the rapid adoption of iOS 7, any administrator that blocks iOS 7 users from accessing corporate resources with face a barrage of angry complaints.
So, like it or not, the current state of enterprise mobility management technology means that we just can’t cover every single contingency. Do we just deal with it? Or do we hope for some sort of change in EMM technology?
In this case, the XenMobile/iOS 7 password compliance issue could be a pretty big deal for some environments. If you’ve decided to let your users use the mail client that’s built into iOS, then what else can you do for right now?
Rock, meet hard place.