Ask IT managers and CIOs serving large organizations “What keeps you up at night?” After they get over their cold sweats from considering public security breaches or datacenter meltdowns, they’ll probably come around to the rapid, relentless pace of change in the technology ecosystems they’re running.
Nowhere is that speedy spin cycle more frenetic than in mobile and portable computing, where the “consumerization of IT” driven by bring-your-own-device policies and the radical popularity of iOS and Android has completely overturned the pecking order (as recently as five years ago, Blackberry above all).
Apple’s story for iOS in the enterprise has been one of incredibly fast uptake, especially considering the usual cycle for upgrades and new platform rollouts. In many ways, that rapid adoption was in spite of Apple’s traditional arm’s-length relationship with enterprise customers, compared to the tight ties with vendors like Dell and IBM. Over the iOS lifecycle, however, more and more sophisticated features for management and security have helped to make the challenge of enterprise support easier and easier.
Aside from Exchange ActiveSync support, introduced in “iPhone OS 2.0” back in 2008, the single biggest piece of the enterprise puzzle is probably mobile device management (MDM). The inclusion of MDM “hooks” in iOS means that enterprise managers can control device configurations (networking, mail, VPN and more) and keep track of their deployed fleet. Apple offers its own core MDM tool as part of OS X Server, but most organizations of scale find themselves turning to third parties for their MDM solutions.
There are several pieces of good news in iOS 7 regarding MDM. First of all, many of the major ISVs have announced day-one support for the new operating system: AirWatch, MobileIron, Maas360 and JAMF’s Casper are all compatible right away (you can see the full matrix of supported MDM tools at Enterprise iOS). Second, Apple has added many, many more hooks into the MDM toolkit on iOS 7.
Want to manage AirPrint printer destinations, or even AirPlay-enabled Apple TVs? Can do, in iOS 7 MDM. Install apps silently, push app configuration settings, or even preset a fleet of purchased devices to auto-enroll in your MDM when employees take them out of the box? It’s in there.
What else do enterprise managers of iOS device fleets have to look forward to in iOS 7? Apple’s brief rundown of iOS 7’s business-facing features hits many of the highlights; let’s dive into a few of them here.
- App Store license management. Ever since the App Store launched in the summer of 2008, the process of buying and assigning iOS apps to corporate users has been fraught with difficulty. Until the Volume Purchasing Program launched three years later (!), the best/only way to manage this process was via gifting, or having employees expense personal purchases. Those apps, and their sunk costs, would also walk out the door if the employee left the company. No more — now the VPP can deliver licenses rather than download codes, and the apps are company-owned. If an employee leaves, the license and the app can be deactivated and redeployed. (Mac apps and iBooks are also now available for volume purchase.)
- Enterprise SSO. Single sign-on implementations are common in enterprise, but were tricky to deal with on mobile. Now iOS 7 allows apps to work with the system-level SSO capability, meaning that business users (with the proper back-end and app support) can enter their corporate credentials once and use multiple apps without reauthentication.
- Multiple levels of in-app data encryption for third party apps. Application data can now be automatically encrypted until the first time a user passcode is successfully entered after a device reboot; optionally, developers can flag apps to re-encrypt the data when the phone locks.
- Managed Open In. Want your employees to open their email attachments in a specific, managed application rather than willy-nilly in whatever iSharedThis app of the month they choose? The option now exists to limit the range of the share sheets for corporate data. I can see this being a valuable tool in highly secure and regulated enviroments, and a huge annoyance/productivity killer most everywhere else.
- Per App VPN. Virtual Private Networking is an essential piece of the enterprise ecosystem, but until now it was either all on or all off on iOS — when on, all network traffic funneled through the corporate concentrator. Now, MDM admins can define which apps should use the VPN connection, and which ones can simply go straight to the Internet.
One of the business-friendly features that was rumored for iOS 7, LinkedIn system-level integration, actually is not present in the 7.0 release — it may make an appearance at a later date.
Below, a rather remarkable alt-universe version of Apple’s iOS 7/iPhone 5s announcement (courtesy of enterprise iOS and Moovweb) imagines what could have been if all the enterprise features had been front and center. You can read more about the enterprise features of iOS 7 in Craig Johnston’s thorough rundown for iMore.