Establishing strong policies for access is critical to protecting corporate information. iOS provides a comprehensive approach to both configuration and enforcement.
Configuration profiles are XML files containing settings that permit the device to work with your enterprise systems including account information, passcode policies, restrictions, and other device settings.
MDM enables IT to wirelessly enforce a comprehensive set of policies on an iOS device, while Exchange ActiveSync provides a subset of those that are commonly used.
In addition to enabling access to email, calendars, contacts, and tasks, Exchange ActiveSync gives an enterprise the ability to push passcode and IT policies over-the-air and remotely wipe a lost or stolen device.
Enterprise Single Sign On
Enterprise Single Sign On (SSO) means user credentials can be entered once and used across apps, including apps from the App Store. Each new app configured with SSO verifies user permissions for enterprise resources, and logs users in without requiring them to reenter passwords.
In the event an iOS device is lost or stolen, a command can be sent wirelessly by an MDM server, via Exchange ActiveSync or iCloud to permanently delete all data and restore it to factory settings.
iOS supports passcode expiration and reuse policies to ensure users are refreshing their device passcode on a regular basis.
OTA Passcode Enforcement
Passcodes can be pushed down and enforced over-the-air. Using MDM or Exchange ActiveSync, IT can prompt the user to create a strong passcode before gaining access to services.
If a passcode is entered incorrectly too many times on an iOS device, it can be set to automatically wipe all data and return to factory defaults.
iOS suports digital certificates to enable secure, streamlined access to corporate services like Exchange ActiveSync, VPN, and Wi-Fi.
Using MDM, IT departments can enroll iOS devices in an enterprise environment, wirelessly configure and update settings, monitor compliance with corporate policies, and even remotely wipe or lock managed devices.
In addition to enabling access to corporate services like email and VPN, configuration profiles can be used to restrict features like the camera or the ability to take screenshots, if required for use in certain environments.
Progressive Device Protection
If a user repeatedly enters the wrong passcode, iOS will be disabled for increasingly longer intervals. After too many unsuccessful attempts, all data and settings on the device will be erased.
If a user loses their iOS device, the Find My iPhone Activation Lock feature requires their Apple ID and password before turning off Find My iPhone, erasing data, or re-activating a device after it’s been remotely erased.
Powerful technologies in the iOS 7 SDK and MDM frameworks enable robust app security,
a consistent set of tools for in-house and third-party iOS developers, and an integrated experience
for users. With comprehensive security built-in to iOS, there‘s no need to use third-party SDKs
or app wrappers to secure apps distributed within your enterprise.
- app sandboxing
- code signing
- app entitlements
- keychain services
- enterprise single sign on
- default data protection
- keychain data protection