How to apply policies to ensure maximum security on corporate iOS devices? 


For organizations providing iOS devices to its employees as a part of their workforce, ensuring maximum security becomes imperative. MDM provides you with a list of restrictions and/or policies to ensure the managed devices are secured to the maximum, which ultimately also improves productivity to an extent.


  • On your MDM server, click on Device Mgmt from the top menu and select Profiles from the left menu.
  • Select iOS from the dropdown, provide a name to identify the profile and click on Continue.
  • Click on Restrictions, from the list of available policies.

            Security by restricting/managing device features and functionalities

  • There is a dedicated Security and Advance Security module containing restrictions which can disable device features/settings. Under Security module you have the option to
    • restrict sharing of data from managed apps to unamanged apps(and vice-versa)
    • restrict device wipe
    • disable users from configuring restrictions on the device
    • restrict using Touch ID to unlock devices and addition/modification of fingerprint.
  • Under Device Functionality, disable the option of modifying device name. You can also choose to enable automating OS updates using MDM, which ensures the OS on the devices get updates based on your requirements and users are not allowed to manually update the device OS.
  • Under Advance Security, you can choose to restrict USB pairing as well.
  • Under Privacy module, ensure you restrict the option of modifying Find My Friends settings.

            Security by account management 

  • Under Advance Security, you can choose to prevent any further addition/modification of accounts on the devices etc., However, you can still add these accounts via MDM. For adding an E-mail account, you can utilize the E-mail policy. Instead of adding Apple account to install apps, you can choose to silently install them without adding/requiring an Apple account. In addition to this, there are restrictions in other modules, which can fortify device security and are listed below. 
  • Security by app management

  • Under Applications module, ensure you restrict user uninstalling apps or installing apps not distributed via MDM.

            Security by network management

  • Under Network and Roaming module, ensure you enable the option of devices connecting to only those Wi-Fi connections distributed by MDM and prevent users from modifying cellular data usage for apps.
  • Once done, save and publish the profile. You can then distribute it to devices and/or groups.

You can know more about configuring the other restrictions here. Further, you can ensure only managed devices can access Exchange, using Conditional Exchange Access. Once this is done, the devices to which the policies have been associated will have maximum possible security. In addition to this, you can also audit them using the Asset Management module, further manage the apps using the App Management module and securely distribute documents to the managed devices using the Content Management module.