How to apply policies to ensure maximum security on corporate iOS devices?
For organizations providing iOS devices to its employees as a part of their workforce, ensuring maximum security becomes imperative. MDM provides you with a list of restrictions and/or policies to ensure the managed devices are secured to the maximum, which ultimately also improves productivity to an extent.
- On your MDM server, click on Device Mgmt from the top menu and select Profiles from the left menu.
- Select iOS from the dropdown, provide a name to identify the profile and click on Continue.
- Click on Restrictions, from the list of available policies.
Security by restricting/managing device features and functionalities
- There is a dedicated Security and Advance Security module containing restrictions which can disable device features/settings. Under Security module you have the option to
- restrict sharing of data from managed apps to unamanged apps(and vice-versa)
- restrict device wipe
- disable users from configuring restrictions on the device
- restrict using Touch ID to unlock devices and addition/modification of fingerprint.
- Under Device Functionality, disable the option of modifying device name. You can also choose to enable automating OS updates using MDM, which ensures the OS on the devices get updates based on your requirements and users are not allowed to manually update the device OS.
- Under Advance Security, you can choose to restrict USB pairing as well.
- Under Privacy module, ensure you restrict the option of modifying Find My Friends settings.
Security by account management
Security by network management
- Under Network and Roaming module, ensure you enable the option of devices connecting to only those Wi-Fi connections distributed by MDM and prevent users from modifying cellular data usage for apps.
- Once done, save and publish the profile. You can then distribute it to devices and/or groups.
You can know more about configuring the other restrictions here. Further, you can ensure only managed devices can access Exchange, using Conditional Exchange Access. Once this is done, the devices to which the policies have been associated will have maximum possible security. In addition to this, you can also audit them using the Asset Management module, further manage the apps using the App Management module and securely distribute documents to the managed devices using the Content Management module.