If you know what the word “containerization” means, you probably work in IT (or you’re tech-savvy and adventurous enough to run afoul of your IT department on a regular basis). Containerization is the method of securing a device for corporate use by putting a part of it behind some type of authentication — without managing the actual device.
It’s a common practice in the corporate world, especially for bring your own device (or BYOD) environments, because containerization is often viewed as more lightweight than mobile device management, aka MDM. Users also may assume that MDM is overly intrusive and that containerization is a good compromise.
However, many of these issues are already solved for iOS. By leveraging Apple’s built-in privacy protections, AirWatch allows IT departments to preserve the native device experience while protecting corporate data.
iOS ships with a few dozen default system apps, all of which take up valuable room on your homescreen since Apple won’t let users delete them. Until now, the best you could do is squirrel them away into a folder, or jailbreak.
But with iOS 9.3 Beta 1, it looks like Apple is finally making it possible to hide unwanted system apps. Here’s how.
Virtually everyone who’s ever used an Apple product has an Apple ID. This user account for all things Apple is most commonly used with the iTunes Store and the iOS and Mac App Stores. It’s used to both authorize purchases and to allow you to access content or run apps after they’re downloaded. Apple’s philosophy is that every person should have their own Apple ID and that each of us should use our individual Apple ID (and only that Apple ID) on each of our devices – iPads, iPhones, iPods, Macs, even PC’s running iTunes or other Apple software.
That’s a great concept, but it creates a big challenge when iOS devices are used in business or school environments. When someone configures an iOS device for an employee or student with a selection of apps and other content (like iBooks 2 textbooks), they need to use an Apple ID. But once that device is deployed, the end user may need or want to purchase additional apps or other materials.
This is often a stumbling block for business-owned devices. And it’s something that Apple has finally begun to address with Apple Configurator.
One of the first things most IT folks will think about Apple Configurator is that it’s pretty limited compared to some of the mobile device management suites on the market (including Apple’s Profile Manager in Lion Server). MDM suites are designed to make device management as easy, automatic, and wireless as possible. Most include robust monitoring and reporting features – virtually all can use Apple’s push notification system to update a managed device at any time.
Configurator, on the other hand, requires connecting each iOS device to a Mac using a USB cable to perform any administrative tasks like configuring device settings, assigning a device to a user, installing apps, or updating iOS. That means that Configurator isn’t appropriate for a lot of businesses or workplace situations. Yet, for some organizations, Configurator is a more ideal tool than most MDM suites because of its hands-on approach.
So, what kinds of environments is Apple Configurator suited to?
One short sentence in the help documents for the new Apple Configurator tool shows that the company is aware that many workers are bringing their personal devices into the office. More noteworthy is the fact that it shows that Apple is thinking about some of the potential privacy issues that can arise in situations like BYOD programs where a personal iPhone or iPad is managed by a company’s IT department.
The sentence in question is in the section on supervised or managed devices. It reads as follows:
Important: When a device is initially supervised during the Prepare process, it’s wiped of all content and settings. This prevents a person’s personal device from being supervised without their knowledge.