iOS13 MDM Changes

Brown’s Bytes – iOS13 MDM Changes: The BYOD Solution Apple Fans Have Been Waiting For?

Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes

26th July 2019

As mentioned previously, iOS13 isn’t too far away now, and for enterprise admins the summer break is probably a good time to start getting to grips with the changes coming to the device management (MDM) stack.

It’s quite a significant change – you need to get ready!

As always with any story about Apple, I have to start by saying that all this could change, but from what has been announced so far, and from what is being seen in the betas for iOS13, it does look like this is a significant change coming…

As is usual, we expect the next major iOS release to hit in September.

We’ve already covered some of the more high-level enterprise-focused changes in a previous byte, so I’d suggest taking a look at this in tandem with that byte. As a reminder, the big news being that you need to check older devices to see if they will be getting this release.

Now to the MDM changes

From meetings with customers, it’s become apparent that the announced MDM changes have flown somewhat under the radar. There is quite a bit of change coming.

So, as a starter for your holiday revision guide, here is one thing you need to look out for and start planning for when you get back from the summer break (September will be coming around quick!).

User Enrolment

This is a biggie. Up to now, there has been a long-standing question on iOS when it came to how you split corporate and personal data on the device. This became apparent when dealing with BYOD devices.

As a result of this, a considerable amount of time and effort has been spent on this issue over the years, and often the solution would be some form of containerisation of the corporate data. Good (now BlackBerry) built their business on solving this precise problem.

Over in the Android world, this problem has been solved at the OS level for some time. Android Enterprise has been designed very much with the idea of dual persona on the device to allow segregation by effectively splitting the device in half and offering a corporate side and a personal side.

Crucially, this meant that the corporate could keep control of its data on the device, but also it meant that the corporate didn’t see anything else from the personal side.

Up to now, on iOS, the MDM capability has been a much blunter instrument. If enrolled in MDM, then full control over the device was given, even if the corporate decided not to use it. It created confusion and distrust of MDM for BYOD. The legacy of this is still common in the market – we often see a split of MDM for corp and container (MAM) for BYOD.

I recall meeting Apple many years ago and could sense that MAM was something that they didn’t like at all. It was effectively saying that their product wasn’t secure enough!

And so, finally, it seems they’ve got around to sorting this out. This is User Enrolment…

It is a combination of a lighter touch MDM, combined with changes in the OS that will mean corporate apps and data can be deployed on to the device, but crucially it will be segregated at the OS level in its own partition.

In addition, it will mean that there is a lot more that corporate admin can’t do to the BYOD device. E.g:

  • Wipe it
  • See what else is on it
  • Change the passcode

THIS IS COOL!

And remember this is just one of the changes… There is a lot more that is changing, but I’d strongly recommend taking a look at this and start getting ready.

Remember also that to light up these new features you will need to update your MDM platforms as they adapt to the changes.

Get in touch if you’d like to know more about this or need help with preparations for iOS13.