MDM and Mobile platforms of choice

Posted on 3/2/2015 @ 8:59 AM in #Apple by | Feedback | 1536 views

There are 3 main platforms (ignoring blackberry – the ultimate old corporate mobile platform) today, iOS, Windows Phone, and Android.
If security and device management is important to you, you should consider Android with a large grain of salt. There are so many devices out there, so many ways to root or circumvent security.
But, given Android’s open nature, if your budget allows, it is technically possible to lock down to a very small set of devices on a custom image of android and have a super custom super secure android implementation – lets face it, unless you are managing nuclear missiles, you are not going to be able to justify spending money towards that.

So, the choice boils down to iOS and Windows for most of us if device management is important to you. It is important to also note that the specific device management capabilities are changing rapidly, so the below is accurate for iOS 8.1 or Windows Phone 9.
From what I understand, Windows Phone 10 is still going to be behind in specific management capabilities. Doesn’t mean it’s a bad choice for a platform – maybe the capabilities it offers are what you need.

So here is what iOS allows you to manage.

Administrators can restrict,

  • app installs
  • use of camera
  • FaceTime
  • Allow screenshots
  • voice dialing
  • Allow automatic sync while roaming
  • in-app purchases
  • syncing of recent Mail
  • Force user to enter store password for all purchases
  • multiplayer gaming
  • adding Game Center friends
  • Siri
  • Siri while device is locked
  • use of YouTube
  • Passbook notifications while device is locked
  • use of iTunes Store
  • explicit media
  • erotica from iBooks Store
  • documents from managed sources in unmanaged destinations
  • documents from unmanaged sources in managed destinations
  • iCloud Keychain
  • updating certificate trust database over the air
  • showing notifications on Lock screen
  • Force AirPlay connections to use pairing passwords
  • Spotlight to show user-generated content from the Internet
  • Enable Spotlight Suggestions in Safari
  • Enable Spotlight Suggestions in Spotlight
  • Handoff
  • enterprise books to be backed up
  • notes and bookmarks in enterprise books to sync across the user’s devices
  • Restrict movie ratings
  • Control the “open in..” dialogbox

Administrators can supervise,

  • Password complexity
  • iMessage
  • Game Center
  • iBooks Store
  • Allow removal of apps
  • Enable Siri profanity filter
  • Allow manual install of configuration profiles
  • Global network proxy for HTTP
  • Allow pairing to computers for content sync
  • Restrict AirPlay connections with whitelist and optional connection passcodes
  • Restrict AirDrop
  • Restrict Airprint
  • Allow Podcasts
  • Allow Find My Friends modification
  • Allow autonomous Single App Mode for certain managed apps
  • Allow account modification
  • Allow cellular data modification
  • Allow host pairing (iTunes)
  • Allow Activation Lock
  • Prevent Erase All Content and Settings
  • Prevent enabling restrictions
  • Third-party content filter
  • Single App mode
  • Always-on VPN/Per App VPN

Additional capabilities include -

  • Remote Wipe
  • Find my iPhone and Activation Lock by admins
  • Complete control over location services including contacts, calendars, reminders, photos, motion activity, social media (twitter and facebook), microphone, camera, homekit, healthkit, and bluetooth sharing.
  • Remote push apps for managed devices, or remote wipe apps and data.
  • Offer SSO and shared secure data storage between your apps.
  • Email and calendar profile push

And here is what windows phone mdm offers as of today,

  • Email profile push and profile management
  • VPN profiles and Per App VPN
  • Block certain apps from being installed
  • Allow/disallow wifi configurations
  • Kiosk (single app) mode.
  • Manage the browser and windows store
  • Enforce local storage encryption
  • Set roaming rules
  • Disable the SD card
  • Disable location data
  • Restrict Bluetooth
  • Disable camera and screen capture

… So which platform is more enterprise ready? You be the judge!

Sound off but keep it civil:

Older comments..