The official blog of the Microsoft System Center Configuration Manager Product Group
This post is a part of the nine-part “What’s New in Windows Server & System Center 2012 R2” series that is featured on Brad Anderson’s In the Cloud blog. Today’s blog post covers empowering your users using iOS devices for work with System Center 2012 and how it applies to Brad’s larger topic of “People-centric IT.” To read that post and see the other technologies discussed, read today’s post: “People-centric IT in Action: End-to-end Scenarios Across Products.”
Using iOS devices for daily tasks is a common and fundamental expectation of many modern workers. Nearly all industry segments get requests from people bringing these devices in from home, and many companies are supplying them for their workers. As Brad and Paul discussed last week, our People-centric IT (PCIT) investment in System Center 2012 R2 Configuration Manager for iOS devices resolves the conflict between empowering the person as well as protecting corporate data.
Supporting iOS devices in the workplace breaks down into these areas:
It is no surprise that iOS devices cannot domain-join a network like a Windows PC can. Domain join is strongly associated with features like Group Policy and Windows login scripts, which are not applicable for non-Windows devices. This limitation creates a trust issue for IT departments tasked with protecting network resources. When an iOS device is on the corporate Wi-Fi network, the lack of domain affiliation means that the user is denied access to resources, or must continually provide credentials as resources are accessed. That is why we built a convenient system for the iOS device to join the corporate network and access resources. At the most basic level, Workplace Join provides an iOS device with certificates delivered only after the IT department can confirm that the device is affiliated to a known-trusted user. These certificates help the iOS device authenticate within a Windows 8.1 network. System Center will support the configuration and management of the Workplace Join components.
While Workplace Join is a great start for enabling network access, all devices accessing sensitive corporate data must be securable to the corporate compliance standard. In order to apply policies, perform software inventories, or supply apps, an iOS device must enroll in device management. Enrollment happens when the device owner consents to allowing some IT-side administrative control of the device. The user-initiated process is easy to discover and burden-free on the IT department. After enrollment completes, the management system utilizes Apple Push Notification Services to maintain regular communication with the device on any network connection used by that device. This system assures that all device needs are met – both empowerment of the user as well as protecting company data and resources.
The user initiating enrollment
Offering the management profile
The enrollment profile installed
We invested heavily in supporting all of the most typical user requirements when working from their iOS device. For example, the following capabilities are possible for an enrolled iOS device in an enterprise when using System Center 2012 R2 Configuration Manager:
Need to push a Wi-Fi configuration for wireless access? No problem. How about VPN profiles or authentication certificates? You can push those configurations too. We support a rich array of network settings configurable for mobile devices. Because mobile devices are... well...mobile, all of the capabilities described within this blog function from any network connection, anywhere.
The Company Portal app for iOS provides your users with a convenient interface for gaining access to resources necessary for work. Whether it is a deep-link to the Apple AppStore, an Internet / intranet resource web-clip on the home screen of the device, or even an internal line-of-business app, the Company Portal on iOS devices will enable your users to discover, request, and install the tools they need.
Do your users rely on more than one device in the workplace? What happens when those devices become damaged, lost, or replaced? For most IT departments it means an IT support ticket to de-provision, wipe data, or perform remote-lock. With the Company Portal app the end-user is now empowered to handle those actions for themselves. So the next time someone from the Sales team leaves a laptop in a taxicab, they can quickly hop on their iPhone and kick off a WIPE action to protect the corporate data. At Microsoft, we view PCIT as both a mechanism for user empowerment as well as an approach to reducing the burden placed on IT professionals when it comes to handling common tasks the user could handle – when empowered with the right tools!
Discovering and accessing a company resource
Most mobile devices support an implementation of mobile device management. We worked hard to build an IT-Pro experience that enables common settings and controls to flow consistently across all platforms. Set a PIN requirement once, and confidently know it will reach all devices; no matter which platform it applies. Some settings supported by Apple will only be applicable to iOS. For example, restricting access to Safari or AppStore content rating policies. With System Center 2012 R2 Configuration Manager, the most common settings and restrictions are supported. For more details, be sure to check out the “Compliance Settings and Company resource access” blog from last week.
How many iOS devices are in use within your organization? What iOS version are they running? What corporate apps have they installed? Are any devices in your org jailbroken? All decision data points necessary for compliance and inventory control are present and routinely refreshed.
For corporate-owned devices, your IT department will appreciate the level of protection and compliance possible for iOS devices. Whether the need arises to quickly issue a factory-reset command or push apps / updates to apps, System Center puts you in control. Even for the employee-owned device, the IT department remotely controls the ability to remove devices from the network, and along with it all of the apps and company resources provided; all while leaving family photos and personal apps intact. To learn more about the details of this experience, be sure to check out the “Protecting Corporate Data” blog published earlier this month.
System Center 2012 R2 Configuration Manager, Windows Intune, and Windows Server deliver People-centric IT across all platforms. We strike a balance between providing the freedom and convenience for users to be productive as they see fit, but on your compliance and protection terms. Embracing and supporting iOS devices is a core pillar of that commitment.
Be sure to download System Center 2012 R2 Preview Configuration Manager and Windows Server 2012 R2 Preview today!
To see all of the posts in this series, check out the What’s New in Windows Server & System Center 2012 R2 archive.
This posting is provided "AS IS" with no warranties and confers no rights.