What iOS 10 Means for the Enterprisev 1.1

MKT-11074 EN | © 2016 MobileIron, Inc.

2 What iOS 10 Means for the Enterprise

Executive Summary

iOS 10: The Evolution of a Complete Enterprise Platform

Apple Improves the Customer Experience from the Operating System to the Ecosystem

Apple Reinforces Strong Customer Focus with New iOS Features

iOS 10 Considerations for Developers

Enterprise Recommendations for iOS 10 and Beyond

Conclusion

Table of Contents

3

4

5

7

12

13

14

3 What iOS 10 Means for the Enterprise

Executive SummaryThe release of iOS 10 showcases Apple’s ongoing commitment to improving every aspect of the device and app experience for enterprise customers. But iOS 10 is not just about new features. Along with the latest upgrade, Apple has continued to expand its partner ecosystem so customers can access a broader pool of industry-leading apps and quickly deploy them on any iOS device. All the complex development and integration work has been done up front, so customers can simply choose the apps they want and get users up and running quickly. Apple’s recent integration with Cisco is a great example of how Apple’s partnerships help enterprises change the way they do business by making mobile management faster, smarter, and easier for developers, IT admins, and end users.

In addition, all the supervised controls in iOS 9.3 and iOS 10 will make it much easier to deploy and securely manage large fleets of devices in any organization of any size, from global enterprises to individual classrooms. And, by allowing OS updates to be installed on macOS through MDM, Apple has taken a significant step toward the convergence of desktop and mobile management in the enterprise.

To better understand what iOS 10 means for the enterprise, this white paper provides a technical overview of the latest release as well as a summary of iOS 9.3. It also provides recommendations for developers and IT admins so they can determine how to best leverage these new capabilities in their organizations.

4 What iOS 10 Means for the Enterprise

iOS 10: The Evolution of a Complete Enterprise Platform With the release of iOS 10 (and iOS 9.3 just before it), Apple is furthering its commitment to customers, whether they are enterprise users, educators, students, or consumers. In its ongoing effort to transform mobile computing, Apple has begun adding robust enterprise and education features in point releases — which means customers don’t have to wait for the next major upgrade to access exciting new capabilities.

In addition to this strong customer focus, the most recent release shows that iOS has rapidly evolved into a full-featured, mature computing platform for the enterprise. As a result, Apple is shifting its efforts toward strengthening its broad partner ecosystem to help customers seamlessly deploy leading apps and services across their entire iOS fleet. Together with its partners, Apple is doing all the complex development and integration work up front so customers can simply focus on being more productive on their devices.

Together with its partners, Apple is doing all the complex development

and integration work up front so customers can simply focus on being

more productive on their devices.

5 What iOS 10 Means for the Enterprise

iOS is the most dominant OS in the enterprise and has evolved into a highly mature computing platform over the past few years. As a result, Apple has focused less on introducing new enterprise features in iOS 10 and more on strengthening its partner ecosystem to improve every aspect of the enterprise experience — from purchase and deployment to ongoing security and management. Today, customers everywhere need easier ways to find and administer best-of-breed apps that support their business processes — whether it’s something simple like conference room scheduling or more complex such as inventory management. To help customers avoid exhaustive App Store searches and integration hassles, Apple is aligning with market-

leading partners to deliver a broad range of fully vetted and integrated apps so customers can focus more on meeting business needs and less on backend management.

For example, Apple recently announced tighter integration with Cisco to help improve enterprise services within the iOS platform. Specifically, Apple has integrated with Cisco QoS to help IT managers prioritize performance for specific enterprise applications to ensure the best possible user experience.1 The ability to fast-track certain business apps is especially important for mission-critical communications apps, such as VoIP in a hospital

Apple is aligning with market-leading partners like Cisco to deliver a broad range of fully vetted and integrated apps so customers can focus

more on meeting business needs and less on backend management.

Apple Improves the Customer Experience from the Operating System to the Ecosystem

1 http://www.cio.com/article/3085627/ios/apple-purposefully-avoids-enterprise-at-wwdc.html

6 What iOS 10 Means for the Enterprise

setting. Apple has also integrated the Cisco Spark app with native iOS calling features so calls placed via the app will look and feel like calls made using Apple’s native phone app.

In addition to Apple’s specific partnerships, programs such as the Mobility Partner Program (MPP) and the AppConfig community are two examples of how Apple is deepening its relationships with third-party vendors to help simplify enterprise app and device management.

Mobility Partner Program (MPP)

To help enterprise customers find the best iOS apps for their businesses, Apple’s new partner program includes fully integrated apps from a multitude of leading vendors, such as MobileIron, Cisco, IBM, Box, Docusign, and more. For enterprise customers this is a huge advantage because now they don’t have to exhaustively search for and approve an app that meets their business requirements. With the MPP, all the

selection and integration work is done for them, so customers can simply choose the app they want and easily deploy it on all of their iOS devices.

AppConfig Community

Until recently, mobile app developers had to build multiple app versions to meet the specific requirements of each EMM vendor. Not only was this costly and time-consuming, it often resulted in apps that were difficult to configure, manage, and update. The AppConfig Community, a collection of EMM vendors and app developers, was created to provide tools and best practices to make it easier to develop, configure, and secure mobile apps for the enterprise. This approach to app configuration and management builds upon the extensive app security and configuration frameworks available in the OS. Apple has already announced its support for the AppConfig Community — more evidence of its ongoing commitment to open standards and working with third-party vendors. For more information about the AppConfig Community, visit appconfig.org.

Apple’s new partner program includes fully integrated apps from a multitude of leading vendors, such as MobileIron, Cisco, IBM, Box,

Docusign, and more. For enterprise customers this is a huge advantage because now they don’t have to exhaustively search for and approve an

app that meets their business requirements.

7 What iOS 10 Means for the Enterprise

When iOS 9.3 was introduced, it was the first time Apple included enterprise-centric content in a point release instead of embedding it the annual OS upgrade. The timing of the point release, and the inclusion of several new features for both business and education, shows that Apple is clearly listening to customers and scheduling OS upgrades to accommodate the needs of the market.

iOS 10 builds on many of the features released in iOS 9.3, which are summarized in the section below. Most of the new features in iOS 9.3 require an iOS device to be in “supervised mode,” which allows additional controls and restrictions to be managed through EMM.2 In many cases, device supervision is ideal for institutionally owned and issued devices that require

Apple Reinforces Strong Customer Focus with New iOS Features

Supervised modeAn iOS device in supervised mode gives IT greater security and control than an MDM profile on the device. Supervised mode is commonly used for corporate-owned devices that need to be restricted to single-app mode. IT can also prohibit access to features such as the iCloud Photo Library and automatic app downloads — restrictions that the user can’t modify. By contrast, a device with just an MDM profile may be owned by either the employee or the company and can be enabled for both personal and business use.

2 For more details about the enterprise features in iOS 9.3, download the MobileIron solution brief at https://www.mobileiron.com/sites/default/files/datasheets/files/iOS-9.3-solution-brief_US_EN_v3.1.pdf

8 What iOS 10 Means for the Enterprise

more security controls and restrictions than employee-owned devices. Some of the new enterprise features in iOS 9.3 include:

Home Screen Layout

Mobile IT administrators can create custom home screens on supervised devices by controlling the apps, icons, and web clips on the home screen. Additionally, folders can be created and used to group apps. Applications can also be placed persistently in the dock via EMM.

Application show/hide restrictions

With the new iOS 9.3 blacklisting feature, IT admins can prevent users from accessing restricted apps on supervised devices. While the user may download a blacklisted app, EMM controls block the app from being used. For example, an organization may block the use of social media apps like Facebook on supervised work devices. Devices can also be locked down so employees can only access company-approved apps on supervised devices.

Notification controls

These new controls help IT improve the user experience by customizing how notifications for different apps are displayed. IT can also turn off notifications for mission-critical apps or restrict notifications to a certain level for selected apps.

MDM-initiated activation lock

EMM solution providers can work with Apple’s Device Enrollment Program (DEP) servers to enforce activation lock on the device and override the activation lock if necessary. This feature is only available on devices enrolled in DEP.

MDM Lost Mode

With the new MDM Lost Mode feature in iOS 9.3, an IT administrator can designate any managed device as “lost.” When Lost Mode is invoked, devices will report their geolocation to EMM even when location services are disabled on the device.

9 What iOS 10 Means for the Enterprise

In a corporate environment, MDM controls will allow IT to specify the default app for audio calls for enterprise-managed contacts and accounts. CallKit should also make it much easier for employees and organizations to track and manage billing for work and personal calls on BYOD devices.3

Universal Clipboard

iOS 10 extends Continuity by making it easier to move content back and forth between Mac and iOS devices without the need for AirDrop or other solutions. The process is virtually seamless. For instance, if a user copies text, photos, or videos onto a device clipboard, that content is automatically uploaded to iCloud so it can be pasted onto another device. The Universal Clipboard is available only on devices running either macOS Sierra or iOS 10, and they must be signed into the same Apple iCloud ID.4 Prior to the release of iOS 10, Universal Clipboard was only available through third-party vendors.

Enterprises should be aware of the risk of data loss through Universal Clipboard unless they have controls in place to block users from copying and pasting large amounts of data into unauthorized apps. MobileIron already supports stricter copy/paste controls for existing customers that need additional protection going forward.

3 http://www.brianmadden.com/opinion/Apple-unveiled-iOS-10-and-macOS-Sierra-Whats-new-for-enterprise-mobility-management 4 http://appleinsider.com/articles/16/06/15/universal-clipboard-for-macos-sierra-ios-10-streamlines-copypaste-between-devices

iOS 10 enhances interoperability across all devices

While iOS 9.3 offered more ways to securely manage devices, iOS 10 enables these devices to work together more seamlessly than ever before. New features allow users to easily download apps and share data across all of their devices, which may include iPhone, iPad, Apple Watch, Mac laptops, and more. These new capabilities covered below can give employees a big productivity boost, but IT may need to consider extra security measures to ensure these new ways of sharing content don’t put enterprise data at risk.

CallKit API with Cisco Spark

The developer toolkit for iOS 10 will include CallKit, a framework that lets VoIP app developers build apps that allow iOS devices to take calls from communication apps such as Cisco Spark. For example, an incoming Spark call will ring on the iPhone lock screen just like a cellular call. The user can also select a contact in the address book or ask Siri to call the contact over Spark.

New features allow users to easily download apps and share data across all of their devices, which may include

iPhone, iPad, Apple Watch, Mac laptops, and more.

10 What iOS 10 Means for the Enterprise

“Raise to Wake” Lockscreen

iOS 10 has introduced an intuitive lockscreen functionality that replaces the trademark “swipe-to-unlock” gesture. Now the screen instantly displays all the notifications and missed messages as soon as the user picks up the phone. On more recent iOS devices, processor speed makes it easy for users to skip past important notifications. The new lockscreen in iOS 10 will ensure users see their notifications.

Auto Unlock

Auto Unlock. macOS Sierra includes Auto Unlock, a feature that allows a user to securely and automatically unlock a Mac computer with Apple Watch without having to type in a password. In the past, Bluetooth Trusted Objects had no understanding of device ownership, so someone could potentially steal another user’s device and use it to break into another paired

device. iOS 10’s security upgrades eliminate this vulnerability. Once the user unlocks Apple Watch, it needs to stay in contact with the user’s skin to stay unlocked — if the user takes it off, it locks back down. So, if someone steals a user’s Apple Watch and tries to unlock the owner’s Macbook with it, they would first need to enter the owner’s PIN to unlock the watch before unlocking the macOS. Time-of-flight, another security feature, measures how long it takes the signal to go from Apple Watch to Mac. The user must be within three meters before the Mac will unlock. This additional control helps prevent relay attacks that rebroadcast the signal from Apple Watch across further distances.5

VPN IKEv2 EAP-only Mode

VPN access is critical for allowing mobile employees to access corporate data, but organizations must ensure the security of data in motion. Until recently, many organizations did not allow VPN access from iOS devices because they did not support Extensive Authentication Protocol (EAP). With iOS 10, Apple now supports VPN IKEv2 EAP-only mode, which enables organizations to provide secure connectivity from iOS devices.

5 http://www.imore.com/macos-sierra

11 What iOS 10 Means for the Enterprise

MDM updates on macOS.

Macs enrolled in DEP are able to install major macOS updates. This means enterprise customers can use MDM to update any device running macOS Sierra. Sierra will also support a new payload to configure the IP firewall and allow IT admins to apply policy restrictions to Apple Music, iCloud Keychain sync, iCloud photo library, Back to My Mac, Find My Mac, Notes sharing, and more.6 Admins can also turn restrictions on or off according to their security requirements.

This update means that EMM platforms can now be used to secure and manage most Apple devices, including iPhone, iPad, wearables, and now macOS. It also shows that Apple is moving toward what Gartner calls “Unified Endpoint Management” that allows IT admins to manage and secure both mobile and desktop devices through a single EMM platform. According to Gartner, “By 2020, smartphone security and management architectures will dominate the endpoint computing environment, while traditional PC image management will decline except on dedicated appliance-style devices.”7 By extending EMM updates to macOS, Apple continues to lead this shift toward desktop and mobile convergence in the enterprise.

6 http://www.brianmadden.com/opinion/Apple-unveiled-iOS-10-and-macOS-Sierra-Whats-new-for-enterprise-mobility-management7 https://www.gartner.com/doc/2729517/managing-pcs-smartphones-tablets-future

12 What iOS 10 Means for the Enterprise

App Transport Security (ATS) requirement

In response to recent publicity about end-user privacy on iOS devices, Apple has taken additional steps to ensure the security of data in motion. At WWDC, Apple announced that by Jan. 1, 2017, all apps submitted to the App Store must include ATS to ensure web connections are encrypted and less vulnerable to hijacking.8 ATS was initially released with iOS 9 to help protect mobile data during network transmission. In ATS, traffic is encrypted with the Transport Layer Security Layer (TLS) protocol version 1.2. When ATS is enabled, network requests are automatically made over HTTPS instead of HTTP. According to Ivan Krstic, Apple’s head of security engineering and architecture, the new ATS requirement “is going to provide a great deal of real security for our users and the communications that your apps have over the network.”9

Integration with Messages app

Messages now has its own Messages App Store, so developers can create apps to be used in iMessages. These apps add a broad range of capabilities that includes everything from sending stickers and GIFs to paying bills and making group dinner reservations. Enterprise users can now integrate an entire workflow into a text message. For example, if an outstanding PO needs approval, accounting can send the request to the department manager in a text message. The manager can then simply hit “approve” within the message without opening a separate app to complete the request.

iOS 10 Considerations for Developers

8 http://www.zdnet.com/article/wwdc-2016-apple-ramps-up-privacy-now-all-ios-apps-must-encrypt-web-connections-by-year-end/9 https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/

13 What iOS 10 Means for the Enterprise

Enterprise Recommendations for iOS 10 and Beyond

Evaluate the benefits of Cisco and iOS integration

Meet with app developers and network admins to see if tighter integration with iOS and Cisco improves application performance and reduces network latency. These recent enhancements should reduce help desk calls and employee downtime due to sluggish app performance.

Become familiar with the AppConfig Community.

IT admins should review the list of vendors supporting AppConfig standards to see if there’s a better way to deploy business apps using native standards. By choosing from a broad range of secure, work-ready apps, IT can leverage existing EMM investments, increase mobile adoption, and accelerate app deployment across the company.

Secure Universal Clipboard

Meet with the security team to review internal copy/paste policies and security measures to ensure they apply to the new Universal Clipboard feature.

Follow the IT checklist for iOS 10

Apple created an extensive to-do list to help IT plan and execute a successful rollout of iOS 10 in the enterprise. Be sure to review this list to make sure the deployment goes as smoothly as possible: images.apple.com/business/docs/Get_Ready_for_iOS_10_checklist.pdf

1

2

3

4

14 What iOS 10 Means for the Enterprise

For More Information

To learn more about iOS 10 and what it means for the enterprise, please visit mobileiron.com/ios10.

For questions regarding your iOS implementation,

please contact MobileIron at globalsales@mobileiron.com.

ConclusionOver the past few releases, iOS has evolved into a fully mature enterprise platform. As a result, Apple has focused less on adding new features and instead put more effort into seamlessly integrating its partner ecosystem. Customers can now benefit from greater choice and ease-of-use when they need to deploy and secure work-ready apps on iOS devices. Apple’s recent integration with Cisco is a great example of how Apple’s partnerships are designed to help enterprises solve key business challenges and improve the user experience at the same time.

Just as important, Apple now allows OS updates to be deployed on any iOS or macOS device through MDM. This signals an important step toward what Gartner calls “Unified Endpoint Management,” in which all mobile and desktop devices can be securely managed through EMM. With iOS 10, Apple is clearly leading the way toward desktop and mobile convergence in the enterprise.