Pages Menu
Categories Menu

Posted by on Apr 6, 2011 in Mobile |

iOS Enterprise MDM Configuration Capabilities

 

Thought I’d put together an easy to reference list of the various things that can be configured by an enterprise Mobile Device Management administrator for iOS:

Password

  • Required
  • No Repeating/Ascending/Descending Characters
  • Require Alphanumeric
  • Minimum Password length
  • Minimum number of non-alphanumeric characters required
  • Maximum password age (1-730 days)
  • Auto-lock (1-5 minutes)
  • Password History (1-50 Passwords)
  • Grace Period for Device Lock (amount of time the device can be locked without prompting for a password on unlock)
  • Maximum number of failed attempts (before all data on device will be erased)

Restrictions

  • Allow installing apps
  • Allow use of camera
    • Allow FaceTime
  • Allow Screen Capture
  • Allow Automatic Sync while Roaming
  • Allow voice dialing
  • Allow In App Purchase
  • Allow Multiplayer Gaming
  • Allow Adding Game Center Friends
  • Force Encrypted Backups
  • Applications
    • Allow use of YouTube
    • Allow use of iTunes Music Store
    • Allow use of Safari
      • Enable autofill
      • Force fraud warning
      • Enable JavaScript
      • Block Pop-ups
      • Accept Cookes: Always, Never, From Visited Sites
      • Allow Explicit Music & Podcasts
    • Allowed Content Ratings
      • Movies: Don’t Allow Movies, G, PG-13, R, NC-17, Allow All Movies
      • TV: Don’t Allow TV Shows, TV-Y, TV-Y7, TV-G, TV-PG, TV-14, TV-MA, Allow All TV Shows
      • Apps: Don’t Allow Apps, 4+, 9+, 12+, 17+, Allow All Apps

Wi-Fi

  • Service Set Identifier (SSID)
  • Hidden Network (if target network is set to not broadcast)
  • Security Type: Any (Personal), None, WEP, WPA/WPA2, WEP Enterprise, WPA/WPA2 Enterprise, Any (Enterprise)
  • Password

VPN

  • Connection Name
  • Connection Type: L2TP, PPTP, IPSec (Cisco), Cisco AnyConnect, Juniper SSL, F5 SSL, Custom SSL
  • Server Hostname or IP Address
  • Account
  • User Authentication: Password, RSA SecurID
  • Shared Secret
  • Send All Traffic (Route all network traffic through VPN)
  • Proxy Setup

Email

  • Account Description
  • Account Type: IMAP, POP
  • User Display Name
  • Email Address
  • Mail Server and Port
  • Authentication Type: None, Password, MD5 Challenge-Response, NTLM, HTTP MD5 Digest
  • Password
  • Use SSL

Exchange ActiveSync

  • Account Name
  • Exchange ActiveSync Host (Exchange Server)
  • Use SSL
  • Domain
  • User
  • Email Address
  • Password
  • Past Days of Mail to Sync: No Limit, 1 Day, 3 Days, 1 Week, 2 Weeks, 1 Month
  • Authentication Credential Name
  • Authentication Credential
  • Include Authentication Credential Passphrase

LDAP

  • Display Name
  • Account Username
  • Account Password
  • Account Hostname
  • Use SSL
  • Search Settings

CalDAV

  • Account Description
  • Account Hostname and Port
  • Principal URL
  • Account Username
  • Account Password
  • Use SSL

CardDAV

  • Account Description
  • Account Hostname and Port
  • Principal URL
  • Account Username
  • Account Password
  • Use SSL

Subscribed Calendar

  • Description
  • URL
  • Username
  • Password
  • Use SSL

Web Clips (web pages saved to the home screen as bookmarks)

  • Label
  • URL
  • Removable (yes/no)
  • Icon
  • Precomposed Icon
  • Full Screen

Credentials

  • Specify PKCS1 and PKCS12 certificates needed to authenticate access to your network

SCEP

  • URL for SCEP server
  • Name
  • Subject (representation of X.500 name)
  • Subject Alternative Name Type (None, RFC 822 Name, DNS Name, Uniform Resource Identifier)
  • Subject Alternative Name Value
  • NT Principal Name
  • Challenge
  • Key Size: 1024, 2048
  • Use as digital signature
  • Use for key encipherment
  • Fingerprint (hex string)

MDM

  • MDM Server URL
  • Check in URL
  • Topic (Push notification topic for management messages)
  • Identity: Add credentials in Credentials payload, SCEP
  • Sign Messages: yes/no
  • Access Rights granted to remote administrators:
    • Query Device for:
      • Device Information
        • unique device identifier (UDID)
        • device name
        • iOS version
        • device model name and hardware version
        • serial number
        • overall and available storage capacity
        • IMEI number
        • the modem firmware version
        • SIM card ICCID
        • and MAC addresses for integrated Wi-Fi and Bluetooth
        • carrier currently being used
        • the carrier specified by the current installed SIM card
        • the version of the carrier settings (APN) data
        • assigned phone number
        • whether or not data roaming is currently allowed
        • list of configuration profiles installed
        • list installed security certificates and expiry dates
        • list of enforced restrictions
        • hardware encryption capability
        • whether an unlock passcode is set
        • installed applications (with App identifier, name, version, and size)
        • a list of any application provisioning profiles with expiration dates.
    • General Settings
    • Security Settings
    • Network Settings
    • Restrictions
    • Configuration Profiles
    • Applications
    • Provisioning Profiles
  • Add / Remove:
    • Configuration Profiles
    • Provisioning Profiles
  • Security
    • Change device password
    • Remote Wipe
  • Apple Push Notification Service
    • Use Development APNS Server

Advanced

  • Access Point Name (APN): The name of the GPRS access point
  • Access Point User Name
  • Access Point Password
  • Proxy Server and Port
facebooktwittergoogle_plusredditpinterestlinkedinmail

Comments

comments