Admin’s Arsenal: iPhone Configuration Utility

Jesus holding iPhone I got an iPhone in 2009. I like it, it does what I need it to do. I’m not with the fanboi crowd that thinks that Steve Jobs was a saint, and the iPhone is the holy grail of cell phones. The thing has problems. The fact that I still cannot define a time that I do not want the phone to ring or vibrate, or only ring for specific callers (without jailbreaking) is pretty silly.

But it is still light years ahead of a Blackberry, and in my opinion far easier to use and maintain than an Android device.

All that aside, iOS is here, and our users want it. I’ve got about 10 users with iOS devices, and it’s spreading. I do not support enough mobile devices to justify a Mobile Device Management solution, but that doesn’t mean that I am forced to manage them all by hand either.

Some time ago Apple released the iPhone Configuration Utility (available here for both Mac and Windows computers), designed for exactly my use case.

You’ll notice that Apple has quite a bit of information available at that link, including an MDM solution specifically for iOS devices (which unfortunately is OSX only). Not bad, I’ll tip my hat to Cupertino on that, they aren’t ignoring the Windows people (for once).

The iPhone Configuration utility allows you to define profiles and configure settings for iOS devices (it works fine with iPads).

Let’s take a look at the interface (click the image to see the full size versions):

iPhone Configuration Utility interface

iPhone Configuration Utility interface

 

Note at the bottom there the setting to control when the profile can be removed from the phone. I would suggest that you choose the “With Authentication” setting, as you never know when you might need to remove the profile, and you don’t want users screwing around in there and accidentally removing the security policy requiring a passcode for compliance reasons (or just general security). Speaking of Passcodes:

Passcode policy

Passcode Policy settings

 

You can see here that you’ve got pretty granular passcode settings available, which is great because if Apple is known for doing one thing right, it sure isn’t security. If you happen to be in an environment where you need to disable certain settings, the Restrictions policy settings have you pretty well covered:

Restriction Policy Settings

Restriction Policy Settings

 

Which is great if you need to control things like disabling Siri when the device is locked. The utility also gives you the ability to define Wi-Fi networks that the iOS device is allowed to connect to:

Wi-Fi Policy Settings

Wi-Fi Policy Settings

 

This is actually pretty handy, you don’t need to give out wi-fi passwords, and you can isolate mobile devices as needed. If for some strange reason you want to allow users to connect their phones to your VPN, there is provision for that as well:

VPN Policy Settings

VPN Policy Settings

 

This is great for me personally, as I can use this to allow secure connection to our Spiceworks install, as well as remote desktop for emergencies. And of course we need email:

Exchange ActiveSync Policy Settings

Exchange ActiveSync Policy Settings

 

Pretty standard stuff from here out.

Here’s how I use this:

I have one company wide device security policy that gets installed on all devices. This is basically a passcode and screen lock policy that also disables Siri when the phone is locked. These are company devices, with confidential company information on them. I know it’s inconvenient for you to have to enter a 4 digit passcode when you want to use your phone, but tough. Don’t like it? I’ll remove it when there is no longer any company data on the phone, and that includes email and contacts that have employee’s home contact information in them.

I have one email profile that is basically a shared contacts box that get’s installed on every device.

Each user has an email policy that configures access to their work email.

I have a VPN profile that allows me to VPN into our network from my phone, but no one else has this capability.

This is great because in the 3+ years I’ve had an iPhone, I’ve had to replace or wipe the device at least 10 times. They’re not the most hearty of devices (that crown is still held by the mighty BlackBerry, which I know from experience can survive being thrown from the second floor of a building into parking lot during a torrential downpour), and water is like antimatter to them.

Now when I need to change hardware, or reload the device I simply email the four profiles to myself, and bingo all of my email settings are squared away in seconds (iCloud makes this super easy anyway, but it can take a while to get it working).

 

 

 

Advertisements

One Response to Admin’s Arsenal: iPhone Configuration Utility

  1. very cool application I am going to give it a shot! Thanks so much for the info 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: