Apple’s New Management Features Help Locked-Down iPads Stay Locked Down
iPhones and iPads have muscled their way into locked-down, Windows-centric schools and businesses thanks to the “bring your own device” phenomenon, and Apple has been adding more features to help IT shops lock iOS down and make it easier to manage. Yesterday, the company introduced a handful of changes that will make it simpler for schools and businesses to mandate settings on their iOS devices and to make sure that those settings stay applied to their iOS devices at all times.
With these changes, the company is introducing “zero-touch” configuration for new iOS devices via the Device Enrollment Program if you’re running your own mobile device management (MDM) server. Customers who go to deploy.apple.com and sign up can enroll new devices by serial number or order number, allowing admins to apply their settings to devices bought from Apple without even removing them from their boxes. This is a significant improvement over the previous system, where each device needed to be connected to a computer running the Apple Configurator utility to get things set up.
Most crucially, these management profiles can be made mandatory, preventing users from uninstalling the profiles themselves. This feature in particular seems intended to prevent the kind of thing that happened in the Los Angeles Unified School District late last year, where students “hacked” iPads given to them by the school (read: deleted the management profiles) to get around the district’s settings and limitations.