According to recent statistics, Apple claimed a 17.3% share of the market in the first quarter of 2024[1]. Since its inception, Apple devices have not only dominated the global sales charts but have also increasingly become a fixture in workplaces worldwide.
However, alongside the allure of iOS devices, with their sleek design or user-friendly interface, protecting the valuable data they contain is paramount. IT admins are always looking for robust security measures to maintain data and device security.
In this blog, we will be looking at the powerful security features for iOS devices offered by Scalefusion.
Security Features for iOS with Scalefusion MDM
Scalefusion MDM offers the following security features for securing iOS devices:
1. Activation Lock Settings
Scalefusion allows two types of activation lock settings:
a. Activation Lock
Allow or restrict the end user’s ability to enable Activation Lock when signing into ‘Find My’ on the supervised iOS device with their Apple ID credentials.
b. MDM-based Activation Lock
Enabling this option will force enable Activation Lock using the Apple ID of an Apple Business Manager or Apple School Manager administrator. This setting is only applicable for devices enrolled via ADE.
2. Passcode Policy
Implement strong password policies tailored to an organization’s confidentiality to secure business data. Businesses can create and enforce comprehensive passcode settings directly from the Scalefusion dashboard, ensuring all employees use strong passcodes on their work devices. This minimizes the risk of accidental data loss and enhances overall security.
Scalefusion offers two types of passcode settings:
a. Basic Settings
- Passcode Type: Choose between numeric or alphanumeric passcodes.
- Minimum Passcode Length: Set a minimum length for passcodes, ranging from 4 to 16 characters.
b. Advanced Settings
- Enforce Complex Passcode: Specify the minimum number of symbols that employees must include in their passcodes to enhance security.
c. Passcode Management Settings
- Passcode Expiry Period: Define how often employees must update their passcodes to maintain security.
- Passcode History List: Limit the reuse of old passcodes by specifying the number of previous passcodes that cannot be reused.
- Maximum Failed Attempts: Set a limit on the number of failed passcode attempts before the device performs a factory reset, protecting against unauthorized access.
- Maximum Inactivity Time: Specify the maximum period of inactivity before the device automatically locks, ensuring it is not left vulnerable when unattended.
- Maximum Grace Period for Device Lock: Define a grace period during which the device can be unlocked without re-entering the passcode, providing convenience while maintaining security.
3. Network Settings
Configure peripheral settings and eSIM on supervised devices. This feature is supported on iPhones with iOS 14 and above.
a. Wi-Fi Configuration
Configure Wi-Fi to restrict end users from connecting to unreliable or public Wi-Fi. Push a pre-approved list of Wi-Fi connections to limit access to certain networks.
b. Bluetooth and Hotspot Configuration
Enable or disable Bluetooth and Hotspot on end-user iOS devices. Allow or restrict end users from modifying Bluetooth and Hotspot settings on supervised iOS devices.
c. Roaming Settings
Choose to enable/disable the Voice and Data roaming settings. These settings cannot be blocked completely and will be applied every time the device checks in.
4. Safari Settings
Manage various Safari-related settings, including enabling Safari, though this cannot be disabled if specific websites are allowed. Additionally, control whether users are permitted to enable or disable the AutoFill feature. Choose to allow or restrict the execution of JavaScript and decide whether to permit or block pop-up tabs.
5. Content Filtering
Control browsing experience on supervised iOS devices with access to websites. Leverage the following capabilities:
a. Access to Allowed Sites Only
Enable this setting to provide access only to the websites that are enabled under the allowed websites section of the device profile.
b. Limit Access to Adult Websites and Allow Pre-selected URLs
Enable this setting to enforce Apple’s inbuilt content filtering mechanism, which will apply to all websites. However, the websites selected in the Allowed Websites section will be allowed.
c. Add WebClips Based on Allowed URLs
Allow Web-Clips on the home screen based on the visibility of Allowed websites.
6. iCloud and Siri Settings
Scalefusion offers the following types of settings:
a. General
This section offers the following capabilities for both unsupervised and supervised devices:
- iCloud Backup and Keychain Sync: Allow or restrict end-users from backing up data to the device iCloud and enforce iCloud keychain restriction.
- Siri: Allow or restrict end users from using Siri on their iOS devices.
b. Supervised
This setting offers the following capabilities only for supervised devices:
- Siri Profanity filter: Enforce the use of Siri’s profanity filter to restrict employees from using inappropriate words.
- iCloud Document Sync: Allow or restrict users to sync work documents to iCloud.
7. Application Management
Control the set of applications that the users have access to on the iOS devices. Allow or block a set of applications and control app visibility on supervised iOS devices. In the case of unsupervised/BYOD devices, enterprises can only publish the required application on employee devices. Scalefusion provides a few more capabilities, which include:
a. Single and Autonomous Single App Mode
Single-app mode (SAM) enables enterprises to set one application to run continuously, making it ideal for supervised iOS devices used in kiosk setups. Autonomous single-app mode (ASAM) expands on this by allowing a select group of applications to switch to SAM autonomously when needed.
ASAM is particularly useful for scenarios such as time-bound assessments, surveys, or on-demand data collection. It allows applications to enter SAM for a specified duration and then exit this mode once the task is completed.
b. App Settings
With App Settings, configure permissions for various applications, including iMessage, iTunes, news, podcasts, music services, and AirDrop.
8. OS Updates
IT administrators can manage iOS software updates by deferring them for 30 to 90 days on supervised devices. This configuration is available exclusively for devices running iOS 12.0 and above.
9. Work Data Settings
Control the exchange of data between managed (work) apps and non-managed (personal apps). These settings work on both supervised and unsupervised iOS devices. Secure the corporate data by preventing unmanaged applications from being used to view/open managed data. The settings offered are:
a. Open from Managed to Unmanaged
Configure whether the user can open work documents/files via unmanaged apps. Disabling this prevents unmanaged apps from being listed in the Share menu of iOS devices, and files cannot be opened from unmanaged apps.
b. Managed Apps to Write Contacts to Unmanaged Contact Accounts
Allow or restrict managed apps to add/edit contact information to unmanaged contact accounts. This setting will be forced enabled if ‘Open from Managed to Unmanaged’ is allowed. It works for iOS devices with version 12.0 and above.
c. Unmanaged Apps to Read Contacts to Managed Contact Accounts
Enable or disable unmanaged applications to add/edit contacts to work-managed accounts. This setting will be forced if ‘Open from Managed to Unmanaged’ is enabled. It requires iOS devices with 12.0 and above versions to work.
d. Work Documents to be Shared via AirDrop
Configure if work documents and files from managed applications can be shared via AirDrop. This setting will be forced enabled if ‘Open from Managed to Unmanaged’ is allowed.
e. Copy/Paste from Managed Apps to Unmanaged Apps
Allow or restrict copy and paste actions done from managed to unmanaged apps. When this setting is enabled, and an employee copies any data from a managed application onto an unmanaged one, a ‘pasting this content is restricted’ message will appear. This setting will not work if the ‘Open from Managed to Unmanaged’ setting is also enabled.
f. Open Documents From Managed to Unmanaged
Configure whether non-work documents and files can be opened via managed applications. Enabling this will cause the managed apps to appear in the Share menu of unmanaged apps on iOS devices.
g. Camera and Screenshot Setting
Allow/Restrict employees from using cameras and taking screenshots on managed iOS devices.
h. Force Encrypted Backups
Allow or restrict users to enforce encrypted backups where they can set a password for encrypted files while taking backup.
10. Certificate Management
Digital certificates simplify the IT team’s task of authenticating devices and checking for security when operating in unknown networks. Digital Certificate management streamlines the process of deploying digital certificates to iOS devices by automatically provisioning digital identities onto them without end-user intervention and enabling authentication on managed iOS devices.
11. Custom Settings
Build and push your policy according to Apple MDM protocol using custom payload and add security features for iOS that are not built in Scalefusion. This feature also allows IT admins to select a conflict resolution method among custom payloads and device profiles if these have the same settings.
Get Scalefusion for Comprehensive iOS Security Features
Effective iOS mobile device management and security are necessary for strengthening security posture. Scalefusion MDM offers robust iOS security features to elevate iOS device and data security with complete device control and witness the transformative impact it can have on your business. Contact our experts to schedule a demo, or opt for a 14-day free trial today.
References