One of the canonical documents for iOS management is Apple's Configuration Profile Key Reference, available to all on Apple's developer site. In honor of OS X Mavericks and iOS 7.0.3 today, Apple has updated the document. The notable change? "Added information about the keychain syncing restriction."
Along with all the products today, Apple has released iOS 7.0.3 for all iOS 7-capable devices. (For download links, see our database of iOS Devices.) From the release notes:
This update contains improvements and bug fixes, including:
- Adds iCloud Keychain to keep track of your account names, passwords, and credit card numbers across all your approved devices
- Adds Password Generator so Safari can suggest unique, hard-to-guess passwords for your online accounts
- Updates lock screen to delay display of "slide to unlock" when Touch ID is in use
- Adds back the ability to search the web and Wikipedia from Spotlight search
- Fixes an issue where iMessage failed to send for some users
- Fixes a bug that could prevent iMessage from activating
- Improves system stability when using iWork apps
- Fixes an accelerometer calibration issue
- Addresses an issue that could cause Siri and VoiceOver to use a lower quality voice
- Fixes a bug that could allow someone to bypass the Lock screen passcode
- Enhances the Reduce Motion setting to minimize both motion and animation
- Fixes an issue that could cause VoiceOver input to be too sensitive
- Updates the Bold Text setting to also change dial pad text
- Fixes an issue that could cause supervised devices to become un-supervised when updating software
For information on the security content of this update, please visit this website:
That last one about supervision could be very interesting. We've heard of several organizations bitten by that when they first upgraded.
Please post your iOS 7.0.3 experiences here.
Apple announced plenty of product updates today — you can watch the presentation online if you want, or see the tech specs for both the iPad Air and the iPad mini. (Note for those with OCD: "Air" is capitalized, "mini" is not.)
Apple has a clear but lengthy comparison of models online. Here's our summary:
|Spec||iPad Air||iPad mini retina display||iPad 2||iPad mini|
|CPU||A7+M7 motion||A7+M7 motion||A5||A5|
|Weight||1.0 lb||0.73 lb||1.33 lbs||0.69 lb|
|Dimentions||6.6 x 9.4 x 0.29 in||5.3 x 7.87 x 0.29 in||7.31 x 9.5 x 0.34 in||5.3 x 7.87 x 0.29 in|
|Display||9.7 in||7.9 in||9.7 in||7.9 in|
|Resolution||2048 x 1536 px||2048 x 1536 px||1024 x 768 px||1024 x 768 px|
|Battery||10 hours||10 hours||10 hours||10 hours|
|WiFi||802.11a/b/g/n + MIMO||802.11a/b/g/n + MIMO||802.11a/b/g/n||802.11a/b/g/n|
|GPS||Cellular model only||Cellular model only||Cellular model only||Cellular model only|
|Colors||Space Gray, Silver||Space Gray, Silver||Black, White||Black, White|
|Availability||November 1||Later in November||Now||Now|
|Models||16 GB WiFi: $499||16 GB WiFi: $399||16 GB WiFi: $399||16 GB WiFi: $299|
|32 GB WiFi: $599||32 GB WiFi: $499||16 GB WiFi+3G: $529||16 GB WiFi+3G: $429|
|64 GB WiFi: $699||64 GB WiFi: $599|
|128 GB WiFi: $799||128 GB WiFi: $699|
|16 GB WiFi+Cellular: $629||16 GB WiFi+Cellular: $529|
|32 GB WiFi+Cellular: $729||32 GB WiFi+Cellular: $629|
|64 GB WiFi+Cellular: $829||64 GB WiFi+Cellular: $729|
|128 GB WiFi+Cellular: $929||128 GB WiFi+Cellular: $829|
Note none of the iPads have Touch ID, the fingerprint reader. And none are available in gold. Get an iPhone.
It is Apple Announcement Day! It has been almost exactly 1 year since the iPad 4 and iPad mini. Time for a refresh? Thinner, lighter, faster, longer battery life, more pixely, more biometric... We will find out at 10 PT/1 ET. Apple is broadcasting this announcement live via Apple TV, and perhaps via web stream too. If you don't have the attention span for video I recommended live blogs at [arstechnica.com Ars Technica] or [engadget.com Engadget].
It won't all be iPads, since we expect the release of OS X Mavericks too. But even that give us a perk: iCloud Keychain syncing, saving and syncing passwords and credit cards to all your devices. Depending on your point of view, iCloud Keychain will be an convenient enabler of complex, unique passwords, or it will be a security nightmare. Let's see.
I'll try to tweet the highlights at @EnterpriseiOS — follow along for the fun.
Just to 100% confirm this before I inform my users. Can you confirm for me that there is currently no way to prevent users manually removing configuration profiles that have not been deployed by Apple Configurator?
One person I spoke to claimed he had managed to stop MDM profiles being removed by using a certificate, but I can't find any reference to this anywhere else.
My apologies for the noob question. I am tasked with detection, enforcement, and validation that deployed devices only have approved applications installed. The MDM were using is MobileIron, which from my limited involvement seems fine to detected after an app is installed. I was looking for a solution similar to OTG that locksdown the device to only permit installs from an internal appstore that has approved applications.
Is there a solution that appstore requests only go to our internal appstore, not the official Apple appstore?
Any thoughts suggestions are welcome.
I'm pretty new to deployment, and the area I'm struggling with right now is supervised mode with apple configurator. All of the devices I'm working with right now are on iOS7, and will be enrolled in airwatch. There are a list of features in airwatch that are attractive, but require the device be in supervised mode.
I'm basically wondering what are the cons to supervised mode?
With iWork apps (Pages, Numbers, Keynote, iMove etc.) now free for new devices I was wondering how I can install the apps via Apple Configurator without paying for them.
I have 15 brand new iPads, but when I login to the VPP store I am still asked to pay for the apps.
Thank you for being so helpful in my last post.
I deployed about 30 devices using Apple Configurator to set the original image and restrictions, and then Meraki for MDM. Everything seems to be going great except that the automatic Web Content Filter is far more invasive than we realized. We'd like to roll the Web Content Filtering back, and allow access to all websites. Unfortunately Configurator is installed on a desktop in one city, and our users are in multiple different cities. Anyone have ideas of how we can remove the website restriction without messing with people's new settings or causing them undue annoyance? Basically, can we remotely remove the Web Content Filtering?
I Received this Communication from our Apple rep. I am really glad we have not updated to iOS 7 at our school and would need to provide serial numbers and proof of purchase. I have emailed support and I am waiting on directions. It looks like we will be able to push a profile that will prevent find my iPad activation lock settings in the background (speculation). Once the iOS 7 update is available we can remove our block and upgrade to iOS 7.
Recently some users have reported that their supervised iOS devices have reverted to un-supervised after they were upgraded to iOS 7. We are aware of this issue and will have a fix in an iOS software update coming this month.
If you upgraded your devices to iOS 7, we can help you re-supervise devices wirelessly once the software update is available. If your devices are still on iOS 6, we can help you prep your devices in order to maintain supervision when the software update is installed. Please see below for details. AppleCare is ready to help you with implementing whichever solution works for you.
Devices on iOS 7
For devices that were upgraded to iOS 7, we can create a profile to re-supervise your devices. In order to create this profile, we need two things from you — your device serial numbers and valid proof-of-purchase information. When you contact AppleCare, we will provide details on how to send us this information. AppleCare will also let you know when you will receive the profile and provide deployment instructions.
Devices on iOS 6
If you have devices that haven’t been upgraded to iOS 7, we will give you the ability to generate a profile to install before upgrading. Then your devices will be able to upgrade to the upcoming release of iOS as supervised devices.
Please email email@example.com to obtain more information from AppleCare.
I just deployed 24 iPads in my company, and I'm using Apple Profile Manager 2 as MDM solution.
I'm using variable to create a single configuration profile that will load user info automatically, leaving just password entry for the users.
%short_name% is used as variable for user account
%mail% is used as variable for the exchange server email
Everything go smooth, the user enter his password and mail start to receive exchange mails.
It turns out that exchange mail configured in this way are not fully recognized by iOS:
1- if you use mail everything works fine
2- if you use 3rd party app like Smart Office 2 or BBC app, and you want to share via mail something you get a message that first you need to configure an email account
3- if you configure extra email account like iCloud one or gmail one, any of them can be selected as default email account, except for the exchange account that won't be listed at all, like if it don't exist, but it's there and working from mail app.
The above is verified both with iOS 6 and iOS 7, so it's not iOS7 issue
a guy left the company, a new guy get the iPad, he enroll the device login in with his account info, but exchange mail setting still report the previous user mail (configured as explained before)
I tried restoring iPad, soft and hard reset, from the device and connected to the MDM (MacMini), I assume the problem is in MDM software and not in the device itself considering when it's restored it's completely empty
Any idea / suggestion?
Any help will be appreciated
TechHive has an article on several iOS 7 keyboard tips. Here is my favorite:
The old ".com" button is hidden inside Safari's keyboard. Just press and hold the period.
Makes it so much easier to type enterpriseios.com.
A quick tip on a new feature for iOS 7: You can now manage which apps are allowed to use cellular networking and which must be confined to WiFi. Check out Settings > Cellular and scroll to the bottom. Unfortunately this isn't manageable via MDM.
I'm new to Enterprise iOS, thank you for providing this very useful resource!
I was wondering if anyone has a favorite not-too-expensive USB hub for rolling out iPhones using Apple Configurator. I can't seem to find a USB hub for 5-10 devices with enough power to charge and sync, that's not prohibitively expensive.
Any help would be great!
- Comparison of MDM Providers (708,393)
- Complete List of iOS User-Agent Strings (329,125)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (214,860)
- Apple Configurator vs. MDM (142,856)
- iOS Devices (101,605)
- Mobile Device Management (92,375)
- Apple Profile Manager (86,058)
- Batch Apple ID Creator (79,842)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (79,563)
- AirWatch (74,748)
Comparison of MDM Providers
Forum topic comment by anniegilson35 4 hours ago
Forum topic added by Moronmath 4 hours ago
Forum topic comment by anniegilson35 4 hours ago
Forum topic added by taylor 16 hours ago
Forum topic comment by DavidMaxy 2 days ago
Forum topic comment by Silica 3 days ago
Mobile Management Provider changed by ZuluDesk 4 days ago
Forum topic comment by ZuluDesk 4 days ago
Forum topic comment by Aaron Freimark 4 days ago
Forum topic comment by janeitzey 4 days ago
Forum topic added by marcmeyer 5 days ago
Forum topic comment by Erukian 5 days ago
Forum topic added by Placi 1 week ago
Forum topic comment by jpref 1 week ago
Forum topic added by Vinoth 1 week ago
Forum topic comment by odaugaard 1 week ago
Forum topic comment by vhailor88 1 week ago
Forum topic comment by jbourdon 1 week ago
Forum topic comment by Mitchtei 1 week ago
Forum topic comment by Mitchtei 1 week ago