the definite enterprise guide for iOS 11.3
Document version 1.2 Document author: Björn Kemps
4/5/18 mobco
https://mob.co
Table of contents 1 Context 3 2 Before you start 3 3 What’s new in iOS 11.3? 4 3.1 Managed iOS software updates 4 3.2 Prevent unmanaged apps from accessing contacts in managed accounts 5 3.3 iMessages in iCloud 6 3.4 Disable USB Restricted Mode 6 3.5 Installed Application List enhancements 7 3.6 Enable / disable Bluetooth 7 3.7 Arrange WebClips on the Home Screen Layout 8 3.8 Specific Version for iOS Updates 8 3.9 Install Application enhancements 8 3.10 Skip the Proximity Setup screen on first reboot 9 3.11 Skip the Privacy screen during setup 9 3.12 Restrict the Remote app 9 3.13 Allow MMS messages bypass Always-On IKEv2 VPN 10 3.14 Safari 11.1 10 3.15 Battery and Performance 11 3.16 Privacy Awareness 11 4 Other new features 12 5 Contact Mobco 12
Mobco bvba Kerkberg 5 1700 Dilbeek, Belgium VAT 0830714829 KBC IBAN BE72 7340 3019 6816 - BIC KREDBEBB
Represented by Ulrik Van Schepdael Founding member of the Enterprise Mobility [email protected] +32 2 669 95 00 Expert Alliance
2
https://mob.co
1 Context
Since iOS 9 the x.3 version has always been the major “intermediate” release. The iOS 11.3 release is no different and this time it is packed with new exciting business features. We can safely state that this new version of iOS is one of the most important ones for the enterprise since Apple’s focus on business integration and digital transformation.
This document puts the focus on iOS 11.3 and is based on final release notes of the public version.
In this document you will discover all enhancements and major new features that will probably impact the digital evolution in your company.
Enjoy the reading!
2 Before you start
Curious about all current enterprise features packed in iOS? Check out our Mobco Academy website or request the iOS 11 for Business Whitepaper online.
For the updated training schedule, please visit https://mob.co/academy
In this paper we will only focus on those new features that deliver a true enterprise value or facilitate data security/privacy. This document does not summarize all new iOS 11.3 features; please refer to www.apple.com for more details on the complete listing.
Check https://developer.apple.com/enterprise/ for the latest updates. No information available through this program is part of this whitepaper.
If you have a developer account, check the enterprise resources for detailed protocol and profile reference details.
3
https://mob.co
3 What’s new in iOS 11.3? 3.1 Managed iOS software updates
Probably the number 1 feature request from enterprise customers over the last couple of years, finally it’s here!
For any supervised iOS device, you can set an MDM restriction that prevents users from manually updating a device over-the-air for a specified time. Users can still update their devices with Apple Configurator or iTunes if they have access. When you implement this restriction, the default delay is 30 days, and is triggered the moment Apple releases an iOS update. This gives administrators more time to test compatibility of their apps and devices with the latest OS before users start upgrading their devices.
However, you can change the default number of days you prevent updates, anywhere from one to 90 days. Once the delay expires, users get a notification to update to the earliest version of iOS that was available when the delay was triggered.
Currently this restriction is not yet part of the standard EMM profiles on MobileIron, Airwatch, Blackberry. Our mobco experts can assist you with a custom profile for your implementation if you already want to start using this functionality. Contact us for more information and assistance on this must-have enterprise feature.
This feature will also be available on MacOS v10.13.4.
Supervision required: yes
Operations Efficiency: **** User Experience: *** Security: ***
4
https://mob.co
3.2 Prevent unmanaged apps from accessing contacts in managed accounts
If managing iOS updates is the number 1 request for Enterprise, this one will share the podium as a top request from Enterprise.
WhatsApp, Facebook Messenger, Waze, … are all popular consumer apps which are heavily used in Enterprise. All these apps have access to the corporate contacts in managed email accounts.
In iOS 11.3, unmanaged apps (apps which are not installed via EMM, typically users’ personal apps) will no longer be able to access contacts in Managed email accounts. This will prevent, for example, WhatsApp reading contacts from the corporate email account that has been deployed to the device by EMM.
With the upcoming GDPR privacy legislation in the EC, this will help Enterprise customers to protect their corporate contacts.
This new feature will be managed through the restrictions profile. Mobco can help you configuring your EMM to prevent your business contacts will be synced to unmanaged apps. It’s seldom a feature scores maximum points on all areas we evaluate, but this was certainly does and allows the user to install just any app without any security risk.
Supervision required: no
Operations Efficiency: **** User Experience: **** Security: ****
5
https://mob.co
3.3 iMessages in iCloud update 4/4/18: this feature didn’t make the final production release. Today we don’t have any news from Apple if this will be part of the next update. iOS 11.3 will allow storing Messages to iCloud and syncing them between all devices linked to the same Apple ID.
This may pose some Enterprise challenges if iMessages are used to conduct business purposes. These could now end up on the users’ personally owned devices. Or the way around, where iMessages from personally-owned devices could end up on company-owned devices, potentially triggering a privacy/GDPR concern.
On the plus side, syncing Messages to iCloud should make it much easier to move users from old to new devices without having to do a full device restore.
Supervision required: no
Operations Efficiency: *** User Experience: **** Security: **
3.4 Disable USB Restricted Mode
USB Restricted Mode is a security feature requiring users to enter their passcode or reconnect the accessory while the device is unlocked at least once a week, or the accessory will no longer function when the device is locked. It provides a protection for those devices potentially under attack using USB cable connection.
Supervision required: yes
Operations Efficiency: *** User Experience: ** Security: ****
6
https://mob.co
3.5 Installed Application List enhancements
The Installed Application List MDM command returns a list of apps installed on devices. In iOS 11.3 it now returns these additional pieces of information about each app:
• AppStore Vendable • Device Based VPP • BetaApp • AdHoc Code Signed • Has Update Available
Has Update Available should greatly enhance the implementation of enterprise app stores by the EMM vendors, which can currently be unreliable and when it comes to displaying to users which apps need to be updated.
Supervision required: no
Operations Efficiency: **** User Experience: **** Security: ***
3.6 Enable / disable Bluetooth
Bluetooth can now be turned on or off over-the-air on Supervised devices. There is already a restriction that prevents a user from changing the current Bluetooth status from on to off and visa-versa, this new function actually allows turning on or off Bluetooth, similar to how roaming can be turned on/off over-the-air. Although this sounds like a heavy restriction, it is actually providing a better user experience in those circumstances where a Bluetooth is required to connect to peripherals (such as a e- ID Bluetooth card reader) – not all users understand the necessity of enabling Bluetooth and could be calling the helpdesk for card reading troubleshooting.
Supervision required: yes
Operations Efficiency: **** User Experience: *** Security: ***
7
https://mob.co
3.7 Arrange WebClips on the Home Screen Layout
Arranging apps on the Home Screen was already possible. In iOS 11.3 this has now been extended to Web Clips. Web Clips can also be grouped so you can create a clean and comprehensive layout of corporate devices.
Supervision required: yes
Operations Efficiency: *** User Experience: **** Security: **
3.8 Specific Version for iOS Updates
Previously, devices receiving the command to force an OS update were required to download and install the latest available iOS version supported by the hardware. With the latest release, the ability to force an OS update can now specify an iOS version for the device to install, provided it is higher than the device’s current iOS version and compatible with the device model.
When combined with the upgrade restriction, this feature enables full control over what version of the OS is deployed and used in your organization!
Supervision required: yes
Operations Efficiency: **** User Experience: *** Security: **** 3.9 Install Application enhancements
With iOS 10, you can remove some built-in system apps from the Home screen on your iPhone, iPad, iPod touch, or Apple Watch. In iOS 11.3 the Install Application MDM command can be used to re-install previously removed system apps.
An interesting feature to ensure a maximum user experience in a more controlled environment and perfectly compatible with predefined arrangement of icons (now including web clips as well) on the home screen of your employees.
Supervision required: yes
Operations Efficiency: *** User Experience: *** Security: ** 8
https://mob.co
3.10 Skip the Proximity Setup screen on first reboot
Proximity Setup allows a user quickly setup a blank device by syncing settings and data from their old device by holding them near each other and allowing a direct transfer. EMM solutions now have the ability to prevent Proximity Setup from being used when a device has been wiped.
Supervision required: no
Operations Efficiency: **** User Experience: ** Security: ****
3.11 Skip the Privacy screen during setup
The Device Enrolment Program (DEP) allows skipping certain screens during the setup wizard of new devices, the Privacy screen can now be skipped as well.
For a complete guide on Device Enrollment Program automation, please contact our support team or download our white paper on DEP!
Supervision required: yes
Operations Efficiency: *** User Experience: *** Security: ***
3.12 Restrict the Remote app
Allows an organization to specify a whitelist of Apple TV’s that the Remote app on a given iOS device is allowed to control.
With the proliferation of Apple TV in the enterprise for both AirPlay enabled meeting rooms, as for signage applications, more and more of these types of features will become available.
Supervision required: no
Operations Efficiency: **** User Experience: ** Security: ****
9
https://mob.co
3.13 Allow MMS messages bypass Always-On IKEv2 VPN
It is currently possible to setup an always on VPN from iOS devices to route all traffic down the tunnel except specific services, such as voicemail and AirPrint. This new option allows cellular services such as MMS messages to also bypass the VPN.
Since the availability of per-app-VPN we have been eliminating full device VPN functionalities for most use cases. Only in fully controlled environments the full device VPN is still in use (or should be in use).
Supervision required: no
Operations Efficiency: *** User Experience: ** Security: ****
3.14 Safari 11.1 iOS 11.3 (and macOS 10.13.4) ship with Safari 11.1. This new version has a number of new features, including:
• Service Workers: implement background scripts for offline web applications and faster webpages • Payment Request: provide a consistent user payment experience in Safari using a standards-based API • Security Improvements: improved protection against memory corruption and code execution attacks. • Web Inspector Updates: new designs for the Network Tab and the Styles sidebar in the Elements Tab.
Users can expect better password autofill (including in apps that use Web View), a better Reader mode, and improved protection against cross-site web tracking.
The updated Safari browser also provides an extra benefit for your employees given the fact more and more HTML5 apps (web apps with offline capabilities) are reaching them because.
Supervision required: no
Operations Efficiency: *** User Experience: *** Security: ****
10
https://mob.co
3.15 Battery and Performance
As promised, Apple will bring some much-needed power management to the battery settings in iOS 11.3. Apple says users will now be able to see their overall battery health and will recommend if it needs to be serviced. You will also be told if your battery is triggering a chip slowdown and can choose to turn that feature off. The switch will only be available for iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7 and iPhone 7 Plus.
The feature can be found in Settings > Battery > Battery Health (Beta). You will see the peak capacity (relative to a brand-new battery) and whether or not your phone is capable of sustaining peak performance. If your older iPhone is subject to slowing down because the battery can no longer deliver the necessary peak voltage for full performance, this is where you would see it. This is also where you would disable such throttling.
Supervision required: no
Operations Efficiency: *** User Experience: **** Security: **
3.16 Privacy Awareness
Update 4/4/18: this feature was not part of any released beta version, we’ve discovered this one in the final production release.
In an effort to be more transparent about data collection, there’s a new icon that pops up whenever Apple requests personal information from you. The icon specifically appears when any of Apple’s apps need the information to enable features, personalize the experience, or secure its services.
This new privacy icon will help to create awareness against phishing and other attacks.
Apple says it won’t display the icon every time with every feature but it’s being used to build a more secure foundation for iOS.
Supervision required: no
Operations Efficiency: *** User Experience: **** Security: **
11
https://mob.co
4 Other new features
In the previous chapter we’ve listed the most important iOS 11.3 features which will have a direct impact to iOS in the enterprise. But iOS 11.3 includes some other nice features which are not considered as business features, but will have a positive impact on the user experience:
• advanced Mobile Location for sending your location to emergency services when calling from iPhone • App Store lists version number and update size on Updates screen • a batch of new Animoji for iPhone X • visual aid for the ‘Confirm with Side Button’ prompt for purchases in the App Store on iPhone X.
5 Contact Mobco
Operations and Support [email protected] or [email protected] https://support.mobco.be +32 2 669 95 09
Sales [email protected] https://mob.co +32 2 669 95 00
Accounting [email protected] +32 2 669 95 19
12