We’re going to have to learn some new concepts for iOS 7 mobile app management
||Written on Aug 23 2013
Filed under: Apple, Mobile Application Management, Mobile Device Management, Enterprise Mobility Management
3,112 views, 4 comments
by Jack Madden
iOS 7 and its mobile app management (MAM) capabilities are the talk of the EMM industry. The short version of the story is that MAM features that were once only available from third-party vendors are now going to be available directly through the operating system. This brings rise to a range of of new ways to think about MAM.
As a disclaimer, don’t forget that the details of how all of this works are under NDA until iOS 7 is released, which rumors are saying will happen in September. Everything I’m talking about today is based off the fairly limited amounts of information that Apple has released so far. However, even with the this limited data, there’s still a lot to talk about.
There’s new way of doing MAM, and it utilizes Apple’s existing mobile device management technology
iOS currently provides mobile device management capabilities through configuration profiles. These profiles can be used to change various settings on the device, and can connect devices—over the air—to management servers. (To learn more about configuration profiles, check out the iPhone Configuration Utility.) iOS 7 will extend these capabilities to include granular, app-level management features.
This will for sure be awesome, because right now granular app-level management means using third-party MAM and specialized apps, as well as dealing with things like app wrapping, SDKs, and vendors building up ecosystems of partner apps. Acquiring apps that work with third-party MAM can be a hassle.
The end result is that soon there will be two ways of getting granular app management: OS-enabled MAM and third-party MAM. These MAM techniques have many similar features, but it’s very important to keep in mind that they also have inherent differences. (I wrote an article about this few weeks ago.)
We have to change the way we think about Apple’s MDM protocol
For the last year or two, we’ve thought about the EMM space like this: If you wanted to manage the whole device, you go with the profiles and protocol offered by Apple. So iOS MDM means taking over the device. And if you want to manage apps, that’s a third-party thing involving specialized apps. Got it?
One of the use cases of MAM is for when you want to just want to worry about a few apps without taking over the device. So just doing “apps only” means not dealing with the iOS protocol and profiles and all that. But if you want to use iOS 7 MAM to manage the apps, then that will mean taking over the whole device with MDM and profiles and everything? Hmmm…
Here’s the thing: configuration profiles are actually pretty flexible. While we always think of them as taking over the device, they can actually get very specific about what rights the MDM server or remote administrator can have on the device. Check out the screenshot of the iPhone Configuration Utility (below). It shows the part of a configuration profile that makes the MDM connection from the device to the server, with all the rights that can be assigned or not assigned.