問題描述
Chính sách MDM của iOS (iOS MDM policies)
I need to prepare a presentation on iOS Mobile Device Management. I have been asked to include the policies that are implemented and choose one of the and describe it in detail. The problem is, I don't know what are the different policies that exist. Please help me out.
參考解法
方法 1:
Here are the link for everything you need to know about MDM and around MDM.
Over‑the‑Air profile delivery concept
http://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html
MDM
(This one requires access to Apple Enterprise Developer Program) http://adcdownload.apple.com//Documents/mobile_device_management_protocol/mobile_device_management_protocol.pdf
Reverse engineered MDM protocol:
http://media.blackhat.com/bh‑us‑11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf
Enterprise Deployment guide
http://manuals.info.apple.com/en_US/Enterprise_Deployment_guide.pdf
Configuration profiles guide
http://developer.apple.com/library/ios/#featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html
Update 1
Here is exameple how allow game center works. Let say you have a device enrolled in MDM.
- At some moment MDM server decides that you (your device) should be diasslowed to run game center (as example it's your enterprise policy).
- MDM server generate a Install Configuration Profile command and put it in the queue of pending commands for your device.
- MDM server sends push notification to your device
- Your device receives push notification and contacts back to MDM Server
- Your device requests for any outstanding commands
- Your device receive a command Install Configuration Profile. As part of this command, you it gets a profile which contains Restriction payload.
- This restriction payload will have a key allowGameCenter with value false
- Your Device will save this configuration profile
- A user will be prohibited from running Game center thereafter.
方法 2:
Following is the list of Configurations & Queries you can make to the device, if you had installed custom configuration on it. These queries can be made by MDM
Supported configurable items
Accounts • Exchange ActiveSync • IMAP/POP Email • Wi‑Fi • VPN • LDAP • CardDAV • CalDAV • Subscribed calendars
Passcode policies • Require passcode on device • Allow simple value • Require alphanumeric value • Minimum passcode length • Minimum number of complex characters • Maximum passcode age • Time before auto‑lock • Passcode history • Grace period for device lock • Maximum number of failed attempts
Security and privacy • Allow diagnostic data to be sent to Apple • Allow user to accept untrusted certificates • Force encrypted backups
Supervised only restrictions • Allow iMessage • Allow Game Center • Allow removal of apps • Allow iBookstore • Allow erotica from iBookstore • Enable Siri Profanity Filter • Allow manual install of Configuration Profiles
Other settings • Credentials • Web clips • SCEP settings • APN settings • Global HTTP Proxy (Supervised only) • Single App Mode (Supervised only)
Device functionality • Allow installing apps • Allow Siri • Allow Siri while locked • Allow Passbook notifications while locked • Allow use of camera • Allow FaceTime • Allow screen capture • Allow automatic syncing while roaming • Allow syncing of Mail recents • Allow voice dialing • Allow In‑App Purchase • Require store password for all purchases • Allow multiplayer gaming • Allow adding Game Center friends
Applications • Allow use of YouTube • Allow use of iTunes Store • Allow use of Safari • Set Safari security preferences
iCloud • Allow backup • Allow document sync and key‑value sync • Allow Photo Stream • Allow shared Photo Stream
Content ratings • Allow explicit music and podcasts • Set ratings region • Set allowed content ratings7
Querying Devices
In addition to configuration, an MDM server has the ability to query devices for a variety of information. This information can be used to ensure that devices continue to comply with required policies.
Supported queries
Device information
• Unique Device Identifier (UDID) • Device name • iOS and build version • Model name and number • Serial number • Capacity and space available • IMEI • Modem firmware • Battery level • Supervision status
Network information
• ICCID • Bluetooth® and Wi‑Fi MAC addresses • Current carrier network • Subscriber carrier network • Carrier settings version • Phone number • Data roaming setting (on/off)
Compliance and security information
• Configuration Profiles installed • Certificates installed with expiry dates • List all restrictions enforced • Hardware encryption capability • Passcode present
Applications
• Applications installed (app ID, name, version, size, and app data size) • Provisioning Profiles installed with expiry dates
(by Crazed'n'Dazed、Victor Ronin、Rajan Balana)