We feel privileged to be living in the modern era, iOS device activation can happen over-the-air, and use of iTunes has almost completely been eclipsed by Apple Configurator. But it isn’t uncommon to hear the sysadmins being referred to as ‘the haters,’ since things can never be easy or nice enough for us. (And in reality, there’s still plenty of conflict and stress to go around without worrying about the reliability or functionality of our tools.) Besides the fact enrollment profiles themselves can always be removed at any time by end users, there are also still surprisingly numerous things that would require manual interaction to manage, and missing integration with other Apple products. With something that could be called iOS7 potentially around the corner, and with no inside information, here’s some of the things that still trip up the modern iOS deployment in certain environments.
As of this point in time, through the official management API and payloads documented in the canonical reference Apple provides, you cannot do the following:
- Disable the setting of a password lock
Especially in education, the accidental turning on of this ‘feature’ has probably sold MDM more than anything else
- Prevent the addition of other email accounts
File transfer and content distribution is still by no means a solved problem, and email has always been a ubiquitous option – but in certain environments we probably don’t want accounts added nilly-willy… (er, strike that, reverse…)
- Prevent the sign-in (or creation!) of Twitter or Facebook accounts
Yay for social media integration! Boo for education or other environments where these devices aren’t to be used ‘socially.’
Apple Configurator can allow the handing out of documents to an app like Adobe Reader(which still has an unfortunate amount of Adobe’s interruptions in its first-time use experience,) and you can collect documents as well when assigned devices get checked back in. The two apps you CAN’T at present add content/documents to? Apple’s own iTunesU and iBooks apps! Nor can you pull in iMovie projects or pictures from the Camera Roll.
The longer you work with these things, the more corner/edge-cases you notice – like the fact you can’t use two MDM services on the same device. It makes sense when you know the moving parts and think about the ramifications, but it still can surprise folks because documentation doesn’t seem to warn against it. (That I’ve found, at least, feel free to correct us on the Twitter or elsewhere!) We mention these things not to say it’s a horrible experience to deploy the devices in most use cases, just to point out there’s always room for improvement and we’re excited to see what the next version might offer.