Maintaining a BYOD network doesn’t have to be fraught with the challenges of managing device profiles or access to certain content. With new Systems Manager features in dashboard, including time based tags, web content filtering, and single app mode management, admins now have the ability to enhance MDM security easily.
Time based tags
For the same reasons that enabling a certain SSID during work hours or after hours is beneficial for limiting access to network resources, enabling when a device profile is active also assists in protecting important materials and providing a better end user experience.
Time-based tags, found in Systems Manager under Configure > General > Time based tags, provides the ability to add and remove profiles on tagged devices. There are numerous ways to take advantage of this functionality. For example, in the enterprise space, corporate profiles can be deployed to enrolled employee devices during the workday, allowing access to resources, enforcing restrictions, and more. While the device remains enrolled in Systems Manager, these group profiles can be removed seamlessly at the end of the day, enabling employees to use their devices freely while keeping sensitive information in the office.
In the school setting, where BYOD and 1:1 devices are deployed, profiles can also be pushed and removed from enrolled student devices during school hours. They can also be added or removed based on class schedules. If the same device is used for different grades, restrictions can be set in various profiles and scheduled to activate at appropriate times when classes are in session.
MDM web content filtering
Whether in the enterprise or education field, managing what content BYOD devices have access to is an important compliance, as well as security measure. With new web content filtering in Systems Manager, it’s easier than ever to ensure appropriate usage. Navigate to MDM > Settings > Restrictions for these enhanced restrictions over supervised iOS 7 devices.
Enabling web content filtering provides two options for managing content: auto-filter and whitelisting. Auto-filter mode, provided by Apple, evaluates each site as it loads, identifying adult language content and blocking as needed. This mode also provides the ability to maintain a list of permitted and blacklisted web pages. The whitelist bookmarks mode allows configured URLs to be added to the browser’s bookmarks, restricting Internet access to just these sites.
Single app mode management
Also under MDM > Settings > Restrictions is the ability to define which apps can enter single app mode. Single app mode management enables an app to lock the device so that users cannot flip back and forth between different applications. This feature is heavily utilized in education; for example, a testing app would be able to lock the device into that app to prevent the user from Googling answers to the test until it is complete. Systems Manager now gives admins the ability to specify a list of applications that are allowed to lock the device into single app mode for a period of time designated by the application. For instance, when a student is using an application on a device to complete a test, permitting the app to lock the device into single app mode prevents the student from accessing other material on the device.
Login to Systems Manager, or sign up for a free Systems Manager account here, and see how it easy it is to enhance your MDM security in just a few mouse clicks.