Apple announced many new features for iPads, iPhones and more at its Worldwide Developer Conference this week.
While announcements such as iOS 13’s dark mode and the $999 price tag for the Pro Stand desktop display stand garnered attention, there were plenty of announcements regarding new iOS features that could interest enterprise users.
Apple iOS 13
Security and privacy features
There are several new security and privacy features in iOS 13. First, end users and IT have more granular control over location sharing. A user or IT pro can permit one-time location permission for mobile apps and require the application to request permission to track user location for any additional uses of the app.
This new iOS feature can prevent unwanted location tracking for apps that users don’t run often. Further, it can limit the damage that malicious apps can inflict by restricting its access to location data. Additionally, Apple added protections to prevent apps from scanning for Wi-Fi and Bluetooth data to determine users’ location.
To simplify in-app authentication, Apple introduced Sign in with Apple. Apple provides IT with an API to integrate this authentication method with applications that require some sort of login. Sign in with Apple gives users the option to generate a login based on FaceID rather than a social media or email account.
If a user wants to hide his or her email from the application, Sign in with Apple generates a random email to serve as the login credential and forwards any emails from the application from the dummy account to the user’s real account. Sign in with Apple also helps users manage mobile app email notifications with the option to turn off the forwarding process from the dummy email account that Sign in with Apple created.
Other new iOS features
With iOS 13, users will be able to include attachments as part of calendar events. This could help users access relevant data quickly to prepare for meetings or interviews. Apple also introduced an update for Siri in iOS 13 to help simplify the UX. Siri now suggests automations based on behavior patterns that users can design and implement through the Shortcuts app.
Other UX additions include Voice Control for macOS and iOS, which allows users to control their devices exclusively with voice input. Users can now choose “swipe to type” as a method for keyboard inputs as well.
Apple announced a new OS exclusive to iPad tablets, known as iPadOS. This OS could present mobile admins with additional hoops to jump through, but Apple’s tablets will have a range of new hardware and software-enabled features that will present new use cases.
For example, users will be able to perform file sharing over the iCloud drive with iPadOS. New iPads will also support thumb drives and SD cards as well. These two features allow users to take large amounts of data from a thumb drive, edit it in an iPadOS-friendly application and upload it to iCloud storage with the new file drag-and-drop feature.
The UX of iPadOS also offers split screen multitasking features that can run an application while users navigate the home screen. While the iPad still has some shortcomings compared to full desktops such as smaller screen size, reliance on hardware add-ons for a keyboard and limited application selection, iPadOS makes Apple tablets a more viable workstation — especially for workers who travel or work remotely.
Apple announced the latest macOS version, macOS 10.15 Catalina. The SideCar feature of macOS Catalina allows users to connect their iPads to interact with the main desktop as a second screen. Users can extend their display to the iPad or even use the iPad as a drawing tablet for a desktop application such as Adobe Illustrator.
Apple’s Worldwide Developer Conference this week showed some new iOS 12 features that could be exciting for Apple users in the enterprise.
Several features of the new iOS may help improve productivity for business users, by limiting distractions and improving workplace communications. Apple’s iOS 12 is expected to arrive in September.
Set screen time limits
Apple’s Health app, which focuses on health and wellness, is kicking it up a notch by allowing users to track and set limits on their phone usage.
To prevent users from receiving an influx of notifications, Siri will suggest users to turn off notifications. Support for grouped notifications enables users to assign levels of urgency to notifications categorized by topic and thread. A new Downtime feature limits users to only make and receive phone calls and access certain apps within a scheduled time period.
The new iOS 12 features could increase productivity for employees that are easily distracted by notifications. Fifty-five percent of employees listed their cell phones as their primary work distraction, according to a 2016 study from CareerBuilder.
“[These iOS 12 features] are meant more for management of phone addiction, but if the data can be extracted from the device, it may also prove useful for the enterprise,” said Jack Gold, president and analyst at J. Gold Associates in Northborough, Mass.
FaceTime extends its reach
Another of the new iOS 12 features, a new FaceTime capability allows up to 32 people in a video chat. This feature competes with third-party video conferencing apps such as Houseparty.
The new FaceTime interface includes tiles that expand and minimize based on who is speaking. This update could quell awkward silences and confusing overlapping of voices in large conference meetings — or it could just highlight the flaws.
“Some companies use FaceTime, so the ability to conference with multiple people at once might prove useful,” Gold said.
Apple brings back the walkie-talkie… sort of
In addition to the new iOS 12 features, there was news around the Apple Watch. The Apple Watch hasn’t made waves in the enterprise just yet, but a new app called Walkie Talkie could offer some interesting use cases.
The app allows users to send short voice messages to other Apple Watch users via cellular and Wi-Fi — a feature reminiscent of the ever-chirping Sprint Nextel of the mid-2000s. It could assist field service workers who want instant communication on the go.
“The consumer messaging space is powerful, and there are a lot of great features for consumers to communicate with each other,” said Stacey Epstein, CEO of Zinc, a mobile messaging provider in San Francisco. “The enterprise needs to catch up and have an enterprise sanctioned version of what the consumer space does.”
It’s no longer Citrix and Microsoft vs. the world in the MAM market.
Not too long ago, Citrix was the only third-party vendor that could manage Microsoft Office 365 mobile apps, and all the other major players promoted native OS-level mobile application management (MAM) through membership in the AppConfig Community. But over the past year, two of the market leaders — VMware, which co-founded AppConfig, and BlackBerry — added support for Office 365 mobile apps through the Microsoft Intune Graph API. And now, after flirting with the idea for two years, Citrix has joined AppConfig.
Upon first hearing the news, I cynically thought Citrix was trying to have its cake and eat it, too. They’re joining a group that supports open, standardized MAM, while they still support Microsoft’s closed MAM ecosystem and have their own proprietary XenMobile MAM? The nerve!
But after thinking more about it, I realized it’s a good thing for IT professionals that the MAM battle lines are blurring. Many organizations are going to need to manage Office 365 mobile apps through the Graph API and also manage other mobile apps through Apple iOS and Google Android’s native capabilities. The more vendors that support both, the more choices that IT departments will have. And Citrix wants XenMobile MAM to be in those discussions.
“We started to recognize that customers wanted to have that flexibility,” said Suzanne Dickson, director of XenMobile product marketing. “They’ve gotten a lot more sophisticated now. They have different use cases.”
XenMobile MAM has always been able to use OS-level controls, but the lack of formal AppConfig support hurt the product’s perception, Dickson said.
“It was sort of a checkbox thing,” she added.
Citrix’s road to the AppConfig Community
In the early days of MAM, a developer had to build a different version of their app for every MAM product they wanted it to work with. That was a tall task, so most apps ended up not being compatible with every MAM product. And instead of trying to sort it all out and purchase multiple MAM products to manage all their apps, a lot of IT departments just didn’t buy MAM at all.
When Apple added application management capabilities to the mobile device management (MDM) APIs in iOS, it opened the door for VMware, MobileIron, IBM and Jamf Software to form the AppConfig Community in 2016 and promote these features as a sort of standard. (Android also added its own OS-level MAM capabilities and later joined AppConfig.)
Citrix was in talks to join the consortium shortly after its inception but instead focused on XenMobile MAM — which, unlike AppConfig’s approach, does not require devices to be enrolled in MDM — and on its partnership with Microsoft.
Through that partnership, XenMobile provides additional features than just managing Office 365 mobile apps through the Graph API. Those include a Secure Mail app that Intune can manage and per-app VPN capabilities for other Intune-managed apps.
Citrix’s membership in AppConfig will not affect that partnership, Dickson said.
“We still have a really good relationship with Microsoft,” she said.
A little more than a year ago, we published an article titled, “Wanted: A way to block iOS updates.” Well, Apple administrators, want no more.
The upcoming Apple iOS 11.3 update will, for the first time, allow admins to temporarily prevent users from downloading and installing operating system releases on their devices. The restriction applies only to iPhones and iPads in Supervision mode, which requires Apple Configurator for some management tasks and is typically used in education and corporate-owned device scenarios; IT won’t be able to block iOS updates on personal devices through traditional mobile device management software.
Apple admins have said the ability to block iOS updates will give them time to test for application compatibility and operating system bugs before rolling out new operating system releases. To that end, Apple won’t allow them to block an update forever. The default delay is 30 days, and the maximum is 90 days. After the specified time period expires, all available updates will appear on the device for users to download and install.
The first technology for controlling Android OS updates, Samsung E-FOTA, hit the market last year. IT admins have long had the ability to control Windows OS updates on PCs.
Admins’ concerns about application compatibility and bugs are not unfounded, as there have been serious issues with iOS updates in the past. Most recently, a bug in the native Mail app in iOS 11, released last September, prevented users from accessing several popular forms of Microsoft-provided email.
Apple released the iOS 11.3 beta this week. Similar functionality to block operating system updates on Macs will be included in macOS 10.13.4, the company said.
In addition to the ability to block iOS updates in the iOS 11.3 update, Apple will give users the ability to override its controversial processor throttling on older iPhones. The company acknowledged last month that it intentionally slows down phones with old batteries, saying it’s to prevent the devices from crashing when the battery can’t keep up with processing demands.
The cynic in me still thinks Apple’s true intention was to encourage owners of old iPhones to buy shiny new, expensive ones. Either way, we’ll have the option to stop the throttling once the iOS 11.3 update hits general availability — as long as our IT departments don’t block that.
Changes in smartphone purchasing trends have hurt Samsung.
Samsung released the Galaxy Note 8 in the last two weeks of the third quarter of 2017, around the same time as Apple released its three latest iPhone versions 8, 8 Plus and X. Samsung mobile sales decreased by 6% for the quarter. Why? Because sales of cheaper mid-range and low-end smartphones increased compared to those of their more expensive high-end counterparts, and because of a decline in LTE investments from major overseas customers, Samsung said in its Q3 2017 earnings report.
The biggest problem for Samsung profits in the mobile market, however, is that consumers and business users alike keep their phones for about 18 months to two years these days, so there are fewer buyers for the company’s newer, higher-end phones, said analyst Jack Gold, principal and founder of J. Gold Associates in Northborough, Mass.
“The real issue in the mobile space is that people keep their phones longer,” Gold said.
End users used to buy every new model of a phone because the software and features were significantly better, which is still true between low-end models. The higher-end smartphones, however, don’t update features enough to make users want to buy the latest version.
Samsung may have more competition in the mid to low-end smartphone market, but its devices such as the Galaxy J7 maintain strong global popularity, according to Counterpoint Research. Samsung has difficulty competing against Apple’s iPhone 7, 7 Plus, 8, or 8 Plus with the Samsung Galaxy S8, S8 Plus or Note 8 in the USA high-end smartphone market, the firm said.
The dip in Samsung mobile earnings came from a lack of a new high-end smartphone for most of the third quarter, Gold said. The Galaxy Note 8 came out in mid-September.
“The Galaxy Note 8 is not brand new anymore, so the numbers are going to slip a bit,” Gold said.
As the largest provider of Android devices, Samsung is an established company in the mid to low-end smartphone markets, but most organizations support higher-end smartphone models for business users. Samsung is making a push to invest in next-generation technology — mostly 5G devices — as an attempt to appeal more to the enterprise market, the company said. Still, those devices could be a far way off.
“5G still has about two to three years before it hits the enterprise because there aren’t enough things like 5G cell towers to support widespread use,” Gold said.
Samsung Electronics CEO and vice chairman Kwon Oh-hyun stepped down in October, and the company announced three new CEOs will take over: Kim Ki-nam for components, Kim Hyun-suk for electronics and Koh Dong-jin for mobile and IT.
NEW YORK — We’ve talked a lot about BlackBerry’s shift from a device manufacturer to a software provider over the past few years. And when we referred to software, we typically meant enterprise mobility management (EMM). In that regard, the company’s transformation has gone well.
BlackBerry is one of the four leading vendors in the EMM market, according to the Gartner Magic Quadrant. And the BlackBerry Enterprise Mobility Suite trails only VMware’s AirWatch in terms of market share, according to IDC’s MarketScape report for unified endpoint management.
John Chen, CEO of BlackBerry, and other executives stressed that the company’s vision goes far beyond securing mobile devices and PCs, however.
“I don’t want to be an EMM provider,” Chen said here at the BlackBerry Security Summit. “It’s a lousy market. If Microsoft wants the market, they can have it. We’re in endpoint management, the IoT world.”
CEO of BlackBerry acknowledges marketing problem
BlackBerry’s five-year goal is to be as synonymous with overall enterprise security as Salesforce is with CRM software or as Oracle is with databases, COO Marty Beard said. That will be an uphill battle outside of the vendor’s core customer base: government agencies, financial firms and other highly regulated companies.
To that end, BlackBerry established an enterprise software sales force and a channel, Beard said. But there are still significant challenges around marketing the company’s new identity.
Over the past decade, as the consumerization of IT took hold, BlackBerry lost significant mindshare among IT professionals — many of whom were once devout users of the company’s smartphones. Now, they don’t think about BlackBerry when it comes to making technology purchasing decisions, said an infrastructure engineer for a financial firm in the Northeast.
“You’ve got to build that muscle memory,” said the engineer, who spoke on the condition of anonymity because his employer did not authorize him to talk to the media.
Chen also acknowledged this problem.
“Not too many people know about what we do too well,” he said.
Inside BlackBerry Enterprise Mobility Suite
The BlackBerry Enterprise Mobility Suite grew out of BlackBerry Enterprise Service, which originally provided secure email and management capabilities for the company’s own smartphones. Over time, BlackBerry added support for Apple iOS and macOS, Google Android and Microsoft Windows. The product also saw significant enhancements following the 2015 acquisition of EMM competitor Good Technology.
That deal “was a very necessary thing for us to do to express our commitment to the enterprise mobility software market,” said Chen, who took over as CEO of BlackBerry in 2013. “It has not been easy integrating the technology, but we finally did. … It was like two sinking animals trying to save each other, but we finally got it done, and now we’re in a good place.”
Today, the BlackBerry Enterprise Mobility Suite also supports management of IoT devices and even connected cars that use its QNX software. And its Dynamics platform allows organizations to develop apps with management, security and collaboration features built in.
As the biggest standalone vendor left in the EMM market, MobileIron has faced questions about its future for years. Those will only intensify in light of the surprise departure of CEO Barry Mainz.
Mainz and the board of directors came to a mutual decision that he should leave, the company said this week. CFO Simon Biddiscombe will take his place as MobileIron CEO and on the board. The move came as MobileIron announced its preliminary financial results for Q3, which fell short of analysts’ expectations.
All of the other major enterprise mobility management (EMM) vendors, with the exception of BlackBerry, are large enterprise software providers that offer a variety of end-user computing and IT infrastructure products. Most of them, including VMware, IBM and Citrix, got into the market by acquiring standalone EMM vendors. And even BlackBerry contributed to the EMM market consolidation by buying rival Good Technology.
Because of these market dynamics, acquisition chatter regularly swirls around MobileIron. By naming its CFO as chief executive, the company has added fuel to that fire.
“When you put in the CFO as CEO, you’re looking for a sale,” said analyst Maribel Lopez, founder of Lopez Research, on Twitter.
New MobileIron CEO faces uphill climb
Biddiscombe, who has been with MobileIron since 2015, does have CEO experience, however. He was chief executive of server and storage vendor QLogic from 2010 to 2013, when he resigned after a period of steady sales declines.
In his introductory letter as MobileIron CEO, Biddiscombe positioned the company’s standalone status as a positive.
“Our strengths are our focus and agility, and, as a result, we are better positioned than any other company to support our customers,” he wrote.
But focus and agility are not exclusive to smaller vendors. Mobility isn’t exactly getting lost in the shuffle at VMware, which is using AirWatch’s technology for lots of new innovations around workspaces and identity management, for example. MobileIron also has some weaknesses that Biddiscombe’s letter alluded to, including in sales and operations.
All in all, it’s clear that he’ll have some work to do to keep up with much larger competitors — if that is his goal, rather than priming the company for a sale.
Mainz era comes to an end
Mainz took over as MobileIron CEO from co-founder Bob Tinker in January 2016, following a challenging time for the vendor and the EMM market as a whole. The company went public in 2014, just months after rival AirWatch sold to VMware. Wall Street began to view EMM as a small piece of a bigger puzzle, and MobileIron’s stock price suffered, dropping from $9 at initial public offering to below $4 when Tinker stepped down.
Upon his hiring as MobileIron CEO, Mainz sent mixed messages about the company’s future, saying he’d “look at all offers” for an acquisition but also that “my plan’s not to sell.” Over the past 21 months, he managed to keep MobileIron on pace with its EMM market competitors; the company remained a leader in the Gartner Magic Quadrant for both 2016 and 2017. And for a while, the stock price was on the way to recovery, reaching a high of $6.60 in June of this year.
But in July, around the time MobileIron announced Q2 revenue that missed Wall Street’s mark, the stock plummeted to the mid-$4 range, and it has hovered at or below the $4 mark since August.
SAN FRANCISCO — In a lot of circles, shadow IT is considered a dirty term — something IT should prevent at all costs. In reality, however, shadow IT can be a great resource for IT departments, helping them identify problem areas and understand what users really need to get their jobs done.
The idea is that users are partners that IT should work with, not talk down to. Open lines of communication are critical to creating that partnership. In fact, if IT works with users, shadow IT can lead organizations to useful enterprise tools for file-sharing or other technologies.
Instead of just saying ‘no’ to what users want, the IT department at San Jose Unified School District seeks them out to learn more.
“Tell us what you’re doing or not able to do, and that changes the conversation, where we never would’ve known about that wonderful free application,” said Emalie McGinnis, director of technology and data services for the school system, here in a session at BoxWorks.
NASA had around 9,000 people using unsanctioned enterprise file sync-and-share (EFSS) tools. When the space agency became aware, it adopted Box to help solve the problem, said Chris Blakeley, a NASA application software developer.
“Users just want to get their jobs done, and if we don’t have the solutions for them regularly available, they’re going to do it on their own,” Blakeley said.
In other situations, rather than moving users to a new tool, IT should assess the risk of some of the unsanctioned software users work with, Blakeley said. If the risk is small, it may be better to let users work with software IT is aware of, rather than blocking it and having them find another option IT doesn’t know about that might be worse, he said.
Users aren’t out of the woods
Accountability is still critical. Just because shadow IT is not the harbinger of disaster some people think it is, users still need to take responsibility for the corporate data they interact with.
“You can’t bypass the security rules just because you want to do your job,” Blakeley said.
One way to ensure that users understand the requirements around cloud storage and file-sharing, for instance, is to create a cloud governance policy that clearly explains what software IT approves and what it denies.
“Users will want to do the right thing; it’s just that they don’t have the reference architecture [to always do it],” said Srini Gurrapu, vice president of customer solutions at Skyhigh Networks.
By Priyanka Ketkar and Kelly Stewart, Editors
Early adopters of Apple iOS 11 are unable to send Microsoft-provided email using the native Mail app.
Apple and Microsoft both issued statements yesterday, the official launch date of the new operating system, acknowledging the iOS 11 Mail app problem. It affects Outlook.com, Office 365 and Exchange 2016 running on Windows Server 2016. Many businesses rely on Exchange and Office 365 for email.
In its statement, Apple said it is working with Microsoft to fix the iOS 11 email problem in an upcoming software update. The issue occurs because the operating system does not successfully create an HTTP/2 Transport Layer Security connection, which prohibits outgoing email from being delivered, according to The Essential Exchange blog.
Many users expressed outrage on a Reddit thread about the issue, especially amidst reports that Apple knew — or at least should have known — about it dating back to July, when beta testers first ran into problems sending Microsoft email through the iOS 11 Mail app.
Microsoft’s statement went so far as to state that the iOS 11 Mail app is not compatible with Outlook.com, Office 365 or Exchange 2016 on Windows Server 2016. The company offered two different workarounds: users can download its Outlook iOS app, which is compatible with these services, or IT administrators can disable HTTP/2 in Windows Server 2016 to fix the problem with Exchange 2016 accounts.
Once you got past the fawning over Steve Jobs and the comical rebranding of retail stores, yesterday’s Apple Event had some news with important IT implications.
Apple unveiled the Apple Watch 3, its first smartwatch with LTE connectivity. And the new iPhone X — the X is pronounced 10 for some reason — comes with Face ID, which lets users unlock the device with facial recognition technology. IT pros who manage and secure Apple devices should pay attention to both developments.
More Apple Watch 3 enterprise management needed
Previous Apple Watch models relied on a Bluetooth connection to an iPhone for most of their functionality. (The Apple Watch 2 can make and receive calls and use iMessage and some third-party apps without an iPhone, but these tasks require Wi-Fi. And without an iPhone, the watch can only connect to Wi-Fi networks it has previously joined, so its usefulness is limited.)
Because of the Apple Watch’s dependence on the iPhone, IT hasn’t had to do much additional management and security work. Admins can outright prohibit a corporate-owned iPhone in Supervised Mode from pairing with an Apple Watch through the iOS mobile device management (MDM) APIs. Otherwise, if a user can get corporate email through their iPhone’s native Mail app, they can get it on their Apple Watch too. Conversely, if IT enforces a certain policy on an iPhone app, and the Apple Watch version of that app requires an iPhone connection, the same policy will effectively apply there as well.
That could all change. Although it’s not clear yet how exactly Apple Watch 3 enterprise management will work, LTE connectivity eliminates the iPhone requirement, which could make the smartwatch an entirely new device that IT has to manage and secure. It wouldn’t be an immediate problem for most organizations, because enterprise use cases for smartwatches are still emerging, but there could be an uptick in simple user requests for things like email access.
Additionally, the major U.S. carriers will charge $10 a month to add an Apple Watch 3 to existing data plans. That could be an issue for organizations that pay for employees’ devices and data, as Jack Madden of BrianMadden.com pointed out.
Face ID enterprise security concerns emerge
Face ID is Apple’s latest biometric authentication feature, following in the footsteps of Touch ID, which allows users to unlock their iPhones and iPads (and log in to some apps) through a fingerprint sensor on the home button. The iPhone X doesn’t have a home button — it’s all screen, except for a weird notch at the top — so it instead relies on facial recognition technology.
As with Touch ID, Face ID isn’t meant to replace passwords, but it can be a convenient second factor for two-factor authentication. Some users and IT professionals have security and privacy concerns about biometrics in general, and facial recognition opens up a whole new can of worms.
“Unlike a passcode, your face can’t easily change,” Andy Greenberg wrote in Wired. “If someone does find a way to spoof it … they can spoof it forever.”
Twitter parody account PHP CEO came up with a funny way to address that problem:
DUE TO COMPANY PASSWORD POLICY WE WILL BE REQUIRING ALL STAFF WHO GET THE NEW IPHONE TO HAVE THEIR FACE SURGICALLY ALTERED EVERY 90 DAYS
— PHP CEO (@PHP_CEO) September 12, 2017
For a less drastic solution, IT should keep an eye on the MDM capabilities in the iPhone X. Admins can disable Touch ID through MDM, so it wouldn’t be a surprise if that’s possible for Face ID as well.