iOS/iPadOS Enterprise security configuration framework
The iOS/iPadOS security configuration framework is a series of recommendations for device compliance and configuration policy settings. These recommendations help you tailor your organization's mobile device security protection to your specific needs.
Security conscious organizations look at ways to ensure corporate data on mobile devices are protected. One method used to protect that data is through device enrollment. Device enrollment helps organizations:
- deploy compliance policies (like PIN strength, jailbreak/root validation, and so on).
- deploy configuration policies (like WIFI, certificates, VPN).
- manage the app lifecycle.
To help you set up a complete security scenario, Microsoft introduced a new taxonomy for security configurations in Windows 10. Intune is using a similar taxonomy for this security configuration framework. They include recommended device compliance and device restriction settings for basic, enhanced, and high security. This taxonomy is explained in the following articles:
- iOS/iPadOS framework deployment methodology: A recommended methodology for deploying the security configuration framework.
- Set app configuration policies for iOS/iPadOS devices: Configure apps on the devices to disallow personal accounts.
- iOS/iPadOS device compliance security settings: Specific configuration settings for ensuring personally owned and corporate owned devices are healthy and compliant.
- iOS/iPadOS personal device security settings: Specific configuration settings for basic, enhanced, and high security on personally owned devices.
- iOS/iPadOS supervised device security settings: Specific configuration settings for basic, enhanced, and high security on corporate owned supervised devices.
iOS/iPadOS enrollment modes
iOS/iPadOS supports several enrollment scenarios, two of which are covered as part of this framework:
- Device enrollment for personally owned devices: These devices are personally owned and used for both work and personal use.
- Supervised automated device enrollment for corporate-owned devices: These devices are corporate-owned, associated with a single user, and used exclusively for work and not personal use.
Submit and view feedback for