What Windows desktop admins need to know about mobile OSes

Today's workers are mobile, so Windows desktop administrators have new challenges to face from mobile devices. Luckily, Apple and Google have made devices and OSes more enterprise-friendly.

Desktop administrators have plenty of incentive to give employees Microsoft Windows Phones and tablets, but the vast majority of users want to work from their beloved Apple iOS and Google Android devices.

Apple and Google devices appeal to end users because they are easy to use and have far more apps than Windows mobile devices do. Google Play and the Apple App Store each contain more than one million apps, whereas Microsoft‘s Windows Store only hit 500,000 apps in November 2014.

IT administrators still have reason to advocate for Windows, however. Most business apps are built for Windows, so application compatibility is less of an issue for IT. And Windows mobile devices easy to integrate with Windows desktop environments, which simplifies management.

Alas, end users don‘t care about IT‘s problems the way IT needs to care about theirs, so Windows desktop admins must learn to manage and secure Android and iOS devices.

Inside iOS management

Apple provides several ways to manage and secure iOS apps and devices through a variety of enterprise mobility management (EMM) tools.

The Apple Device Enrollment Program automates the enrollment of iOS devices in EMM software, and it gives IT a way to configure corporate-owned iPhones and iPads on a large scale without touching them. The program offers capabilities such as Web content filtering and Wireless Supervision, which allows IT to disable iMessage, AirDrop or Game Center.

Other features include a mobile device management application program interface (API) that allows IT to push over-the-air updates to iOS devices. There‘s also the iPhone Configuration Utility -- free software that lets Windows (or Mac) administrators control how iOS devices work while they are connected to the corporate network.

Apple hasn‘t made iOS integration with Windows any easier, however (with the exception of iCloud Drive, which works with Windows 7 or later).

When it comes to security, Apple added several important features in iOS 8, including password protection for Mail, Calendar, Contacts, Notes, Messages and even third-party apps. The latest iOS version also supports secure multi-purpose internet mail extensions that allow users to encrypt their email. Wi-Fi privacy has improved, and the Managed Open In feature -- a built-in way to control apps’ access to corporate data -- now works with more types of data and apps.

Apple also opened some of its APIs in iOS 8, including the Touch ID API, which gives developers a way to add a fingerprint-based authentication layer to corporate apps. In addition, IT has control over the types of data that users can back up to iCloud, and admins can prevent users from erasing data and resetting device settings.

Android ups its enterprise game

Android for Work, released in February 2015, is Google‘s approach to EMM. IT pros can only implement it through one of Google‘s EMM partners, including SOTI, IBM, MobileIron, AirWatch by VMware, Citrix, SAP and BlackBerry.

Android for Work provides remote management and remote wipe capabilities, as well as a simplified app deployment tool (integrated with Google Play) that admins can use to find, whitelist and deploy business apps to Android 5.0 devices.

Android for Work includes business email, calendar, contacts and tasks apps. It delivers a consistent experience across all devices and lets users switch between work and personal apps. Business apps appear with personal apps in the launcher and recent apps list, but business app icons have badges that distinguish them. 

Android, an open source platform, has gotten a bad security rap over the years, in large part because of the threat of malicious apps. But Google has stepped up its security efforts; some of those improvements include the use of full-disk encryption, expanded use of hardware-protected cryptography and an enhanced Android application sandbox with an SELinux-based mandatory access control system. Android also provided developers with tools to detect and react to security vulnerabilities.  

In addition, Android for Work offers hardware-based encryption and lets IT enforce policies to secure corporate data and keep it separate from private personal data. It also supports secure networking through Google‘s VPN partners, including F5 Networks, Cisco, Palo Alto Networks and Pulse Secure.

Sticking with Windows

Windows shops that want to stick with familiar Windows management and security tools can do that too, using Microsoft InTune, which is part of Microsoft’s Enterprise Mobility Suite. The cloud-based platform allows IT to manage mobile devices and applications, and IT can use it to give employees secure access to corporate apps, data and email on Windows, Apple iOS or Android devices.

 IT administrators have no shortage of options to securely manage corporate and employee-owned mobile devices. Apple, Google and Microsoft continually add new management and security features to their platforms, so managing a diverse mobile workforce will keep getting easier.

Next Steps

Need-to-know info about iOS 8

FAQ: Android 5.0 Lollipop features

Android malware is down, says Google


Dig Deeper on Endpoint security management tools