Enterprise Mobile Device Profile Policies - dummies

Enterprise Mobile Device Profile Policies

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

These enterprise mobile device profile settings policies are fundamental configuration settings that need to be provisioned on the devices to get them to function per enterprise guidelines. Typically, these refer to web, e-mail, network, and generic security settings on the mobile devices.

Mobile device profile policies can be broadly classified into employee-owned and corporate-issued. The fundamental difference between the two is that the former is the onus of the employee to configure based on the settings you provide, while the latter is provisioned by you before the device is handed to the employee.

To educate the end user about mobile device policies in the enterprise, you can use the following policy guidelines, which are directed toward your end users:

  • You’re required to use the recommended passcode policies on the device for basic device access security. You need to specify passcode length, duration, and patterns.

  • You need to adhere to the VPN configurations, as defined in the enterprise mobile device configuration guide [your published guide], in order to gain access to the enterprise network.

    If encryption strength (64 bit, 128 bit, and so on) is well-defined, you are protected against substandard VPN implementations.

  • You are required to set up the mail access configurations, as defined in the enterprise mobile device configuration guide [your published guide], in order to connect to the enterprise mail server to access your corporate e-mail.

  • You are required to adhere to the web access policies, as defined in the enterprise mobile device configuration guide [your published guide], in order to gain access to the web.

The following user guideline applies to enterprise-issued mobile devices only; this cannot be mandated on employee-owned mobile devices:

  • You are hereby being made aware that certain functions of the mobile device may be restricted when the device is connected to the enterprise network. These functions may include using the camera, installing custom applications, capturing screenshots, using external storage, and so on. Any subversions to these mandated policies could result in rescinding your rights to connect to the enterprise network.

The employee configuration of profiles isn’t as onerous as it sounds. In fact, the leading mobile device vendors have made this process very intuitive, and as long as you provide employees with the correct parameters, the configuration is a very straightforward task.

The following list describes some of the configuration profiles that you can create with the iPhone:

  • The iPhone e-mail configuration profile is fairly straightforward, and an average user would be able to configure it with ease using the relevant pieces of information: mail server address, port, username, and password.

    iPhone e-mail profile.
    iPhone e-mail profile.
  • The iPhone passcode profile is a tool that you can use effectively to mandate strict passcode parameters, using alphanumeric values as opposed to numeric only, longer passcode lengths, quicker passcode ageing, auto-lock with inactivity detect, and so on.

    iPhone passcode profile.
    iPhone passcode profile.
  • The iPhone VPN profile again follows typical industry terminology, and any users who have configured VPN on their laptops for home use should be able to follow the same logic easily on their iPhones.

    iPhone VPN profile.
    iPhone VPN profile.