About group policy for managing EAS and iOS MDM devices

April 17, 2023

ID 89392

To manage iOS MDM and EAS devices, you can use the Kaspersky Device Management for iOS management plug-in, which is included in the Kaspersky Security Center distribution kit. Kaspersky Device Management for iOS allows you to create group policies for specifying the configuration settings of iOS MDM and EAS devices without using iPhone® Configuration Utility and the management profile of Exchange ActiveSync.

A group policy for managing EAS and iOS MDM devices provides the administrator with the following options:

  • For managing EAS devices:
    • Configuring the device-unlocking password.
    • Configuring data storage on the device in encrypted form.
    • Configuring synchronization of corporate mail.
    • Configuring the hardware features of mobile devices, such as the use of removable drives, the camera, or Bluetooth.
    • Configuring restrictions on use of mobile applications on the device.
  • For managing iOS MDM devices:
    • Configuring device password security settings.
    • Configuring restrictions on usage of hardware features of the device and restrictions on installation and removal of mobile apps.
    • Configuring restrictions on the use of pre-installed mobile apps, such as YouTube™, iTunes® Store, or Safari.
    • Configuring restrictions on media content (such as movies and TV shows) viewed, by the region where the device is located.
    • Configuring device connection to the internet through the proxy server (Global HTTP proxy).
    • Configuring the account with which the user can access corporate applications and services (Single Sign-On (SSO) technology).
    • Monitoring internet usage (visits to websites) on mobile devices.
    • Configuring wireless networks (Wi-Fi), access points (APNs), and virtual private networks (VPNs) that use different authentication mechanisms and network protocols.
    • Configuring settings of the connection to AirPlay® devices for streaming photos, music, and videos.
    • Configuring settings of the connection to AirPrint™ printers for wireless printing of documents from the device.
    • Configuring synchronization with the Microsoft Exchange server and user accounts for using corporate email on devices.
    • Configuring user credentials for synchronization with the LDAP directory service.
    • Configuring user credentials for connecting to CalDAV and CardDAV services that give users access to corporate calendars and contact lists.
    • Configuring settings of the iOS interface, such as fonts or icons for favorite websites, on the user's device.
    • Adding new security certificates on devices.
    • Configuring the Simple Certificate Enrollment Protocol (SCEP) server for automatic retrieval of certificates by the device from the Certification Authority.
    • Adding custom settings for working with mobile apps.

A policy for managing EAS and iOS MDM devices is special in that it is assigned to an administration group that includes iOS MDM Server and Exchange ActiveSync Mobile Devices Server (referred to collectively as "Mobile Device Servers"). All settings specified in this policy are first applied to Mobile Device Servers and then to mobile devices managed by such servers. In the case of a hierarchical structure of administration groups, secondary Mobile Device Servers receive the policy settings from primary Mobile Device Servers and distribute them to mobile devices.

For more details on how to use the group policy for managing EAS and iOS MDM devices in Kaspersky Security Center Administration Console, please refer to the Kaspersky Security for Mobile documentation.

See also:

Scenario: Mobile Device Management deployment

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.