Unlike Android which provides containerization by default when provisioned as Profile Owner, Apple doesn't offer containerization on iOS devices by default. However, with more organizations adopting a mobile-only workforce containerization on mobile devices is increasingly becoming a necessity. Containerization isolates personal and corporate data through a logical container ensuring there's no unauthorized access of corporate data. Containerization further helps in case of personal devices, whereby it ensures enterprises can control only the corporate data and enterprise apps while having zero control over the personal space. Though Apple doesn't provide containerization by default, MDM lets you achieve iOS containerization with a logical container-like setup using multiple restrictions as explained below:
Restrictions marked with * are applicable only if the devices are Supervised.
AVAILABILE UNDER | PARAMETER TO BE RESTRICTED | PRE-REQUISITES | COMMENTS |
SECURITY |
Share data from managed apps to unmanaged apps |
Applicable for devices running 7.0 or later versions | These restrictions prevent unauthorized access of corporate data by unapproved apps and also prevent users from removing the existing configurations by factory resetting the device. |
Share data from unmanaged apps to managed apps |
Applicable for devices running 7.0 or later versions | ||
Allow user to wipe device by erasing all content and settings* |
Applicable for devices running 8.0 or later versions | ||
ADVANCED SECURITY |
Install configuration profiles and certificates interactively* |
Applicable for devices running 6.0 or later versions |
These restrictions prevent users from adding unauthorized certificates/profiles on the devices as well as prevent users from adding non-corporate accounts to the device or allow devices to be paired using iTunes or via USB, thereby preventing data from being shared through USB. |
Add/Modify iCloud, Mail and other accounts* |
Applicable for devices running 7.0 or later versions | ||
Allow iTunes pairing and other USB connections* |
Applicable for devices running 7.0 or later versions | ||
APPLICATION |
Users can install unapproved apps* |
N/A |
Prevents unapproved apps from being installed on the device, thereby preventing these apps from accessing corporate apps or the data they work with. |
NETWORK AND ROAMING |
Connect to Wi-Fi, only if distributed via MDM* |
Applicable for devices running 10.3 or later versions |
This prevents users from connecting to untrusted Wi-Fi connections as well as configure unauthorized VPN connections on the device, thus ensuring secure transmission of corporate data. |
Allow users to configure VPN* |
Applicable for devices running 11.0 or later versions | ||
ICLOUD |
iCloud Device Backup |
N/A |
This prevents corporate data from being saved on iCloud, which is a third-party cloud service. |
iCloud Sync Data and Documents of Managed Apps |
Applicable for devices running 8.0 or later versions |