general

unmanaged but secured – how mobile application management support your enterprise

while ios and android offer more and more deep api to securely managed a mobile device and integrate into enterprise – apple utilize restrictions to natively separate managed from unmanaged content – android buildin work container on every device to secure enterprise data – both offer enrollment program to easiely intergrate the devices to management system

but there a argument to not rely on device management api – ios lack unfinished restriction of unmanaged/managed data, it is possible to bypass limitation under certain conditions – android depricated existing device admin feature in favor of android enterprise technology, but new container ui/ux isn’t consitant between different os releases and lack of some existing features, e.g. private/business calender overlay

privacy is a main point to offer a byod solution for your employees, ios managed devices could report your installed app and fully wipe even your private data (until user-enrollment was released), android enterprise addressed this from the very first, apple introduced user-erollment to address privacy concerns for byod deployments

usablity is the other big point to address for your users – while apple provide the ability to use business data within ios native applications, android lack of a consistant look and feel between os releases and different management api, batch icons differ at different releases and espesially samsung devices – to ease support provide the same email app across both mobile os

2019-06-09 07_00_15-MobileIron Email+ - Apps on Google Play

2019-06-09 07_00_05-‎MobileIron Email+ on the App Store

mobile application management also named non-MDM managed your data within an app or a entire framework, the app is’t capable to control your device, e.g. to enforce device pin or encryption – major mdm vendor like airwatch, mobileiron, blackberry formerly good and citrix provide a framework to secure your data over serveral productivity apps, without the need to rely on device api

blackberry_uem-logos

microsoft offer with it’s office 365 apps the capability to secure business data with app protection policies without the need to enroll your device to a unified endpoint management, 3rd party mdm could optinally integrate these features with graph api

Conceptual image that shows company data being protected by policies

when it comes to enterpise integration with full device vpn support, certificate authentication or kiosk (single use) devices there is no way around a uem solution

don’t be a fool, select your prefered solution, based on the requirement for each usecase

apple, google, technology

right at your thumb

touch has become the main input method, time to think about the best way to utilize it

it’s usually a mistake for the app to take over the decision-making

mobile os vendor successfully implemented ui guidelines – consistent app handling while implementing familiar standards – apple provide tip about do’s and don’ts – to offer great opportunities for engaging apps – apple’s human interface guidelinesgoogle’s material design guidelines

android guide to provide navigation up the hierachy, to parent and ancestor screens – develeopter have to, because some devices don’t have a “home button” anymore
arrow read more about android tips and tricks @madereal

some pattern are universal – a design solution that has proven to work more than once – androidpatterns

leveraging device capabilities vs. mobile first

Tablet thumb zone

all those ui descisions rely on finder friendly design – rule of thumb – larger the screen, the harder it is to take in the whole thing at a glance – responsive design is neccessary to fit all needs – new rule: every desktop design has to go finger-friedly

touch_win.jpg

gorilla armssteve jobs said – “ergonomically terrible” – “touch surfaces don’t want to be vertical” – but it works, use touch at notebooks in trains, for presentation or layed back at a sofa
arrow read more about how to use touch at macos @madereal

Touch mode hand icon

every desktop ui should be designed for touch now -even microsoft’s office optimize for use with touch – but still optimized not developed

get focus on maximizing usablity

apple, innovation, technology

managed ios contacts

restriced access to enterprise contacts … a long journey to find its holy grail in ios 11.3

grant or deny access to your contacts

was introduced in ios 6, since 2012 it is possible to decide which apps is allowed to access your contacts – there were no api to configure the setting in an enterprise environment, block access from apps like facebook, whatsapp, line, viber, path, e.g. to enterprise contacts – with containerization you can restrict enterprise content from unauthorized access, along with usabilitity limitations

grant contact access ios 6

allow open documents from unmanaged apps to managed apps

was presented in ios 7 release, since then enterprise management was able to restrict data exchange from untrusted, unsecure, private (unmanaged) to enterprise apps (managed) – apple´s native mail is per default a private app

arrow read: how to setup outlook of ios enterprise devices

managed domains

to separate the private from enterprise accounts inside the mailapp, apple enabled this setting in ios 8 – managed domain remain blue, unmanaged marked as red – mail and web domains respect the “allow open documents from…” restriction to interact with managed apps, except the contacts

manged_domains

ios call kit

announced in ios 10, call kit improves the usability when called and even contacts secured inside a container, the name is resolved and displayed

prevent contacts in managed accounts from being used in unmanaged apps or accounts

finally, apple introduced this feature within ios 11.3 – only managed apps able to access managed contacts, this closes the gap to securely use apple mail in an enterprise environment

arrow read: how oauth changed in ios12

allowManagedToWrite UnmanagedContacts & allowUnmanagedToRead ManagedContacts

ios12 improve contact management since managed open-in restriction to enhance the managed from unmanaged separation for secure byod deployments, payload need to be deployed via mdm

arrow view how to: “managed ios contacts” & “ios managed domains” attached