Apple Loosening the Tight Grip – Slightly…

0 | July 21st, 2010 | Posted in Device Management, iPhone

By now version 4 of iOS has been out for a while, and depending on where you live in the world a launch of the iPhone 4 may have happened or be imminent. (My guess is that when it launches where I live, come 30th July, there will be waiting lists to actually get one.) But the software iOS4 has been around as an available upgrade for current iPhone/iPod users for a couple of weeks, and if you have a 3GS you can enjoy almost all the features anyways.

What didn’t see public release at the same time though was iPhone Configuration Utility, iPCU for short, but last week this was released in a new version as well going from 2.2 to 3.0. (I blame a holiday trip of mine for not noticing until now…) This is the tool for doing basic configuration on a per-device basis. Some might call this MDM light – I call it very light, but fair enough. It also serves as the tool for generating profiles you can use if you happen to have an iPhone provisioning server configured, and in such a scenario enabling at least the policy aspect of MDM. Download here: http://support.apple.com/kb/DL926

So what’s new this time? Well, there’s the obvious one like configuring multiple Exchange accounts. There’s the ability to restrict use of FaceTime, the revolutionizing video camera functionality. (All hail Steve Jobs for inventing amazing technology…actually don’t even get me started on the whole video calling thing…)

And a new payload type called…drum roll… Mobile Device Management!
image

Not many interesting things here by itself, this is just setting up the connection to an MDM server…wait a minute? MDM of the iPhone? Well, not all details are known, but Apple have announced that they are allowing access for three MDM vendors, (Sybase, AirWatch and MobileIron), to do things previously only accessible by Apple themselves. I’ve signed up for the beta of Afaria’s support, and haven’t tested any of these solutions yet, but it looks more promising than what we’ve seen so far. For instance remote wipe without Exchange ActiveSync, and the ability to detect if a device has been jailbreaked (and then possibly prevent it from syncing PIM data).

As far as I know there is also an MDM API available for developers, if your company happens to have more than 500 employees. So maybe the configuration options also apply to in-house MDM solutions. (Note: you can only grant access to company-owned devices if you code your own MDM. You may not develop your own and re-sell it as a hosted service or anything similar. Only the approved MDM vendors may do that.)

Also available in iPCU, and from MDM platforms is the ability to add applications to a device without going through the AppStore. There is a procedure for getting your application signed by Apple, and possibly they do some technical review too, but it’s still far better than the current app distribution engine if you are an enterprise user.

I’m still not saying the iPhone is the perfect enterprise device, and even as a regular user there are things I’d like to see implemented differently. But if you compare to the other hot name of the day; the Android, it’s ahead in this department. With my HTC Hero there’s still not a properly implemented ActiveSync client (it’s updated to Android 2.1 and not using the OS native client that will arrive in 2.2 – which the Hero most likely never will see as an available upgrade). If they keep this up I see no reason to complain though.

DojoCrypt – Windows Mobile Standard Edition

1 | July 6th, 2010 | Posted in Updates, Utilities, Windows Mobile

While it’s starting to become quite a while since I published DojoCrypt for enabling the built-in encryption on Windows Mobile Professional I’ve had a couple requests along the way to build a version for Windows Mobile Standard as well. So far I haven’t invested much energy in creating that since my experience is that the Standard devices are far less common than the touch-based Professional devices and I didn’t want to invest re-creating the GUI for those devices. (You are free to call me lazy if you will.)

It has certainly taken me some time to get around to it, but I thought “what the heck let’s see how much work it really is”, and so I bring you something to use on WM 6.1/6.5 Standard. It works the same way as the Pro version with a few changes – the most obvious being a slightly different interface since you can’t tap the screen.

I’ve not included the ability to add inclusions/exclusions at the moment. I might add that later if I see it being necessary. It’s not “difficult” to include, but I’m not sure how user-friendly this can get on a Standard device…

Another thing you might notice with this version is that Standard devices are more often than the Pro devices locked-down (so-called Two-tier mode) which would prevent you from using this application as it has not been signed with a trusted privileged certificate. Not much I can do about that really (you would need to unlock your device).

Screenshot:
image

Download:
http://mobilitydojo.net/files/DojoCrypt_Std.cab

Bugs? You know where to file them :)

Exchange 2010 Service Pack 1 Beta – Quick Mobility Spin

6 | June 8th, 2010 | Posted in Exchange

As Microsoft promised a couple of months back there would be a public beta of Service Pack 1 for Exchange 2010.

See: http://msexchangeteam.com/archive/2010/04/07/454533.aspx for the announcement.

Citing the link above we see that there are a couple of features interesting for us mobility guys:
- Tether-free Information Rights Management (IRM).
- Support for send-as.
- Notify on block/quarantine.
- Full implementation of conversation view.

In addition the admin will be able to administer Allow/Block/Quarantine in OWA/ECP.

There are of course other features not related to mobility too, but have one guess what I’m going to be looking into :)

Service Packs for Exchange works in a user-friendly manner. You download one package, and if you install it on an existing Exchange Server it will perform a regular upgrade. If you install it on a clean server it’s a full install. I opted for setting up a new server in my existing environment to minimize the risks.

There’s no release notes yet, so due to the fact that I missed out on some prereqs, (which for some reason was not detected by the installer), I had to do two installs to get things right. I’ll assume you get it right the first time around, and step into new bits I can find :)

New “Phone & Voice” options when logged in as admin:

image

An overview of the quarantined and blocked devices:
image

The available ActiveSync polices are listed as well, with the option of creating new ones without going into the regular console:
image

On your right hand side you’ll see the settings contained in the policy:
image

When looking up the details of a device there’s a couple of new fields as well:
image

I hooked up an HTC S740, and unsurprisingly it behaved the same way it did before. Syncing happily, but no new features. (As you can see from the details above it reports an ActiveSync version of 12.1 which would correspond to Exchange 2007 SP1.)

I then tried to hook up a Windows Mobile 6.5.3 Professional emulator with Office 2010 Mobile. It worked nicely too, but still didn’t report any higher version than 14.0.

So, I don’t really have a 14.1 client at the ready to test… But how can I be sure that there is something new on the client side? The MS-ASCMD protocol documents are updated over at MSDN, and if you check the status codes you’ll see that all numbers above 156 are new:
http://msdn.microsoft.com/en-us/library/ee218647(v=EXCHG.80).aspx

From this we learn that IRM is present, as well as contacts pictures, and a setting for how many devices one account is allowed to sync with. If you’re thinking that pictures attached to contacts aren’t a new concept you are right, but this is a new feature in Exchange 2010 in the sense that the pictures are stored in Active Directory. Technically it’s not Exchange that is responsible, but you get the picture…ha-ha…
(http://msexchangeteam.com/archive/2010/06/01/455005.aspx)

This doesn’t give us much leverage as to actually do the “seeing is believing” experience since we don’t have a compatible client. I tried connecting my own desktop client (EAS MD), where I can easily report the version number of my choosing. For some reason this didn’t work – it refused to sync. Could of course be a bug on my part, or it could be some change to the protocol – don’t know yet. I’ll have to keep looking at the bits and bytes.

I tried looking for traces of IRM settings in the console, but I couldn’t find any. Granted I keep hitting exceptions in parts of the console, so they could be hiding there, but I don’t think so.

If you look through the cmdlets though you’ll find IRM to be enabled. Just run Get-ActiveSyncVirtualDirectory |FL *IRM*, and you should see a parameter called IRMEnabled set to true. This would probably require using Set-IRMConfig as well, which I haven’t tested yet (this one seems to be available in Exchange 2010 RTM as well.) I guess that’s one more thing to look into :) (Off-topic: there’s also a parameter called SilverLightEnabled on the OWAVirtualDirectory so maybe we’ll be seeing more snappy UIs as well.)

As with some of my other beta previews I’m not giving you a lot of straight answers. But such is the nature of testing the undocumented features out there. I’ll certainly be continuing my research for greater mobility experiences, and even if you might not have learned all that much from this article I hope you find some entertainment/usefulness in quick spins like these nonetheless.

RSS for Posts RSS for Comments