iOS Device Management – Backup and Restore Reference Guide

Backup and restore capabilities are among the most important features on mobile devices being used today. iOS has capabilities both in the cloud (iCloud) and on physical machines (iTunes). Backup and restore options leveraged in enterprise deployments – BYOD or company owned – often cause confusion with seemingly inconsistent behavior. It’s important to remember that, while leveraged by enterprises worldwide, these are consumer features first, and will behave accordingly. The following scenarios should help organizations understand some of the expected behavior when handling iOS data restores and device management.

About the scenarios – The table was created based on testing two iPad devices both running iOS 12.1. 

In each scenario the back up comes from Device ‘A’ (Backup A).  The device and the backup are important as restoring data to the same device serial # that it came from has drastically different results than restoring to a device with a different serial # (serial # isn’t the only factor taken in to consideration, but it is the most easily identifiable).  

All enrollments were DEP with no profile restrictions or steps skipped and Supervised profile included as part of the setup.

Please note the following limitations when skipping items in the DEP Profile:

  • Skipping the Restore option entirely will not allow iTunes or iCloud restores during the setup assistant
  • Skipping the Apple ID will remove iCloud restore as an option
  • Restricting iTunes pairing as part of the DEP profile will remove iTunes restore as an option

Scenarios yield the same results for both iTunes and iCloud restores, however the setup assistant will behave with slight differences due to input of Apple ID for iCloud. The assumption is that all management profile data backups and restores are going through the same MDM/EMM/UEM service, and not during the migration from one solution to another.

What this pro thinks – Device backups are primarily a consumer driven feature. There is no guarantee that this functionality won’t change drastically in the future or even potentially become off-limits on enterprise (DEP) enabled devices. EMM services can already provide much of what the backups themselves do – placing apps, information, and configurations on the device – and much of the same content can be restored post setup with a simple iCloud sync.

While I certainly understand why some environments prefer using these features (one of the biggest reasons is that voicemail and message history are only restored during the setup process), I would suggest that most companies skip the backup-and-restore workflows entirely for anything other than BYOD, and instead leverage the EMM solution to get devices properly configured.

Discuss this article on MobilePros!

Jump straight to the iOS channel for members:

Or click below to join our community:

iOS 12.2 Changes the way EMM enrolments are performed

Apple will soon release a change in the way non-DEP iOS devices are enrolled into EMM platforms. These changes were first tested in iOS 12.1.3 beta late last year and will soon be introduced in the iOS 12.2 public release.

Apple is making this change in iOS 12.2 “in order to improve the platform security by reducing misleading profile installations.”

This new workflow will affect all EMM vendors and impacts the initial enrollment of BYOD devices in EMM. EMM vendors are working on providing explicit information within their applications/enrolment flows to make it as clear as possible what an end user needs to do; the main change is that the browser will no longer redirect an end user automatically to Settings in order to install a MDM profile, instead end users need to do this manually by coming out of the EMM app and navigating to Settings in order to install the profile. Installation is timed, and will eventually expire.

This change does not affect the enrolment of DEP-enabled iOS devices, only those enrolled manually to the EMM console.

In order to be prepared for this upcoming change you need to:

  1. Test iOS 12.2 beta to see if you find any issues with this new workflow. At this time (February 20th) we are in iOS 12.2 beta 3
  2. Get in touch with your EMM vendor to see what plans they have to change the wording in the application for a better user experience
  3. Keep your end user documentation updated to better navigate this change
  4. Keep an eye open or contact your Apple representative for an official release date of iOS 12.2

My take on this is that with this change Apple is improving the overall iOS platform security by:

  • Giving end users the option to “inspect the details of the profile and install it”
  • Automatically deleting uninstalled profiles after 8 minutes

These benefits come with a cost; organizations will face challenges with the BYOD enrollment process, so should organisations provide corporate-owned devices for employees, they must seriously take into consideration Apple Business Manager and DEP to avoid future complications.

Discuss this article on MobilePros!

Jump straight to the iOS channel for members:

Or click below to join our community: