Navigation:  Basic Working Procedures > Managing Devices > Provisioning Devices >

iOS devices

 Print this Topic Previous pageReturn to chapter overviewNext page
Show/Hide Hidden Text

Provisioning is the process of setting up the device so that it can synchronize with the mSuite server and, optionally, restricting what the user is allowed to do on the device.

This section only applies to iOS devices i.e. iPhone, iPad and iPod Touch.

For iOS devices, provisioning is achieved by sending an iOS Configuration Profile to the device.  This profile configures and locks the user's Account Info settings (Email, Server, Domain, Username, Use SSL, Sync mail for).  It can also be used to enhance the security of the device by preventing the user from accessing any/all of the following:

App Store
Camera
Explicit Content
Safari
Screenshot
YouTube
iTunes
 

Plus, from version 5.17 onwards (for iOS4 devices only):

Video Conferencing (Facetime)
Accept cookies
Autofill
Javascript
Pop-ups
Fraud warnings
Allow sync when roaming

 

Plus, from version 5.18 onwards (for iOS4 devices only):

Prevent policy removal

Passcode Restrictions (new in 5.18)

Auto-lock period (The period after which the device locks automatically)
Grace period (The period for which the device can be unlocked without prompting for a password)
Over the Air provisioning

How does the iOS provisioning process work?

The user enters a special URL into the Safari browser on the device.  This connects the device to the mSuite server which authenticates the user and, if successful, sends it an iPhone Configuration Profile.  The device prompts the user to install this profile which creates and configures up the Exchange ActiveSync account and, optionally, removes selected features (e.g. iTunes) from the device.

Before you can use iOS Provisioning you must first configure and "Lock" the iPhone Policy Settings in the Device Settings Policy.  For information about how to do this, go to Device Settings Policy > iOS devices.

Denying access to iOS devices that have not been provisioned with a Device Settings policy (Profile)

New in 5.18.  To force iOS users to use the iOS provisioning process, in the mSuite Administration Console:

1. go to Configuration > Servers and Groups, go to the Exchange Adapter tab and run the configuration wizard and click Next and Next again.
2.on the Exchange Adapter Device Settings page, check the box marked Allow only iOS devices that have been provisioned then click Next and Finished.
3.restart the Exchange Adapter.

If a user now tries to access the system by manually creating an EAS account on the device, they will be denied access.

Provisioning iOS devices

The iOS Provisioning process is slightly different depending on whether you are using your own mSuite Proxy (Local or DMZ) or the CommonTime Switching Center (CSC).

If you change a policy that has already been deployed to an iOS device, the policy on that device will not be updated until/unless the device is provisioned again.  This is an iOS restriction - for more information, click here.

mSuite Proxy (Local or DMZ)

1.Using the Safari browser on the device, the user goes to https://<proxyserver>:<port>/iphone where <proxyserver> is the host name or IP address of the mSuite Proxy server and <port> is the port that the Proxy uses to listen for secure connections from Exchange ActiveSync devices.  If the Proxy listens on the port 443 (the default for SSL connections), the <port> parameter can be omitted.  Examples:
https://mobile.acme.com/iphone   (Proxy is listening on port 443)
https://mobile.acme.com:1700/iphone   (Proxy is listening on port 1700)
2.Provided the device is able to connect to the mSuite server (via the Proxy), the user will be prompted to enter their credentials and will then be authenticated.
The credentials are cached by the browser.  To clear the cache, power the device off and back on again.
3.If authentication is successful, the iPhone Configuration Profile is downloaded to the device and the user is then prompted to Install it.

CSC

1.The administrator tells the user the Alias name of the mSuite system.
2.Using the Safari browser on the device, the user goes to get.commontime.com
3.The user is prompted to enter the Alias and then taps Submit (or Go).
4.Provided the Alias is recognised and is unique, the device is now automatically connected to its own mSuite server.
5.Provided the device is able to connect to the mSuite server, the user will be prompted to enter their credentials and will then be authenticated.
The credentials are cached by the browser.  To clear the cache, power the device off and back on again.
6.If authentication is successful, the iPhone Configuration Profile is downloaded to the device and the user is prompted to Install it.

Re-provisioning and/or removing a configuration profile from an iOS device

To re-provision an iOS 4 device, simply repeat the provisioning process above.  With iOS 3 devices, it is necessary to remove the existing profile (if any) before provisioning the device with a new one.

To remove the Exchange ActiveSync profile, on the iOS device go to Settings > General > Profile select the iPhone Configuration Profile and then tap Remove.

If the administrator has set Prevent Policy Removal to Yes, it will not be possible to remove the profile from the device.

The process of re-provisioning and/or removing the profile will cause all the existing e-mail/PIM data associated with that EAS account to be removed from the device.

 

 

Page url: http://msuitehelp.commontime.com/index.html?ct_ios_devices.htm