iOS 10 Enterprise and MDM features known for now (May update later)

iOS 10 :iphone: Enterprise features known for now (May change later as we know more official docs from Apple)


Some Deprecation of Restrictions:
Apple plans to deprecate some non-supervised restrictions at some point, though not immediately, in the iOS 10 series. The restrictions slated for deprecation are:

  • Disable App installation and removal
  • Disable FaceTime
  • Disable Siri
  • Disable Safari
  • Disable iTunes
  • Prohibit explicit content
  • Disable iCloud documents and data
  • Disable multiplayer gaming
  • Disable adding GameCenter friends

These restrictions will become available only for supervised devices.

  • The new CallKit API for VoIP apps will really make the experience a lot smoother and less confusing for users by allowing third-party apps work just like the normal phone on the lock screen, recent calls list, and favorite contacts list. MDM controls will allow IT to specify the default app for audio calls for any enterprise-managed contacts and account This will be huge for unified communications and VoIP providers (Cisco Spark got a callout during Monday’s keynote) and it should considerably advance the cause of split work/personal calling for BYOD. (Giving out a personal cell number is still one of the biggest objections to BYOD I hear from friends and acquaintances.)
  • The Phone app – a bit more useful for workers who aren’t always tied to their desks. For one, the new version of the app will actually transcribe voice messages for users to save the effort of having to listen to voicemails. And by using Cisco’s Spark app, users will also now be able to have calls routed from their office desk phones to their iPhones.
  • Apple said that sometime in the future they would deprecate some restrictions settings from normal MDM, and make them available only on devices managed in Supervised mode. This year they said this will be happening very soon, though not immediately in iOS 10. The particular restrictions are app installation and removal; FaceTime; Siri; Safari; iTunes; explicit content; iCloud documents and data; Multiplayer gaming; and adding GameCenter Friends. Overall, this is in line with Apple’s strategy to differentiate the MDM capabilities on corporate and personal devices.
  • Other iOS MDM updates include a few changes to configuration payloads for VPNs and Wi-Fi. These will likely be in the form of feature expansion or protocol compatibility.
  • The What’s New in Security session had a few other things of note for the enterprise: There are changes to how Gatekeeper works (Gatekeeper controls whether or not non-App Store or unsigned applications can run on macOS); and mandatory App Transport Security means that all iOS apps in the App Store will be required to use HTTPS (with some exceptions) by the end of the year.
  • Apple introduced the new Universal Clipboard feature, which uses iCloud to provide users with their clipboard contents – text, photos and video – among all Apple devices. So, workers who’ve been dreaming of copying and pasting across their Mac, iPhone and iPad will have to dream no more.
  • Apple said that as part of iOS 10, the company will open the Siri API to outside developers for the first time. That means third-party apps – including apps useful for the workplace – will be able to get some voice-controlled functionality on Apple devices.
  • iOS 9.3 notification APIs, now in iOS 10, the updated lock screen also gives native apps and third-party apps (including email) an interactive interface without unlocking the screen. This creates a more interactive, user-friendly lock screen for the iPhone.



iOS 10 Device Restrictions:
Disable Bluetooth modification – Restrict end users from modifying device Bluetooth settings.

QoS Marking Policy:
Apple and Cisco have partnered to deliver a better app and voice experience for iOS devices on corporate networks through Cisco’s QoS fast lane network. AirWatch allows you to select audio and video applications to receive prioritized data allocations. You can customize this setting in the Wi-Fi Profile.
For more information on QoS Marking,

Default Calling App for Exchange:
Assign a default application that your Native EAS account will use to make calls when you select a hone number in an email message. This option can be configured in the existing Native EAS Profile. The applications that can be used as a default calling app must have been developed using the CallKit framework. Please contact the application developer for more information on which frameworks a specific app uses.