Last week we released a new version of Centrify for Mobile that provides several new and enhanced features including the Centrify Mobile Manager for iOS app, PKI authentication for Wi-Fi network access on iOS devices, Exchange configuration for Touchdown on Android devices, Group Policy controls for several new Restrictions settings in iOS 6 and other improvements. In this blog post I will provide details on some of these new features.
Centrify Mobile Manager of iOS app
Centrify Mobile Manager is a native iOS app that communicates securely with the Centrify Cloud Service. The app provides device owners with an easy-to-use enrollment process wizard, making self-enrollment quick and painless. Think of this App as the “Active Directory Join” utility for iOS, meaning that once you join your iPad etc. to Active Directory, group policies can apply etc. The Centrify App also provides additional services, such as the ability to detect jail-broken devices. The Centrify Mobile Manager for iOS App is available now on the Apple App Store. You locate it by searching for "Centrify" on the App Store or click here to download it. And yes of course, it’s free! You can still join your iPad or iPhone to your Active Directory domain using our web enrollment website.
PKI authentication for Wi-Fi network access on iOS devices
Centrify for Mobile provides support for the full range of Wi-Fi configurations on iOS devices. Additionally, it will auto-provision computer certificates in order to provide strong authentication to wireless enterprise networks for iOS devices supporting EAP-TLS authentication for WPA and WPA2 enterprise-configured access points.
There are several benefits to the enterprise when PKI is used to authenticate devices to the wireless enterprise network:
- Certificate-based authentication ensures that only authorized devices that have enrolled in device management and adhere to company security policies can gain access.
- Certificate-based authentication also eliminates the use of passwords that are hard for the user to type in repeatedly in order to gain access. Additionally, in many cases these passwords are stored by the device and replayed when needed, causing account lockout problems when the user is required to change his password on the desktop and forgets to update his Active Directory password on all his devices.
Centrify will be supporting this feature on Android-based devices in a future release.
Exchange configuration for Touchdown on Android devices
The Centrify Exchange configuration within Group Policy can now be used to configure an Exchange mailbox across both iOS and Android devices. Android devices with Touchdown from Nitrodesk installed will be configured for access to the user’s Exchange mailbox.
Policy controls for several new Restrictions settings in iOS 6
Besides supporting iPhones and iPads running iOS 6 to join Active Directory, Centrify has added support for several new Restrictions settings, including those available in Apple’s recently released iOS 6.
- New Restriction controls for iOS 5.1:
- Allow Assistant While Locked. Administrators can prevent the use of Siri Assistant if the device is locked in order to provide a higher level of security for devices that may hold sensitive data.
- New Restriction controls for iOS 6:
- Allow Diagnostic Submission. Administrators can prevent devices from submitting diagnostic data where this might compromise security policies.
- Allow Passbook While Locked. Administrators can prevent Passbook notifications from showing up on the lock screen.
- Allow Shared Stream. Administrators can prevent photo stream sharing.
- The following Restriction can be configured only on iOS 6 devices that have been initialized by Apple Configurator into Supervised mode.
- Allow Game Center. Game Center can be disabled and its icon will be removed from the Home screen.
- Allow Bookstore. Administrators can prevent access to the iBookstore and its icon will be removed from the Home Screen.
- Allow Bookstore Erotica. Administrators can prevent the user from downloading erotica from the iBookstore.
- Allow UI Configuration Profile Installation. Devices that are under Supervision can be configured to prevent user installation of any configuration profiles or certificates.
Here are some other misc. improvements we made:
- Centrify Cloud Manager has a new interface to enable administrators to manage their own APNS (Apple Push Notification Service) certificates.
- Communication between the Centrify Proxy Server and the Centrify Cloud has been improved in environments with restrictive firewalls and web proxy servers.
- The computer name for mobile devices has been improved to help uniquely identify the device and its assigned owner.
- The cloud connection test tool has been improved to check the certificates issued to the Proxy.
And the best news of course is that Centrify offers all of these new capabilities for free as part of Centrify Express for Mobile!