iPad Active Directory management options leave much to be desired

Active Directory has limited value when it comes to iPad management, because the two just aren’t equipped to work closely with each other.

Apple designed the iPad as a consumer device, not for corporate settings.

    Requires Free Membership to View

    Login

But as the popularity of the iPad grows among business users, IT professionals need to find way to perform large-scale iPad management tasks in a corporate environment -- despite the fact that there aren’t really any good options yet.

Most companies integrate their network PCs with Active Directory, which lets administrators apply policies and access-control levels to these endpoints. This kind of control is limited when it comes to iPad Active Directory management, however, because you cannot fully integrate the two using today’s available technology.

iPad Active Directory management options

When setting up the email client on the iPad, a user can choose to connect to Microsoft Exchange Server. The Exchange server gets its user information from Active Directory, but the iPad/Active Directory relationship is almost nothing like what IT professionals are used to seeing between Active Directory and PCs.

To unlock a few more iPad management capabilities, admins can implement Exchange ActiveSync, which offers more than just email account synchronization. With ActiveSync enabled, admins can use the Exchange System Manager (in the Exchange Management Console) to enforce the use of passwords on iPads and set password length and character requirements. They can also set a limit on failed password attempts and, once that threshold is reached, perform a local wipe. There is also the option to execute a remote wipe, which can be useful when a device is lost or stolen.

Newer versions of Exchange have added some iPad management features, but most of them still relate to passwords. With Exchange Server 2007, for example, admins can allow or prohibit simple passwords, set password expiration rules and determine the number of complex characters that users must have in a password.

The limitations of iPad Active Directory management

More on iPad management

iPad security policy pointers

iPad raises mobile device security concerns

Active Directory management services: cleanup and optimization

 

These features do improve password security, but they don’t help at all when it comes to managing the device itself and its properties. For instance, there are no options that allow admins to import iPad information to and from Active Directory, or to create policies that specify which apps can and can’t be installed on the iPad.

As of right now, Microsoft, Apple and third-party vendors all lack the capabilities to manage the iPad with the same level of Active Directory control as you’d manage PCs. The products that do exist are mainly based on ActiveSync, so their options are comparable to what’s already available through Exchange.

This was first published in December 2011

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top