Essential Guide

Advanced guide to managing iOS devices

A comprehensive collection of articles, videos and more, hand-picked by our editors

iPad Active Directory management options leave much to be desired

On the iPad, Active Directory’s capabilities are seriously curtailed. ActiveSync offers some iPad management options around email and passwords, but IT admins expect more.

FROM THE ESSENTIAL GUIDE:

Advanced guide to managing iOS devices

+ Show More

Active Directory has limited value when it comes to iPad management, because the two just aren’t equipped to work

closely with each other.

Apple designed the iPad as a consumer device, not for corporate settings. But as the popularity of the iPad grows among business users, IT professionals need to find way to perform large-scale iPad management tasks in a corporate environment -- despite the fact that there aren’t really any good options yet.

Most companies integrate their network PCs with Active Directory, which lets administrators apply policies and access-control levels to these endpoints. This kind of control is limited when it comes to iPad Active Directory management, however, because you cannot fully integrate the two using today’s available technology.

iPad Active Directory management options

When setting up the email client on the iPad, a user can choose to connect to Microsoft Exchange Server. The Exchange server gets its user information from Active Directory, but the iPad/Active Directory relationship is almost nothing like what IT professionals are used to seeing between Active Directory and PCs.

To unlock a few more iPad management capabilities, admins can implement Exchange ActiveSync, which offers more than just email account synchronization. With ActiveSync enabled, admins can use the Exchange System Manager (in the Exchange Management Console) to enforce the use of passwords on iPads and set password length and character requirements. They can also set a limit on failed password attempts and, once that threshold is reached, perform a local wipe. There is also the option to execute a remote wipe, which can be useful when a device is lost or stolen.

Newer versions of Exchange have added some iPad management features, but most of them still relate to passwords. With Exchange Server 2007, for example, admins can allow or prohibit simple passwords, set password expiration rules and determine the number of complex characters that users must have in a password.

The limitations of iPad Active Directory management

More on iPad management

iPad security policy pointers

iPad raises mobile device security concerns

Active Directory management services: cleanup and optimization

 

These features do improve password security, but they don’t help at all when it comes to managing the device itself and its properties. For instance, there are no options that allow admins to import iPad information to and from Active Directory, or to create policies that specify which apps can and can’t be installed on the iPad.

As of right now, Microsoft, Apple and third-party vendors all lack the capabilities to manage the iPad with the same level of Active Directory control as you’d manage PCs. The products that do exist are mainly based on ActiveSync, so their options are comparable to what’s already available through Exchange.

This was first published in December 2011

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Advanced guide to managing iOS devices

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchEnterpriseDesktop

SearchVirtualDesktop

SearchVMware

SearchCIO

SearchSecurity

Close