MDM with SCCM: iOS
SCCM has quite a few built in options for managing iOS devices. SCCM will manage basically iOS 6 and higher, though there’s less support for iOS 6 then there is for 7 and 8. The key to get it set up is to know where they are in SCCM. This article is current up to SCCM 2012 R2 SP1.
All Corporate-Owned Devices
This is located on the “Assets and Compliance” node. This is where you can set a few options like Passcode and Apple ID. You can also set a department and support phone number from these policies. You can also set whether or not Apple Configurator can be used in conjunction with DEP.
These policies are set via the Apple Device Enrollment Program (DEP). You must a DEP relationship with Apple to use these settings.
Here are options that you can set:
Compliance Policies
This is located under Compliance Settings on the “Assets and Compliance” node. There’s only one policy that can be set here – passcode length.
This policy is deployed to a collection in your environment. It worked similarly to configuration baselines, in the sense that it only evaluates at given intervals. You can also generate alerts based on non-compliance.
Application Management Policies
This located under Application Management in the Software Library node. These policies are application specific, and must be used in conjunction with Intune. These policies prevent users from copying and pasting, etc. The can be associated in the deployment type when creating apps for iOS and Android.
Here are the various settings that can applied:
It is recommend that you combine these settings with Intune policies to further ensure device security.
