Mobile Device Management for iOS Devices

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP

A mobile device management (MDM) solution uses software to provision mobile devices and can also protect device applications, data, and content. You can deploy and install the WatchGuard Mobile Security app with or without a mobile device management (MDM) solution. If you deploy the app with an MDM solution, you can use either the WatchGuard MDM solution or a third-party MDM solution.

To enroll an iOS device in the WatchGuard MDM solution and add it to the Endpoint Security management UI , you must have:

  • An Apple user account (Apple ID) — Required to generate and import certificates into the management UI. You can use an existing account or create a new one.
  • A digital push certificate issued by Apple — Required to enable the iOS devices you want to manage to communicate securely with Apple servers. Digital certificates are valid for one year, after which they expire. Register all your company iOS devices with the same digital certificate.

For more information, see Manage the Apple Push Certificate.

Features Available with the WatchGuard MDM Solution

WatchGuard Endpoint Security app functionality is enhanced by enrollment in an MDM solution. The WatchGuard MDM solution provides access to the full protection of WatchGuard Endpoint Security for iOS mobile devices.

Feature

No MDM

Third- Party MDM

WatchGuard MDM

Geolocation ü ü ü
Remote alarm ü ü ü
Hardware inventory ü ü ü
Web and anti-phishing protection*   ü ü
Web access control*   ü ü
Wipe     ü
Lock     ü
Software inventory     ü

*The iOS device must be in supervised mode. For more information, see About Supervised Mode on iOS Devices.

Deployment Options

The WatchGuard Mobile Security app deployment and installation process depends on the features you require and whether the target device is enrolled in an MDM solution. To use the URL filtering and anti-phishing capabilities provided by WatchGuard Endpoint Security, the iOS device must be in supervised mode and enrolled in an MDM.

To determine the appropriate deployment strategy for your security needs, review the available options and see the corresponding installation procedure.

No MDM Solution

With this option, WatchGuard Endpoint Security provides device geolocation and the ability to send an alarm to the device. You can also view the hardware inventory of the device on the computer details page in the management UI.

See Install the WatchGuard Mobile Security App on iOS Devices without an MDM Solution.

WatchGuard MDM Solution

With this option, WatchGuard Endpoint Security provides device geolocation and the ability to lock the device, erase the device, and send an alarm to the device. For information on the anti-theft protection features available, see Configure Anti-Theft Settings for iOS Devices.

You can also view the hardware and software inventory of the device on the computer details page in the management UI. With iOS devices enrolled in the WatchGuard MDM solution, the software inventory information includes when apps were first seen on the device. Devices enrolled in the WatchGuard MDM solution send the server a daily report that includes the third-party apps they have installed.

See Install the WatchGuard Mobile Security App on iOS Devices Enrolled in the WatchGuard MDM Solution.

WatchGuard MDM Solution — Supervised Mode

In addition to the features described for devices enrolled in the WatchGuard MDM solution, you can also enable web and anti-phishing protection, and web access control on supervised devices. This option provides access to the full protection of WatchGuard Endpoint Security for iOS mobile devices. For more information on the security features, see Configure iOS Device Settings.

For information on supervised mode, see About Supervised Mode on iOS Devices.

If a device is already in supervised mode, you can install the WatchGuard Mobile Security app from the WatchGuard MDM solution. See Install the WatchGuard Mobile Security App on iOS Devices Enrolled in the WatchGuard MDM Solution.

If the device is not in supervised mode, see Install the WatchGuard Mobile Security iOS App on Supervised Devices (WatchGuard MDM Solution).

When you configure a device in supervised mode, the device resets to factory-default settings. All data, programs, and settings are deleted. You can restore data stored in iCloud when you sign in with your Apple ID on the reset device. For information on how to back up and restore apps and data when iCloud is not available or sufficient, see the Knowledge Base article, Supervised iOS Devices: Back Up and Restore without Losing Data, before you enable supervised mode.

Third-Party MDM Solution

We recommend enrollment in a third-party MDM solution only if you already use an MDM solution.

With this option, the WatchGuard Endpoint Security provides device geolocation and the ability to send a remote alarm to the device. You can also view the hardware inventory of the device on the details page in the management UI. For information on the anti-theft protection features available, see Configure Anti-Theft Settings for iOS Devices.

See Install the WatchGuard Mobile Security App on iOS Devices Enrolled in a Third-Party MDM Solution.

Third-Party MDM Solution — Supervised Mode

We recommend enrollment in a third-party MDM solution only if you already use an MDM solution.

In addition to the features described for devices enrolled in a third-party MDM solution, you can also enable web and anti-phishing protection, and web access control on supervised devices. The ability to erase and lock the device remotely, and to see the software inventory of the device are not available. For more information on the security features, see Configure iOS Device Settings.

To install the iOS app in supervised mode on a device enrolled in a third-party MDM solution, the MDM solution must be able to import external configuration files.

For information on supervised mode, see About Supervised Mode on iOS Devices.

If a device is already in supervised mode, you can install the WatchGuard Mobile Security app from the MDM solution. See Install the WatchGuard Mobile Security App on iOS Devices Enrolled in a Third-Party MDM Solution.

If the device is not in supervised mode, see Install the WatchGuard Mobile Security iOS App on Supervised Devices (Third-Party MDM Solution).

When you configure a device in supervised mode, the device resets to factory-default settings. All data, programs, and settings are deleted. You can restore data stored in iCloud when you sign in with your Apple ID on the reset device. For information on how to back up and restore apps and data when iCloud is not available or sufficient, see the Knowledge Base article, Supervised iOS Devices: Back Up and Restore without Losing Data, before you enable supervised mode.

Related Topics

About Supervised Mode on iOS Devices