Better security is changing iPhone's image in IT departments.

While the iPhone’s “cool factor” has made it a hit among status conscious corporate executives, the mopho has been greeted with skepticism from the rank and file in the IT trenches. From their point of view, competing products like Research in Motion’s Blackberry and smartphones built on Microsoft’s Windows Mobile platform offer better security for their organizations. With the introduction of the latest version of the iPhone’s operating system, version 3.0, and iPhone Configuration Utility, version 2.0, IT resistance to letting Apple’s handset into the corporate tent seems to be weakening.

What has bugged IT folks in the past about the iPhone? For one thing, user profiles can’t be managed over-the-air as they can with a Blackberry and Blackberry Enterprise server or Motorola Good for enterprise servers. Another irritant is there’s no way to ensure that corporate policies on email, encryption, etc. have been installed or updated on the phones. What’s more, it’s difficult to preconfigure the units with settings for email, VPN access and such.

Apple’s update of the iPhone’s configuration utility, which gives network administrators a rich set of policy controls, has addressed some of those concerns and may be why IT doubters are relenting on their staunch opposition to the hardware.

For example, password entry into a phone can be required. The composition of the password, when passwords should be changed, rules on reuse of passwords and the number of failed password attempts before a phone automatically wipes out all the data on it can all be controlled by an IT department.

Specific content can be blocked on the phones, although that’s not true for specific applications. A workaround for that situation is to install all necessary apps when the phone is issued, then turn off the ability to install any more programs. The problem with that approach, however, is a user won’t be able to upgrade the existing apps on the phone.

Continue reading Security skeptics less skeptic about iPhone

It’s almost midnight when you’re woken from your peaceful slumber by a phone call from the boss. He’s calling from the pub in an inebriated state and is close to panic. “I’sh loshted my mobile and need it wiped … *hick* … immediately,” he slurs. Fortunately, with Exchange 2007 and Outlook Web Access (OWA), this is easy enough to do – without needing to make a visit to the office in the small hours of the morning.

Simply start up your computer and then (from Microsoft):

1. Open Outlook Web Access.
2. Log on to the device owner’s mailbox.
3. Click Options.
4. In the Navigation pane, select Mobile Devices.
5. Select the ID of the device that you want to wipe and remove from the list.
6. Click Wipe all data from device.
7. Click OK.
8. Click Remove Device from List.
9. Curse your boss, turn off your phone and go back to bed (okay, so this one isn’t actually part of Microsoft’s instructions but it is nonethless a step that you’ll probably wish to perform in order to ensure that the boss cannot disturb you again to tell you that he’s found the device and the remote wipe should be cancelled).

Step #8 is non-essential, but there’s really no point in not doing it as the device will otherwise continue to be wiped even after it has been found (which is bound to happen when he sobers up).

Note that it’s also possible to perform remote wipes with ES/SBS 2003, but do so you’ll need to have previously installed the Microsoft Exchange Server ActiveSync Web Administration Tool.