As technology has advanced over the years, each new addition or change creates a major headache for network admins. And in this day in age, bring-your-own-device (BYOD) is becoming all the more popular, allowing businesses to cut down on their technological investments, and reducing the risks involved substantially.

Being a network admin, I can vouch for the latest thorn in many others’ sides. iPads! 

AD User account

iPads are difficult to manage on corporate networks for various reasons. Since they cannot be bound to a Windows domain, they cannot be used with domain credentials. This, in combination with the fact that firewall clients and SSO agents cannot be installed, turns them into tiny little nightmares for the corporate firewall.

Centrify has clearly dealt with these issues, and have actually done something about it. 
They have created a new addition to their product offerings called DirectControl for Mobile, Express version.

IOS enrollment page

A simple account creation with Centrify allows you to download the application, and install it onto one of your Domain Controllers. This account is actual on Centrify’s proxy servers, allowing for cloud management of any iPad or other tablet in your corporate network. 

The installation of the software adds extensions to Active Directory Users and Computers, as well as Group Policy Management.

To enroll an iPad to be managed, the users can either download the mobile app, or simply head to the IOS enrollment URL from the device itself. Thanks to the proxy servers in the cloud, this can be done from anywhere, and not just from within your own network.

Device options in AD U&C

Once the device has been enrolled, it will be displayed under the user’s Active Directory User Account. From here the network admins will be able to do some important device management tasks, like locking/unlocking the device, wiping it completely and forcing a policy update. 

The policies that apply to the devices will be created by the admins in Group Policy. A new Group Policy extension is displayed, which allow for the management to be defined. Some of the settings available include enabling and configuring passcode settings, allowing voice calling, app installations, gaming, jail-breaking, use of the camera and a few more.

Once the device is enrolled, you can expect the policies to apply immediately. No restarts required. 
Watch this demo video to see exactly how quickly it applies.
Multiple policies can be applied to each device, including Wireless setup and Exchange mail setup via Active Sync.

What is the best part of this entire software package? Well, it’s free! Yes, Free. Obviously it is a clever marketing ploy to get you hooked onto the product and then to purchase more of their network admin offerings. Either way, I will take this level of software for free any day!

So go ahead and test out the product on your test lab network, and see the benefits for yourself.

You know it, Enjoy!