Installing MDM on iOS Devices (iPhone, iPad, iPod)
Mobile Device Management (MDM) is a tool that assists with ensuring your device is appropriately encrypted. It also provides the ability to lock or erase your device if it is lost or stolen. A Restricted MDM profile must be installed on all Stanford-owned and personally-owned phones and tablets that are used for Stanford-related work and for which we have a solution. Mobile devices without MDM cannot be used to access or store PHI. Stanford currently has MDM for iPhones and iPads and installing it only takes a few minutes.
Back up Your Apple Mobile Device
It is important to sync and backup your Apple Mobile Device with iTunes on one specific computer
If you back up your content through iTunes, use only one computer to sync your iOS device, even if you have multiple computers with the same iTunes account on all of them.
To back up your device to your computer with iTunes:
- Connect your iOS device to your designated backup computer.
- Open iTunes.
- Select the iPhone or iPad in the Devices panel in iTunes. The window in the center changes to reflect information about your device.
- Right-click the device name in the Devices panel and choose Back Up from the pull-down menu.
Backing up your device and syncing are different functions. When you sync your device, you select which media to sync between your computer and the device -- for example, only the latest podcast or TV episode, and you transfer purchases (including apps) between your device and the computer.
If you change to a new computer, make sure that you transfer both your synced iTunes content and your data backups to the new computer.
All SoM devices must have a Restricted MDM profile, and not a Basic profile, regardless of whether you work with restricted data or not. If your device has a Basic profile, you will need to re-enroll it in the MDM system. If you are on your mobile device, go directly to the Mobile Device Management installer page to begin the process: https://mdm.stanford.edu/client/register
You can preview the installation process in the guide below.
Start Installing MDM
- Start on the "Mobile Device Management (MDM) Service" page.
- Tap the Benefits of MDM button to review the list of features that will install on your device.
- Tap Privacy Information to read about how Stanford University respects your privacy.
- Tap Continue.
This takes you to the "Let's get started" page.
Select Email and Calendar Preferences
You can configure your Stanford Email and Calendar as part of your MDM profile:
• Allows you to wipe this account remotely if your device gets lost without removing all your personal apps and data.
• Easily updates if Stanford makes changes to email servers and other settings.
Warning: If you choose to configure your Stanford Email and Calendar, you must first remove any existing Stanford email and calendar accounts from your device before continuing with your MDM install. You wll need to re-add these accounts to your device after you complete the installation proces. See how to remove my Stanford accounts »
If you choose not to configure your Stanford email and calendar, your previously installed accounts will continue to work, but you won't be able to selectively wipe Stanford data remotely.
Preview installation steps
This page describes the events during the installation process, which includes some alert messages. These iOS alerts are normal.
- Read the instructions on this page before you install the configuration profile.
- Tap Begin Now at the bottom of the page when you're ready
Begin the profile installation
This profile image will come up on your screen. It enrolls you in the MDM program. You need to install it to enable your personal profiles.
- Tap More Details to learn more about this profile before you proceed.
- Tap Install to proceed.
Several screens appear during the installation process to indicate when the installer is enrolling, installing, or generating a key. This is normal.
"This Profile will change settings on your iPhone."
This warning alerts you that some of your settings will change on the device to accommodate the configuration profiles. These include the passcode requirements and other security settings.
Tap Install Now.
"Mobile Device Management: Installing this profile will allow the administrator..."
This message is standard legal information from Apple and it's generated automatically. You might wonder what it means for you.
When you're ready, tap Install.
Profile installation continues
The configuration profile begins to install your specific settings (including email, if you chose it) and several more screens appear during this process.
You may be asked at this point to enter a device passcode.
You're almost finished.
When your profile finishes installing, the Profile Installed dialog appears.
Back to MDM Enrollment
After your profile installs, you are returned to the Safari browser, where you see the "Enrollment in progress" page. This page notifies you of the new MDM icon on your Home screen and what to expect while your profiles finish fully installing on your device. (You can review the information on this page again at any time on the web).
Now you will be prompted to install MDM App on your device.
MDM App installation on your device
You will receive a pop-up message that notifies you that the MDM app is installing on your device and that you will not be charged. Tap Install.
Adjust Device Settings
When the process is complete, you’ll find the following changes on your mobile device:
- New passcode settings for Passcode Lock and Auto-Lock
- MDM profiles installed under Settings
Auto-Lock and Passcode Lock
The MDM configures the following passcode settings on your device, using the Apple factory default settings.
- The Passcode Lock setting requires a passcode following a "grace period" after you press the On/Off button at the top of the device.
- The Auto-Lock setting requires a passcode after a certain period of inactivity.
MDM permits you to increase these values up to the maximum defined value.
- Go to Settings > General > Passcode Lock.
If you have a passcode, you can change the Require Passcode setting to "Immediately" or one minute.
- Go to Settings > General > Auto-Lock. You can change the Auto Lock setting from one to five minutes. This is only relevant if you use a passcode.
Your New MDM Profiles
To see the list of MDM profiles on your device, tap Settings > General > Profiles. One profile enrolls you in the MDM program, and the others specify your user settings.
Learn more about them by pressing the right arrow. Your profiles might include:
- Your enrollment profile. If you need to delete the MDM profiles, this profile removes all of them.
- MDM settings
- Mail - ActiveSync NR (optional)
- VPN - Cisco VPN NR
Be sure to bookmark the URL of the Manage Device (self-service) page on your desktop or laptop computer.
Review Your Device Status
At the end of the MDM installation process, you will see a series of screens describing the status of your device. You can check your status information anytime using the Stanford Mobile Management app.
Launch the Stanford Mobile Management app
Tap the Stanford MDM app on your Home screen to open the Device Manager.
Tap Continue when you see the alert that says "Are You Sure You Want to Open the Application 'Stanford MDM' from the Developer 'iPhone Distribution: Stanford University, IT Services?'"
Go to your Manage Device page
Tap Manage your device when you see this screen. This activates your Stanford Mobile Management app and brings you to the Device Manager, where you can view your device status.
Tap the Compliance button
If you have more than one device registered with Stanford MDM, tap the button for the correct device before you enter the Manage Device dashboard.
In the next screen, tap the Compliance button to enter the Compliance dashboard.
The iPad presents a different view of the Compliance button and dashboard. The Compliance tab is in the left-hand column of your Manage Device window. Tap it to enter the Compliance Dashboard.
The Compliance dashboard
The Compliance page explains what you should see in the dashboard: a green checkmark by each item in the list. You need to have a green checkmark in each category to work with Restricted Data.
Viewing and updating your Compliance status
Tap on each icon next to each item to learn more about what it means and how to resolve an issue if you don't see a green checkmark next to it. You can also view this information on the Compliance Issues service page.
- A green checkmark means that your device is in compliance with the guidelines for working with Restricted Data.
- A yellow alert means that your device's jailbreak status is unknown.
- A red alert means that your device is not in compliance.
If you need to update the status of any items on this list, tap the Update Device Information Now button and refresh your browser window.