barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

iOS > Device Data & Configuration

Separating work and personal data on iPhones and iPads

Updated on October 6th, 2022

Many organizations allow people to use the same mobile device for personal and business purposes because it's more convenient and can also boost productivity.

The coexistence of corporate and private applications on the same device can, however, raise concerns about the security of the work data as well as the privacy of users.

What is containerization?

It is beneficial for both the device users and IT organizations to draw a clear line between work and non-work-related activities on a mobile device by separating the business and personal apps from each other. This security strategy is known as containerization.

How to control the flow of business and personal data on iOS/iPadOS devices?

Unlike for Android, there is no need to create a dedicated Work Profile container or workspace for business apps on Apple devices. Instead, on Apple iPhones and iPads, work and personal data are managed separately without segmenting the user's experience. Apple's framework in the device's operating system allows IT organizations to secure business data with a light touch through MDM software like Miradore. No separate Client is needed because the framework is part of the operating system.

Managed apps vs. unmanaged apps

iPadOS and iOS operating systems categorize applications into two categories: managed and unmanaged.

Managed apps are applications the organization's IT department deploys using Miradore or some other MDM software. It can be any app from the App Store or custom in-house applications installed. You can remotely configure, update, or remove the managed app from the devices through the MDM. Mail clients, communications software, and office apps are typical examples of managed apps.

Unmanaged apps, on the other hand, are personal applications installed by the device user.

Prevent data transfer between managed and unmanaged apps

Device users can, by default, move data and contents between managed and unmanaged apps freely as they wish.

With Miradore, you easily apply restrictions to protect company data and users' privacy by denying the data transfer between managed and unmanaged apps on devices used for work and personal matters. The devices don't even have to be supervised.

  1. Navigate to Management > Configuration Profiles on your Miradore site, and create a Restriction profile (Add > iOS > Restrictions).

2. Switch to the Security and privacy tab and check the Deny documents from managed sources in unmanaged destination and Deny documents from unmanaged sources in managed destination fields. See the below screen capture and field tooltips for further information. After applying these restrictions, device users cannot open data from managed apps in unmanaged apps or vice versa. The users still can open managed documents using other managed apps and unmanaged documents using other unmanaged apps.

Separating company and personal data on iOS devices

In addition, the admin can control what users can copy and paste with the restriction Require managed copy and paste on devices with iOS 15 or above. The restriction makes it possible to ensure that the Clipboard respects document settings of managed/unmanaged destinations. For example, this prevents the content of the managed application from being pasted into unmanaged ones and vice versa.

3. You can also consider implementing the following restrictions for added security:

On the Device functionality tab:

      • AirDrop: Force unmanaged drop target: This restriction specifies if AirDrop should be considered an unmanaged drop target.
      • Deny screen capture: This restriction prevents users from saving a screenshot of the device screen. This restriction affects the whole device, no matter whether the user has unmanaged or managed apps open.

On the iCloud tab:

        • Deny managed apps sync: This restriction prevents data sync from managed apps to iCloud.

4. Finally, remember to deploy the restrictions configuration profile to the desired devices. You can do that easily from the Devices page using the Deploy > Deploy configuration profile option.

Deploying restrictions configuration profile to iOS devices.

  • This field is for validation purposes and should be left unchanged.

Previous Article:

Next Article: