IT Support
asked on
apple mdm configurator web filtering
hi hope you are well.
i have a customer who wants me to lock down his apple devices, 3 phones and 4 ipads.
he wants me to prevent him from being able to access certain types of adult websites and proxy websites...im sure you can guess what i mean.
i was planning to use Trend iwsaas, which creates a vpn , which is really good at this kind of thing, unfortunately, he can simply turn it off in settings, and there seems to be no way to prevent him from doing this. iwsaas can even block keywords in url's , enforce google safe search etc. so i can put "proxy" and "vpn" in the blocked keywords list, as well as actual web addresses.
im looking into mdm but all i can seem to find are very expensive products for enterprise.
ideally id like to be able to configure and maintain this remotely or over the phone because he is geographically an hour or so away from me.
anybody got any ideas as to what i can do please?
i have a customer who wants me to lock down his apple devices, 3 phones and 4 ipads.
he wants me to prevent him from being able to access certain types of adult websites and proxy websites...im sure you can guess what i mean.
i was planning to use Trend iwsaas, which creates a vpn , which is really good at this kind of thing, unfortunately, he can simply turn it off in settings, and there seems to be no way to prevent him from doing this. iwsaas can even block keywords in url's , enforce google safe search etc. so i can put "proxy" and "vpn" in the blocked keywords list, as well as actual web addresses.
im looking into mdm but all i can seem to find are very expensive products for enterprise.
ideally id like to be able to configure and maintain this remotely or over the phone because he is geographically an hour or so away from me.
anybody got any ideas as to what i can do please?
ASKER
thats great. id seen the built in apple stuff but it dopesnt seem very good and as you say i'd need to be there.
thanks for the heads up on air watch, i'll have a look into that. have you any idea if it does keyword blocking and also has the ability to intercept https?
thanks for the heads up on air watch, i'll have a look into that. have you any idea if it does keyword blocking and also has the ability to intercept https?
You're dealing with two slightly different things
TrendMico acts as a proxy/filter which in effect monitors and restricts all website traffic
http://buyonline.trendmicro.com/store/trendsb/Custom/pbPage.Home?id=HomePage&SiteID=trendsb
The MDM is more about configuring the device .. so you can set and LOCK the proxy and prevent it being changed
https://my.air-watch.com/help/9.1/en/Content/Platform_Guides/Chromebook/T/Chrmebk_HTTProxy.htm
There are some blacklist and whitelist tools in AirWatch and other MDM systems but they are not as flexible as the filtering provided at a proxy level
https://my.air-watch.com/help/9.1/en/Content/Platform_Guides/Chromebook/T/Chrmebk_WebRestrictions.htm
In effect you probably need BOTH .. MDM to configure and lock the settings on the device that you do not want the users to disable and then a http proxy filtering service like trend micro
Others here might have a better suggestion
TrendMico acts as a proxy/filter which in effect monitors and restricts all website traffic
http://buyonline.trendmicro.com/store/trendsb/Custom/pbPage.Home?id=HomePage&SiteID=trendsb
The MDM is more about configuring the device .. so you can set and LOCK the proxy and prevent it being changed
https://my.air-watch.com/help/9.1/en/Content/Platform_Guides/Chromebook/T/Chrmebk_HTTProxy.htm
There are some blacklist and whitelist tools in AirWatch and other MDM systems but they are not as flexible as the filtering provided at a proxy level
https://my.air-watch.com/help/9.1/en/Content/Platform_Guides/Chromebook/T/Chrmebk_WebRestrictions.htm
In effect you probably need BOTH .. MDM to configure and lock the settings on the device that you do not want the users to disable and then a http proxy filtering service like trend micro
Others here might have a better suggestion
ASKER
ahh, ok, i didnt think i could get trend iwsaas to work with MDM...trend themselves said this.
so you are saying i can use airwatch to prevent the user from tampering with the profile created by Trend iwsaas?
so you are saying i can use airwatch to prevent the user from tampering with the profile created by Trend iwsaas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yeah, let me have a chat with trend again, also i'l have a chat with vm ware. the problem is the customer doesnt trust himself not to uninstall it.
If you have ALL the iOS devices setup under an Apple Deployment Programme .. they will be Supervised Devices and you can have SOME control over the website access but controls are limited to
1. There are some fairly basic content-level controls you can enable to block adult sites (the list of sites is not editable) or you can manually lock the device to limited number of sites which might be too restrictive
2. You can set and lock a specific HTTP proxy which can act as a gateway but you may have to pay for a proxy server service with comprehensive controls
If you enable parental controls and treat the users as < 12 years old you can lock the iOS devices but that may be overy crude for your client's needs in all likelihood
You'd have to setup Apple Configurator on an Apple computer and have access to all the devices to install the provisioning certificate to push out settings to each device.
TBH .. if you don't want to be tied into using your own hardware to configure his devices .. an MDM like AirWatch is the best option ... gives a wide level of control and devices can be locked down in hundreds of different ways - https://www.air-watch.com/en/pricing/