Active Directory has limited value when it comes to iPad management, because the two just aren’t equipped to work closely with each other.
Apple designed the iPad as a consumer device, not for corporate settings. But as the popularity of the iPad grows among business users, IT professionals need to find way to perform large-scale iPad management tasks in a corporate environment — despite the fact that there aren’t really any good options yet.
Most companies integrate their network PCs with Active Directory, which lets administrators apply policies and access-control levels to these endpoints. This kind of control is limited when it comes to iPad Active Directory management, however, because you cannot fully integrate the two using today’s available technology.
When setting up the email client on the iPad, a user can choose to connect to Microsoft Exchange Server. The Exchange server gets its user information from Active Directory, but the iPad/Active Directory relationship is almost nothing like what IT professionals are used to seeing between Active Directory and PCs.
To unlock a few more iPad management capabilities, admins can implement Exchange ActiveSync, which offers more than just email account synchronization. With ActiveSync enabled, admins can use the Exchange System Manager (in the Exchange Management Console) to enforce the use of passwords on iPads and set password length and character requirements. They can also set a limit on failed password attempts and, once that threshold is reached, perform a local wipe. There is also the option to execute a remote wipe, which can be useful when a device is lost or stolen.
Newer versions of Exchange have added some iPad management features, but most of them still relate to passwords. With Exchange Server 2007, for example, admins can allow or prohibit simple passwords, set password expiration rules and determine the number of complex characters that users must have in a password.
These features do improve password security, but they don’t help at all when it comes to managing the device itself and its properties. For instance, there are no options that allow admins to import iPad information to and from Active Directory, or to create policies that specify which apps can and can’t be installed on the iPad.
As of right now, Microsoft, Apple and third-party vendors all lack the capabilities to manage the iPad with the same level of Active Directory control as you’d manage PCs. The products that do exist are mainly based on ActiveSync, so their options are comparable to what’s already available through Exchange.
