(301) 590-2555 • (888) 354-0100
Apple Premier Partner

AirWatch Enterprise MDM for Apple iOS

Print E-mail

air-watch-logoAirWatch provides industry-leading mobile device management (MDM) solutions for enterprise-wide iPhone, iPod touch and iPad deployments, among other mobile devices*. AirWatch secures, monitors, manages and supports iOS 4 devices throughout their entire lifecycle.

*Air-Watch also manages Android, Blackberry, Windows and Symbian devices.

Over-the-Air Enrollment

AirWatch streamlines and automates large-scale iPhone, iPod touch and iPad deployments. When rolling out large numbers of Apple iOS devices across an organization, AirWatch quickly and securely integrates devices in an enterprise environment through a simplified over-the-air MDM enrollment.

Device Activation

AirWatch uses a unique device activation code to provide enterprises with a scalable way to activate and configure a large numbers of devices. User activation codes can be associated with a specific location, business unit or device group and determine IT-defined configuration settings and policies that AirWatch pushes down to the device instantly upon activation.

User Authentication

AirWatch offers various user authentication methods to meet the needs of complex enterprise environments. To begin the authentication process, iOS 4 users navigate to the AirWatch enrollment URL provided via email or SMS and enter the AirWatch activation code and IT-defined username and password. AirWatch authenticates users through a basic authentication or via directory services (LDAP) to ensure enrollment requests are from authorized users.

Certificate Enrollment

AirWatch facilitates deployment of device certificates within your enterprise's public key infrastructure (PKI). Once the user authenticate, a certificate enrollment request is generated utilizing the Simple Certificate Enrollment Protocol (SCEP). The SCEP enrollment request is sent to the enterprise Certificate Authority (CA) and enables the device to receive its identity certificate from the CA. Certificates enable iOS 4 devices to receive configuration settings (Exchange, VPN, Wi-Fi) unique to the device user, ensuring only authorized users have access to enterprise services.

AirWatch does not require a device agent to perform over-the-air enrollment of iOS 4 devices.

apple-ipad-iphoneAsset Management

AirWatch provides IT administrators with complete visibility over their organization's fleet of iPhone, iPod touch and iPad devices. AirWatch captures detailed device, network, applications, compliance and security information for improved asset management. Enterprises can determine the frequency with which this information is monitored and packaged into actionable alerts and reports.

Device Information

  • Unique device identifier (UDID)
  • Device name
  • iOS and build version
  • Model name and number
  • Serial number
  • Capacity and space available
  • IMEI
  • Modem firmware

Network Information

  • Bluetooth and Wi-Fi MAC address
  • Current carrier network
  • SIM carrier network
  • Carrier settings version

Compliance and Security Information

  • Configuration profiles
  • Certificates installed with expiry dates
  • Restrictions enforced
  • Hardware encryption capability
  • Passcode present


  • Applications installed (app ID, name, version, size, app data size)
  • Provisioning profiles installed

AirWatch offers an optional device agent that captures additional device information such as GPS location, IP address and more.

Over-the-Air Configuration

AirWatch enables IT administrators to create and deploy configuration profiles that define enterprise settings, policies and restrictions for the iPhone, iPod touch and iPad without user interaction. AirWatch delivers signed, encrypted, and locked configuration profiles over-the-air to ensure they are not altered, shared or removed.

Configuration Profiles

When configuring devices, IT administrators have the option of building configuration profiles containing one or more device settings, policies and restrictions. Setting up and provisioning configuration profiles using AirWatch is a simple and automated process that follows Apple's iPhone Configuration Utility (IPCU). AirWatch captures each time a profile is provisioned down to a device in a detailed log for complete enterprise-wide visibility.

Golden Image

When configuring a large number of devices, enterprises can create a "Golden Image" which contains an IT-defined group of settings, policies and restrictions packaged together for automatic distribution upon device enrollment. Devices receive the "Golden Image" based on the activation code, which maps to the location or device group they belong to in the console.

Accounts and Services Integration

AirWatch configures a device's Exchange, Email, Wi-Fi, VPN settings and more, allowing only trusted managed devices to access an enterprise's accounts and services. In the event a device falls into the wrong hands, AirWatch can instantly disable access to corporate services and even initiate a remote wipe preventing unauthorized use.

Exchange ActiveSync (EAS)

AirWatch supports enterprises using Microsoft Exchange Servers (2003, 2007 and 2010) to provide corporate users with access to push email, calendar and contacts via Microsoft Exchange ActiveSync.


AirWatch enables a unified email experience for enterprise users leveraging Microsoft Exchange, as well as IMAP4 and POP3-enabled mail solutions including UNIX, Linux and Mac OS X.


AirWatch integrates with an enterprise's CalDAV server, providing enterprise users with the ability to synchronize calendar data, create and accept calendar invitations.


AirWatch supports an enterprise's CardDav and LDAP server, providing enterprise users with access to corporate directories for contact syncing and corporate contact information.


AirWatch works with your enterprise's virtual private network (VPN) via Apple's built-in client to connect to L2TP, PPTP, Cisco or Juniper VPN. To streamline a user's connection to their corporate network, AirWatch can automatically configure device VPN settings based on the authentication method used in the enrollment process.


AirWatch configures WEP, WPA and WPA2 Enterprise wireless networks, security and authentication settings over-the-air. More specifically, AirWatch configures 802.1X protocols such as TLS, TTLS, LEAP, PEAP, EAP-FAST and EAP-SIM.


AirWatch deploys PKCS1 and PKCS12 certificates from your corporate infrastructure as well as other certificates necessary to authenticate devices for access to enterprise services.

Policy Enforcement

AirWatch protects access to enterprise iPhone, iPod touch and iPad devices through strong device passcode policies. AirWatch configures device passcode policies to meet the highest enterprise security standards and actively monitors devices in real time to ensure total compliance.

Device Passcode

With AirWatch, enterprises can require a corporate user to set up a device passcode upon MDM enrollment and grant access to enterprise services once the passcode is set. For AirWatch managed devices, IT administrators can then dynamically enforce and update device passcodes policies over-the-air, as well as clear a device's passcode.

Passcode Policies

Enterprises can leverage AirWatch to establish strong passcode policies and prevent unauthorized users from accessing corporate data stored on the device.

AirWatch supports the following passcode policies:

  • Allow simple passcode value
  • Require alphanumeric passcode value
  • Minimum passcode length
  • Minimum number of complex passcode characters
  • Maximum passcode age
  • Auto-lock
  • Passcode history
  • Grace period before device lock
  • Maximum number of failed attempts

Restrictions Enforcement

AirWatch enables IT administrators to restrict iPhone, iPod touch and iPad features and functionality to meet an enterprise's security requirements. Device restrictions are configured and enforced using signed and encrypted configuration profiles which AirWatch manages remotely. AirWatch monitors devices for total compliance with corporate restrictions lists and removes access to corporate services if devices are compromised.


With AirWatch, enterprises can establish device restrictions upon MDM enrollment. For AirWatch managed devices, IT administrators can dynamically enforce and update device restrictions, as well as monitor and prevent non-compliant users from accessing corporate services.

With AirWatch, IT administrators can:

  • Restrict the use of Safari and manage security preferences
  • Restrict the use of YouTube
  • Restrict the use of the camera
  • Restrict access to iTunes Store
  • Restrict access to explicitly rated media and content
  • Restrict access to App Store and in-app purchase
  • Restrict app installation
  • Restrict screen capture
  • Restrict automatic sync while roaming
  • Restrict the use of voice dialing
  • Require encrypted iTunes backups

Device and Data Security

AirWatch protects sensitive business and personal data on iPhone, iPod touch and iPad devices through passcode policies which establish strong encryption keys. AirWatch configures device passcode policies to meet the highest enterprise security standards and actively monitors devices to ensure total compliance. If a device is lost or stolen, AirWatch can initiate a real-time remote lock and wipe.


For enterprises deploying devices 3GS or higher, AirWatch monitors whether hardware-based encryption is enabled on the device.

Data Protection

When enrolling into MDM, AirWatch can require corporate users to establish a passcode on the device which automatically activates the device's data protection feature. AirWatch monitors a device's passcode settings to ensure a compliant data protection status.

Remote Lock

AirWatch can remotely lock a device in real-time to prevent unauthorized use.

Remote Wipe

AirWatch can remotely wipe a compromised device, permanently removing all media and data. AirWatch initiates this device command without Microsoft Exchange ActiveSync integration.

Local Wipe

AirWatch also leverages a device's passcode policy to initiate a local wipe after an IT-defined maximum number of failed passcode attempts. AirWatch configures and enforces local wipe settings using configuration profiles.

Enterprise App Distribution

AirWatch's enterprise app catalog provides organizations with a simplified tool to distribute internal applications to individual iOS devices or groups of devices. Using the AirWatch console, enterprises can upload in-house apps, categorize and organize them for deployment, wirelessly distribute them to the appropriate devices, manage and secure user access.


Enterprise apps developed internally can be uploaded directly into the AirWatch console for wireless distribution app and management. Detailed application information, screenshots, videos, PDFs and more can be uploaded and will be visible to iOS users in the AirWatch app catalog. The AirWatch app catalog is a fully customizable portal where iOS users can view and download internal apps directly from their device.


AirWatch supports over the air distribution of enterprise in-house apps, allowing businesses to deploy software to iOS users without the use of iTunes or iPhone Configuration Utility. IT administrators have the ability to deploy apps to individual devices or groups of devices based on criteria such as user role, location, device type and more.


AirWatch provides a full audit of applications installed on a device, for usage visibility, troubleshooting and more. IT administrators can also manage new application versions and send updates over the air directly from the console.


AirWatch allows only authorized iOS users to access the enterprise app catalog and can enable and disable the use of any enterprise app at any time to meet enterprise security and compliance requirements.

About AirWatch

AirWatch was founded in 2003 by John Marshall and Alan Dabbiere. They believed mobile technology would completely revolutionize the way companies do business. Their mission is to develop solutions that empower companies to focus on innovative uses of mobile technology rather than the complexities of managing mobility. Based in Atlanta with offices worldwide, AirWatch is privately held and financially backed by its executive team.

AirWatch Headquarters

1155 Perimeter Center West
Suite 100
Atlanta, GA 30338
United States

AirWatch D.C. Offices

6888 Elm Street
Suite 303
Mclean, VA 22101
United States

If you want to learn more about AirWatch suite and how it can help to manage your iOS devices within your organization, please contact us at 1 (888) 354-0100 or via our online contact form.


Upcoming Events

No Posted Events

Our Locations


9057 Gaither Road,
Gaithersburg, MD 20877
Phone: (301) 590-2555


11 S Market St,
Frederick, MD 21701
Phone: (240) 415-6250

Business Hours

9057 Gaither Road, Gaithersburg, MD 20877 • Phone: 301-590-2555 • Fax: 301-590-8142 • © 2017 Mac Business Solutions, Inc.