iOS Sync not working (iOS 9.3.5 and earlier, SMC 6.1.12)

We found the same problem in our environment (using iOS 9.3.5 and on other devices 10.0.1/10.0.2): When I start the "Control" app, the sync works fine. When I put the app into the background (not removing it), it fails to synchronize any more and after some days the device is "not compliant". Opening the ontrol app again it immediately syncs with the server and everything is ok again.

-> I think Apple is putting background apps into a "deep sleep mode" which prevents the app from syncing with the server in the background. That behaviour is very annoying since every user has to open the Control app from time to time in order to remain compliant (and to get new commands from the server: so a "find location" command is only executed when the Control app syncs with the server).

Remark: The "Secure Email" app shows a similar behaviour...

Hi All,

sorry for the late reply.

The description of MDM Administrator is correct. The struggle with iOS is the following:

In order to increase battery life and limit data consumption, Apple iOS only allows the app in foreground to get permanent access to internet data and/or CPU cycles. All apps in the background are put into sleep mode and in the case of certain conditions, like low memory, these apps may even be pushed further into the background to device storage. This app management functionality is handled transparently by iOS in the background, with little to no way for an app developer to influence its behavior. Only a very select number of apps and features on the device get preferential treatment and are always allowed to execute instructions in the background, for example: telephony, SMS text messaging, navigation, and the built-in iOS email client. Other apps can request permission to run in the background, but as I mention above, the operating system will grant this access based on internal rules and heuristics and may even suspend the app altogether.

Therefore, it might be, that the app is completely terminated.

I suggest to remove the SMC app synchronization from the compliance rules, if possible. Instead, I would add the "Max. synchronization gap" compliance rule instead.
For iOS devices, there are two types of syncs:

1. The app synchronization which is used to determine the rooting status and the location.

2. The synchronization of the mobile device management protocol which is used to e.g. install profiles, lock / wipe the device or install apps.

Hope that helps.

Best regards
Stefan

Thank you, Stefan. Well, so right now MDM is useless for iOS-Devices that are not used frequently by users but are stored in carts for some future use.

As you might already know my scenario are electronic exams on iPads where the tablets wait for the exam-weeks. I am not able to monitor their battery state or whether all apps are installed correctly or not. When I have to touch all tablets from time to time I don't really need a mdm-system. The whole MDM-approach is still a joke and here I do not blame companies like sophos but Apple for their implementation of this extremely important tool. I cannot reboot an iOS-device remotely, I cannot install the newest iOS-Versions from my mdm, I can't configure lot's of apps, I can't monitor devices that are on standby for a longer period. Well, we can do what we do for decades now in the IT: Wait for the next release of the (i)OS and hope that there's another little piece of possibilities, maybe we can reboot the devices remotely with the nex iOS.

I am sure that sophos and all the other companies developing mdm-solutions are in contact with Apple and that they carry our problems to their development. As I heard from a consultant in another case some years ago: "I will carry it to development, customer-not-amused." That's what you can tell apple. Please keep in mind: I don't blame sophos.

Cheers

/Detlef

Thank you, Stefan. Well, so right now MDM is useless for iOS-Devices that are not used frequently by users but are stored in carts for some future use.

As you might already know my scenario are electronic exams on iPads where the tablets wait for the exam-weeks. I am not able to monitor their battery state or whether all apps are installed correctly or not. When I have to touch all tablets from time to time I don't really need a mdm-system. The whole MDM-approach is still a joke and here I do not blame companies like sophos but Apple for their implementation of this extremely important tool. I cannot reboot an iOS-device remotely, I cannot install the newest iOS-Versions from my mdm, I can't configure lot's of apps, I can't monitor devices that are on standby for a longer period. Well, we can do what we do for decades now in the IT: Wait for the next release of the (i)OS and hope that there's another little piece of possibilities, maybe we can reboot the devices remotely with the nex iOS.

I am sure that sophos and all the other companies developing mdm-solutions are in contact with Apple and that they carry our problems to their development. As I heard from a consultant in another case some years ago: "I will carry it to development, customer-not-amused." That's what you can tell apple. Please keep in mind: I don't blame sophos.

Cheers

/Detlef