On the other hand, iTunes backs up the contents of an iPhone, including all of its settings, during each sync. That can provide a safety net for users in case of problems or if the phone is lost or stolen. And it provides a convenient sync of mail accounts, calendars and contacts in a non-Exchange environment, and Web browser bookmarks in any environment.
Note: In predominantly Mac environments, Apple's managed preferences architecture makes it possible to some restrict individual iTunes features. Similar options for doing this in Windows environments are available by editing the appropriate Registry keys. If your organization opts for user activation and syncing, these offer better options than wide-scale access to all of iTunes. But there is still no way to limit iTunes solely to sync functionality for the iPhone.
For many enterprises, the ideal option is likely to be centralized iPhone activation, particularly in an Exchange environment where user e-mail and calendar data is synced directly to the Exchange server rather than requiring sync with a workstation.
This allows more control over data on the iPhone, avoids the need to install iTunes on workstations and positions IT as the contact for any iPhone-related issues. It also helps a company stop users from associating their phones with an Apple ID and iTunes Store account, making it harder for them to make purchases through the App Store for iPhone or the iTunes Wi-Fi Store.
Apple provides some automated configuration of iPhones for the workplace through the use of configuration files, or profiles, that can be used to establish a number of typical configuration options. These could include requiring a passcode to access the phone, configuration of Exchange or IMAP/POP e-mail accounts, VPN configuration (for PPTP, L2TP and IPSec/Cisco VPNs), some configuration for access to Wi-Fi networks and the installation of certificates on the phone.
How the iPhone connects to a carrier's network using Access Point Name settings is also supported, although these settings should ideally be coordinated with your carrier if they're needed.
IPhone profiles are XML property list files that can be generated with either a Mac OS X application -- the iPhone Configuration Utility -- or a Web-based tool that can be installed on either a Mac or a Windows PC (examples of both are shown below).
While either tool can generate configuration files, the application interface also allows you to build a library of iPhones within your network -- complete with installed application and user information. And the Console viewer offers easy access to log files on the iPhone when it is connected to a computer, which is useful for troubleshooting problems and testing in-house applications. The application environment also allows for management and deployment of in-house applications.
There are two overall disappointments to Apple's implementation of configuration files for enterprise environments. First, the files are not pushed out over the air and automatically applied to iPhone clients. They must be sent to a client by e-mail or hosted on a Web server and loaded using the mobile Safari browser on the iPhone. This makes distribution a bit more cumbersome, both for the initial deployment and for later updates.
Second, users must choose to install profiles or updates. You cannot enforce an updated profile. When an updated profile is received via e-mail or accessed via a Web server, users can choose whether to install the profile. Users can also delete profiles using the iPhone's Settings application, meaning there's no guarantee that profiles will be kept up to date -- or used at all.