2. Provide a way to enforce the use of configuration profiles
Even if you set aside the need for expanded configuration options, there's a much bigger concern for IT staffers who are required to manage iPhones. Configuration profiles are designed to ease iPhone configuration, not to serve as security policies that can be implemented with other platforms. End users must actively accept a configuration profile before it can be applied to an iPhone, and they can remove a profile simply by using the iPhone's Settings application.
This approach makes any real security or enforcement of acceptable use policies well-nigh impossible. Administrators can't be sure that any configurations they deploy to an iPhone will be in use at any time. The inability to enforce passcode policies on an iPhone without an Exchange environment raises security concerns.
It can also lead to support headaches if users routinely remove profiles that deliver needed configuration details, such as for Wi-Fi or VPN access. For the iPhone to be secure and properly managed in enterprise environments, it must offer an option for security and configuration policies that can be reliably enforced.
3. Develop over-the-air deployment for profiles
Given the limitations of working with profiles for the iPhone, Apple needs to develop a way to deploy configuration profiles (as well as provisioning profiles to enable the installation and use of in-house applications) and make sure they're enforced.
The current approach does not push profiles out to devices; it requires administrators to manually apply a profile using the iPhone Configuration Utility, e-mail it to users or host it on a Web site and ask users to load it via Safari. That alone makes initial deployment a challenge, and it makes managing profile updates even harder.
Without a staff member manually applying profiles, there's no way to ensure that an updated profile is actually installed after it's released. This can pose headaches when pushing out security policies and ensuring that changes to other configurations -- in particular, Wi-Fi and VPN -- are updated.
Since the iPhone supports syncing of security policies from an Exchange server, it's clearly capable of these functions. Even if the capability isn't fully extended to all environments, providing a workable solution for Exchange environments would be a step in the right direction.