Can you manage an iPhone like a BlackBerry?

Users love the iPhone, but IT does not. The biggest complaints: The iPhone can't be managed for security and access policies like a BlackBerry can. Businesses can buy a BlackBerry Enterprise Server or Motorola Good for Enterprise server to manage user profiles over the air, ensuring that users conform to password policies, encryption policies, app-installation restrictions, and so on, as well as have their e-mail, VPN, and other settings preconfigured to reduce hands-on deployment effort.

For some time now, Apple's offered its free iPhone Configuration Utility for Windows and Mac that lets IT set up and install configuration profiles on iPhones in BlackBerry-like breadth. But it doesn't provide the over-the-air reach, the granularity of control, or the visibility that BlackBerry Enterprise Server offers. Lacking these key needs of larger businesses, iPhone Configuration Utility has been dismissed as a toy application.

InfoWorld Test Center's first look: What iPhone 3.0 brings to business -- and what it misses
Should you upgrade to iPhone 3.0 S or just get an iPhone 3G S? Tom Yager investigates.

But last week, Apple shipped the iPhone 3.0 OS that adds improved support for Microsoft Exchange ActiveSync policies, and it made available the 2.0 version of its iPhone Configuration Utility, with significant new management and security capabilities. Can IT now manage the iPhone in the manner of the BlackBerry and Windows Mobile device?

Smartphone showdown: BlackBerry Storm vs. the iPhone

To answer that question, the InfoWorld Test Center has been testing both the version 2.0 iPhone Configuration Utility and Exchange ActiveSync as approaches to managing iPhones to see how well they really work, and what types of IT and businesses can effectively use them -- and which cannot.

The short answer: Each tool has important capabilities that the other lacks. For managing our fleet of iPhones (and iPod Touches), we'd prefer to use them in combination. For shops not running Exchange, managing iPhones with the iPhone Configuration Utility alone has one critical drawback: Should the phone be lost or stolen, an administrator cannot initiate a remote wipe of the phone's data, or receive confirmation that a remote wipe occurred. But we found that managing iPhones via Exchange is no substitute for using the iPhone Configuration Utility.

iPhone Configuration Utility 2.0: Powerful but not scalable 

Apple's free iPhone Configuration Utility, boosted to a 2.0 version when iPhone 3.0 OS was released, has a rich array of policy controls that give IT great authority over iPhones and iPod Touches. The UI is easy to use, with various capabilities broken into "payload" sets that you switch among and configure for a given configuration profile. And they really do work, strictly enforcing their rules on the client devices.

The policies can be set so that an admin password is needed to remove them, as well as to allow user removal or completely prevent user removal. (For an IT admin to get around full removal prevention, you need to connect the device to your PC or Mac and run iPhone Configuration Utility's Remove feature on that device. That certainly gives IT control.)

The configuration utility has the password controls you'd expect, such as enforcing password entry to use the device and specifying restrictions (number of characters, disallowing repeating patterns, requiring a minimum number of characters overall and of symbols in the password, maximum password age, number of intervening unique passwords before one can be reused, and grace lock period before a password is required again). A key capability is being able to set how many failed password attempts wipe out the device's data, which turns the device into a brick. (A "bricked" iPhone can still make emergency calls, but that's it.)

For more enterprise computing news, visit InfoWorld. Story copyright InfoWorld Media Group, Inc.