Managed apps: Data separation with iOS in practice
To ensure complete data segregation and device security, more advanced policies can be set up for iOS devices. These can be used, for example, to prevent 'managed documents' from being opened in 'unmanaged documents' (and vice versa), etc. Furthermore, it is possible to use MDM to prevent certain Apple-specific functions from being used, such as AirDrop. Also, the web browser should be restricted if it is not intended that users should have unrestricted access to all content on the Internet.
A detailed description (in English) of which restrictions are recommended can be found here.
Ultimately, however, it is always necessary to test independently which guidelines and restrictions make sense individually. If the device is restricted to such an extent, the user-friendliness may well be lost. Employees then tend not to feel inclined to actually use the devices.
Advantages of data separation with iOS
As mentioned above, probably the biggest advantage of this type of data separation is that there is only ever one profile on a device that needs to be managed. Another advantage lies in app distribution: by separating into managed and unmanaged apps, the company always remains the owner over the apps it installs. Even if the device becomes the property of the user, e.g. through leasing, the company apps, including all data, can simply be uninstalled. Furthermore, it ensures that data that is private stays private and vice versa. This also means that the company cannot gain access to the unmanaged apps (and cannot see which ones have been installed), but the employee, in turn, cannot simply uninstall the company apps if they do not suit them. Ultimately, colleagues and management should be concerned with a fair approach to the use of mobile devices. This also means accepting this separation.
For companies whose employees are to be equipped with Apple devices, (Psst! Also check back here to see if iPhones really fit your company) the form of data separation that iOS uses is ideal. It combines all the necessary personal and business apps on one device, but without ever limiting usability. With the company having sole access to the managed apps, there is no risk of private apps ever being deleted. At the same time, corporate apps can also not be deleted and the use of the device can be restricted to a certain extent.
This maintains good usability of the device for work.