Our security folks have told us that we must not allow access to iPhones/iPads which have been jailbroken. Of course, there is no way to determine this at logon time, since there is no HostChecker. However, we are running a MDM (specifically, Airwatch) which can test a device to determine if it has been jailbroken.
What we are hoping to do is to have Airwatch verify that the device is not jailbroken, and then push a certificate to the iPhone/iPad. If Airwatch determines that the device is jailbroken, it will remove the certificate. What we would like to do is to use the presence of the certificate as part of the authentication or realm restrictions when the user logs on.
Ideally, we would like the user to be allowed to log in if the certificate exists, and to be prohibited from logging on if the certificate does not exist. Of course, we'd like to be able to tell the user why we refused them if we did.
Anyone else thinking of or doing something like this? I'm looking for good (and simple, if possible) ideas.