The other three extension types involve custom keyboards, widgets for the Today pane in Notification Center and photo editing.
It's important to note that extensions are essentially apps or parts of apps. That means Apple's managed open-in rules can be applied to them. Doing so, particularly with third-party apps, may have unexpected consequences. IT departments should approach this challenge on two fronts. The first is to discuss options with your EMM vendor to understand how your particular solution will manage extensions; the second is to test a broad range of extensions from the App Store before applying any restrictions to enrolled iOS devices.
You should also provide adequate support in case users encounter unexpected behavior — and have a process in place to verify and respond to such incidents.
Apple has made Touch ID available to developers for authenticating users or authorizing access to data, services or cloud/network resources. This presents both a challenge and an opportunity in enterprise environments.
The challenge is that third-party apps, installed by the user or via an EMM/enterprise app store, can offer Touch ID as an alternative to traditional authentication methods. Depending on your security standards, this may conflict with specified authentication requirements, particularly for managed apps. Disabling Touch ID is supported in Apple's EMM framework, but doing so might stop people from using Touch ID fr personally-installed apps and it could even prohibit the use of Apple Pay. (Details on this remain unclear at the moment).
The other implication of Touch ID is that enterprise app developers are free to use it just as much as consumer app developers. Apple's Touch ID system largely works as a shortcut to passcodes or login credentials, much as it did in iOS 7 for unlocking a device or authorizing an iTunes/App Store purchase. The system is highly secure and generally more convenient, which may make it an attractive option for internal of business-to-business apps. Here's more information on Touch ID and the implications for iOS 8 in the enterprise.
Apple introduced Kerberos-based single sign-on in iOS 7. In iOS 8, it has added support for certificate integration with single sign-on that allows a device to automatically refresh Kerberos credentials, allowing users to continue working with enterprise resources without needing to reauthenticate.
Handoff isn't part of the initial iOS rollout, in part because it's designed to function with Macs running OS X Yosemite, the final version of which won't be out until next month. Handoff is a great user feature, particularly for users who switch frequently between a Mac and iOS devices. It will also be included in the Apple Watch for exchanging tasks with a paired iPhone (and potentially with a Mac as well). This does present some concerns for IT departments, because it could mean sharing tasks — and therefore data — between an iPhone and a personal Mac.
Sign up for CIO Asia eNewsletters.