INFO: MobileIron Frequently Asked Questions (FAQ) for iOS

MobileIron & Tunnel/Tunnel Legacy Background Information

➤ What is MobileIron?

For details, please see INFO: MobileIron: What is it and Why do I need it?

What Mass General Brigham can and can not see?

For details, please see  INFO: MobileIron: What Mass General Brigham Can and Can Not See on your Mobile Device.

➤ Can Mass General Brigham monitor the web traffic on my phone?

No. Mass General Brigham does not have the ability to monitor or track website usage through MobileIron.

For details, please see INFO: MobileIron: What Mass General Brigham Can and Can Not See on your Mobile Device to review the attached privacy document in PDF form.

➤ When I try to register for MobileIron, I am getting an "Unsupported Browser" error message.

Please use the mobile Safari browser to enroll your iOS device into MobileIron. Also, verify that you are going to the correct enrollment URL "http://enroll.partners.org".

What is MobileIron Tunnel or Tunnel Legacy?

iOS: Tunnel, enables iOS’ on-demand VPN function. Your phone will automatically negotiate a VPN connection with Mass General Brigham on an as-needed basis to allow you to access Partners resources. It does this by using device certificates without any additional input from you.

Android: Android leverages Google’s Android Enterprise configurations to enable an always on or always off VPN session. This is enabled manually by you and authenticates using device certificates without any additional input from you.  

➤ What apps use MobileIron Tunnel?

Currently, Safari, Haiku, and Docs@Work utilize tunnel. Other apps will be added over time to further secure our environment. For example, by leveraging Safari Managed domains, your phone will initiate a VPN connection whenever you access a Mass General Brigham website such as SharePoint, The Pulse, or the Mass General Brigham Homepage.

Other website traffic, such as Facebook, Twitter, etc will not pass through the MobileIron Tunnel. Epic Haiku and Canto will use the MobileIron Tunnel to initially configure itself for the production environment. Subsequent usage of Haiku and Canto will also use Tunnel to ensure all traffic from your device to EPIC is secured and routed through the network infrastructure on its way to the EPIC servers.  

➤ Why does the VPN icon turn on when I use Safari?

  • Safari uses technology called, "split tunneling".
  • The VPN icon will turn on when necessary and traffic destined to *.partners.org, *.bwh.harvard.edu, and *.mgh.harvard.edu will flow down through that tunnel.
  • Traffic to other websites, say, boston.com, espn.com, etc will not go down the tunnel.
  • Safari utilizes "pre-fetching" which pre-loads a website into memory in anticipation that you might go to it.
  • If you have any bookmarks for Mass General Brigham, BWH, or MGH, Safari will automatically pre-fetch the contents of that website and turn on VPN while doing so. 

MobileIron Enrollment Issues 

NOTE: You must use Safari on your iOS device to enroll your device into MobileIron.

➤ ISSUE 1 - Safari just hangs or I get a blank screen when trying to enroll.

Troubleshooting Steps:

  1. Verify proper Safari Settings (these reset Safari to the default settings)
  2. Settings > Safari

    • Block all Cookies: Set to NO
    • Advanced > Javascript: Set to YES

➤ ISSUE 2 - I can't authenticate when trying to enroll at "http://enroll.partners.org". My password works elsewhere.

Troubleshooting Steps:

  1. Ensure that you are using your Mass General Brigham email address.

    • If you do not know your email address, you can look it up on this website.
  2. Clear your browser cookies: Settings > Safari > Clear Website History and Data
  3. Please wait 30-45 minutes and try again.

    • The authentication server can sometimes be busy servicing other requests or synchronizing with Mass General Brigham directory servers.

➤ ISSUE 3 - I can not enroll my device because "Device Management is already installed".
Note: There can only be one MDM solution installed on a device; This is an Apple limitation.

Troubleshooting Steps:

  • Mass General Brigham employees needing to access their email and additional company resources must enroll their devices into MobileIron.

    • If you have an MDM solution installed by another company, you must remove that other company’s MDM in order to get access to Mass General Brigham resources.
    • Contractors or employees of other company’s who have MDM from their own company should consult with their company’s IT department before attempting to remove MDM and enroll into Mass General Brigham MDM
  • If you are unable to install Mass General Brigham MDM on your smartphone, then access to your email from a smartphone can only be done via OWA + 2FA. 

Mail, Calendar, Contact Synchronizations Issues

Note: The #1 most common cause for mail, calendar, or contact synchronization issues is the presence of multiple Mass General Brigham email configurations on your iOS device.

➤ ISSUE 1 - Can't Connect To Server, Not Receiving Mail, Duplicate Calendar Calendar Entries

Troubleshooting Steps:

  1. Settings > Mail > Accounts - OR - Settings > Accounts & Passwords

    • Verify that there is only one account present for Mass General Brigham
    • The one provided by MobileIron is titled "PARTNERS (OAUTH)" (all caps). If there is a second one, please remove it.
  2. Settings > Mail > Account > PARTNERS (OAUTH) - OR - Settings > Accounts & Passwords > PARTNERS (OAUTH)

    • Re-enter your password and tap Done. Look for a series of check marks or for an error message.
    • After entering in the password let the phone sit for a few minutes.
    • Open up the Mail app and scroll down to see if the phone has populated your Mass General Brigham email folders. If so, allow more time to let the phone pull down your email, calendar, and contacts.
      Note: A strong LTE signal or WiFi (not phspiaguest) will help.
  3. Toggle the mail configuration:

    • Settings > Mail > Accounts > PARTNERS (OAUTH)
    • Toggle the mail icon off.
    • Wait 1 minute and toggle it back on.
    • Return to the home screen and wait a few minutes before checking mail. 

Note: The reason for the pauses when checking mail is that we want to prevent connections from your device from being throttled by the mail server.
Whenever you pull to refresh, switch folders, toggle mail on/off, etc, your phone sends a series of commands to the server.
The servers can sometimes interpret this as a device acting suspiciously and throttles the connections. 

➤ ISSUE 2 - I was just migrated to O365 / Exchange Online and mail stopped on my phone.
In most cases, you do not need to perform any actions after being migrated to O365, though sometimes cached entries of your previous connection attempts prevents O365 from delivering mail.

Troubleshooting Steps - Toggle the mail configuration:

  1. Settings > Mail > Accounts > PARTNERS (OAUTH)
  2. Toggle the mail icon off.
  3. Wait 1 minute and toggle it back on
  4. Return to the home screen and wait a few minutes before checking mail.

➤ ISSUE 3 - My contacts are not syncing with numbers I have in my recent call logs and text messages.
iOS will automatically re-associate these contacts as it re-indexes your Microsoft Exchange account. The amount of time it takes for iOS to do this depends on many factors, such as the strength of your internet signal, the age of your iPhone/iPad, the numbers of contacts, and the amount of mail.

Troubleshooting Steps:

  1. Allow time for your device to re-synchronize and re-associate your contacts.

➤ ISSUE 4 - Battery Drains too quickly or phone gets extremely hot.
This is due to the presence of multiple mail configurations for your Mass General Brigham email, causing your phone to check for mail twice, display calendar entries twice, etc.

Troubleshooting Steps:

  1. Settings > Mail > Accounts - OR - Settings > Accounts & Passwords
  2. Verify that there is only one account present for Mass General Brigham
  3. The one provided by MobileIron is titled "PARTNERS (OAUTH)" (all caps). 

    • If there is a second one, please remove it.

➤ ISSUE 5 - I am getting duplicate calendar reminders and emails.
This is due to the presence of multiple mail configurations for your Mass General Brigham email, causing your phone to check for mail twice, display calendar entries twice, etc.

Troubleshooting Steps:

  1. Settings > Mail > Accounts - OR - Settings > Accounts & Passwords
  2. Verify that there is only one account present for Mass General Brigham
  3. The one provided by MobileIron is titled "PARTNERS (OAUTH)" (all caps).

    • If there is a second one, please remove it.

➤ ISSUE 6 - Calendar entries I make on my phone do not sync to my Mass General Brigham calendar.
Ensure that the Default Calendar is set to "PARTNERS (OAUTH)" or that you explicitly choose "PARTNERS (OAUTH)" when creating a new event on your phone.

Troubleshooting Steps:

  1. Settings > Calendar
  2. Default Calendar > Select PARTNERS (OAUTH)

Escalation

If further assistance is needed, please contact the IS Service Desk.

Related Articles

Go to KB0033978 in the IS Service Desk

Related articles