We are looking at the possibility of supporting iPad clients on our MWGs in explicit proxy mode. If possible we would like to use our existing NTLM authentication to a back end AD. Based on the experience we had with Macs (had to join them to AD and use MCP to make things work properly) I'm going to assume this is not going to be an easy task.
Is anyone doing this in the field? And if so what were your results?
In the past, I've worked with customers and they went the route of x509 or certificate authentication (using time based session with auth server). This meant that they distributed certificates out to the devices using an MDM, and then configured the iPads or iPhones to use MWG on a special proxy port (typically with wpad or proxy.pac).
The special proxy port allowed us to distinguish between normal proxy users (doing proxy auth) and byod or iDevices using x509 auth.
Separate from that, I have worked with some customers using wireless network controllers which allowed the MWG to query to see what users was logged into what IP address.
MWG then cached the information to reduce load on the wireless controller.
Apple devices in general do not play well with NTLM authentication so I tend to stay away from it.
If this is something you're interested in, let me know and we can have a chat!