One of the first questions I got from IT readers when Apple announced the April 10 order date and April 24 release date for the Apple Watch was, "How do we manage that?"
Apple hasn't responded to my inquiries on IT's behalf, but the recent update to the Apple Configurator tool, the manual MDM (mobile device management) tool that Apple provides, gives the answer.
In short, IT can't block use of the Apple Watch, even with supervised iPhones. (In Apple's parlance, "supervised" devices have the highest level of IT controls applied and are meant for corporate-provisioned devices, versus "managed" devices that are more oriented to BYOD deployments.)
What IT can do is apply a policy that restricts the Apple Watch's use to when it is actually on the user's wrist. One fascinating security control in Apple Watch is that it learns who its user is by monitoring the person's pulse.
Thus, once their MDM tools are updated for iOS 8.3, IT can ensure that notifications such as those from email or Salesforce.com will display only when the user is actually wearing the Apple Watch. Sure, an executive might fall asleep in an airport lounge and create an opportunity for a spy to read his or her alerts on the smartwatch, but that's getting into security paranoia, not everyday concerns.
Likewise, IT can ensure that only the authorized user can use the Apple Watch to initiate any actions by requiring that the wrist check be enabled.
Otherwise, there's no specific management of the Apple Watch available beyond what can be managed on the iPhone. But that's a lot. Remember: The Apple Watch is a peripheral to the iPhone 5 or later, and the smartwatch apps are actually smartphone apps.
By using Apple's iOS policies via an MDM server, OS X Server, or the Mac's Apple Configurator app, IT can manage which apps can be updated or removed, which personal apps' data can be shared with corporate apps and vice versa, when VPNs are used, whether Touch ID is enabled, when AirPrint and AirPlay are allowed, which networks can be accessed, password requirements, and whether and how Siri can be used.
Siri is a potent control over the Apple Watch because Siri is one of its primary interfaces. Apple's MDM policies include disabling Siri and preventing Siri's use when the iPhone is locked. Such Siri policies will have the side effect of making the Apple Watch much less usable, so be sure to think through your Siri policies.
If you're dead set against Apple Watch use in your organization, you could disable both Bluetooth and Wi-Fi on the iPhones to prevent the necessary connection for the Apple Watch to work. But that's a drastic step for a very low security risk. Plus, it disables the ability to make hands-free calls (a very risky corporate standard to set if an accident results) or use noncellular data connections (an expensive way to communicate).
IT has 10 days to implement any policy changes before the first Apple Watches begins appearing on April 24. Now's the time for thinking through any policy adjustments you might make.