smaller and smarter as the big brother, automatically create a pair in the same room and placing an iPhone near give visual/audio/haptical effects with UltraWide Band Chip, later this year – communicate via Intercom with other device in my home or need apple devices *wow*
there are sonos and other smart speaker around but in my opinion aren’t that smart, preorder start november 6th, shipping begins november 16th for just $99
iPhone 12
all new design? looks like a “Back to the Future” iPhone5, but infact with quite competitive harware improvements: 5G speed, A14 Bionic, Ceramic Shield, Edge‑to‑edge OLED display, Night mode on every camera and finall LiDAR (Light Detection And Ranging) to measure object distance, from size mini to max
iPhone 12 mini at $699
iPhone 12 s at $799
iPhone 12 Pro at $999
Phone 12 Pro Max at $1,099
MagSafe
also there are still wireless charging options but not tuned, cutout for the clock in cases with magnetic clips and apple “enable an all new ecosystem” mean even more money
after the more or less disappointing keynote in september “Time Flies” with e.g. the iPadAir this was inspiring in terms of:
apart from consumer features from iOS with it’s homescreen widgets, app libary, app clips or picture-in-Picture and many other features (already available in Android) – so, what’s new about managing the new release to utalize of enterprise with mdm
announced at wwdc 2020 the upcoming releases are packed full of features even for enterprise, a lot a leasons learned from iOS transered to macOS and some highlights in my opinion
macOS enrollment – more seamless with detailed options to ease the onboarding process
auto advance for mac – added an offline enrollment method that just require connecction network and power
lights out management for mac pro, payload via mdm
user enrolled macOS are supervised !!!
macOS managed software – defer updates up to 90 days, same as for iOS or force update
macOS managed apps – remove by mdm, managed app configuration or convert from managed to unmanaged
download profiles for macOS – privacy from iOS to prevent mistakes and manually install profile iOS-style
shared iPad for business – multi user device with managed apple id via apple’s abm
non-removable managed apps – homescreen layout advanced to allow rearrange but prohibit uninstall of apps
managed openin support shortcuts app
set timezone – without location service
per account vpn – mail,contact,calendar for same domain
…it’s quite easy to join a public beta, a lot of chinese vendor develop there software while customer already using it – for ios and android it is possible to get a sneak look into new features or test changes behaviour in your enterprise environment before public rollout join beta at https://beta.apple.com/https://www.google.com/android/beta top 3…
“Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.”
Impact: Users may be tracked by malicious websites using client certificates
Description: An issue existed in Safari’s client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates.
even with the current release of iOS13.5 it is possible to jailbreak an iOS device, to either customize your design or even worse to get around systemlevel security
first your need to download AltStore, also sideload any ipa without a jailbreak
usually it’s not that simple for apple user to install a previous version of an app, sideloading of apps is reserved for android devices or just in cydia store via iOS jailbreak
TestFlight is apple’s Beta Testing Service to test Pre-Release version with new features, it support up to 10.000 tester invited per mail or via shared link, your able to install newer and even older versions of the invited app, or switch betweeen versions is possible, but builds remain just active for 90 days
the link will refer to the previous installed TestFlight app, select the shared beta app and select any previous build
recently we noticed VPN wasn’t working, could be the disabled connect on demand option – nope – the entire VPN configuration was inactive?!
a bit history: apple introduced VPN on demand (VPoD) still in iOS 5, it’s required setup certificate authentication – at first it was just possible to define single domains, over the years it advanced to ignore, evaluate or disconnect for certain domains – along with iOS 7 apple intoduced Per-app VPN to connect specific apps – since iOS13 it is even possible to tunnel just mail/calandar/contacts domains
noticed that this just happed for VPoD configuration, even if a single domain overlap in OnDemand rule, always the last pushed VPN configuration is active
even though all other obsete profiles are remove, the VPN config stays in it’s current state, even if it’s the last remaining configuration
you either manually enable the desired config or repush the config via MDM to remote enable
even for enterprise mobility there is some interesing festure, with iOS13.1 it’s possible to silently update an App, it will close, update and continue in kiosk/single app-mode.
tim cook recently spoke about user data and privacy, while criticizing technology companies, like google or facebook
iOS is enterprise’s first choice for mobile activity, egnyte‘s enterprise insight showed a clear weighting and content is getting more more mobile
the biggest change since iOS5 introduced supervised devices and open-in management debuted in iOS7
iOS 13 will available in fall 2019 – since google is pushing hard with android enterprise to fit business needs, with it’s buildin containerization based on samsung’s KNOX – iOS 13 provide more granular security and better privacy restriction
enrollment methods
there are already rolled out thousands of iOS devices with either manually installing a mdm profile (uamdm) or centralized with device enrollment program (dep) to get the device under control of a unified endpoint management (uem) – additionally you can enable your iOS device as supervised either while dep enrolled or via apple configurator connected to a mac
newly added – user enrollment – previously an administrator of a managed device was able to retrieve the installed apps, remove the passcode or wipe the entire device – at least the privacy controls of the registered uem prohibit this features to individuals – with user enrollment there are huge improvements to the users privacy
user needs to login with managed apple id
uem unable to retrieve device information like IMEI, serial or mac address
private apps aren’t reported to uem
no control about device passcode or to wipe the entire device
still the configuration of wifi, vpn or exchange accounts will available
other existing restrictions reserved for supervised devices, see listing below
restriction changes
allowSafari, available since iOS 4, require supervised device as of iOS 13
allowVideoConferencing, available since iOS 4, require supervised device as of iOS 13
allowWiFiPowerModification, available for supervised iOS 13 devices
safariAllowAutoFill, available since iOS 4, require supervised device as of iOS 13
allowAddingGameCenterFriends, available since iOS 4.2.1, require supervised device as of iOS 13
allowAppInstallation, available since iOS 4, require supervised device as of iOS 13
allowCamera, available since iOS 4, require supervised device as of iOS 13
allowCloudBackup, available since iOS 5, require supervised device as of iOS 13
allowCloudDocumentSync, available since iOS 5, require supervised device as of iOS 13
allowCloudKeychainSync, available since iOS 7, require supervised device as of iOS 13
allowContinuousPathKeyboard, available for supervised iOS 13 devices
allowExplicitContent, available since iOS 4, require supervised device as of iOS 13
allowFindMyDevice, available for supervised iOS 13 devices
allowFindMyFriends, available for supervised iOS 13 devices
allowiTunes, available since iOS 4, require supervised device as of iOS 13
allowMultiplayerGaming, available since iOS 4.1, require supervised device as of iOS 13
read a full list of apple’s device management restrictions here
Sign in with Apple vs. managed Apple ID
while sign in with apple is the approach to to compete with google or facebook as a identity provider (idp) for external services, for business on the other hand managed Apple IDs were so far to manage functions of Apple Business Manager, since WWDC 2019 it’s necessary to register with user enrollment, enterprise create additional account’s for byod user to add to their device, keeps data completely separated between both accounts, hopefully compared to now:
iPadOS
along with iOS13 apple separate to path between iPhone and iPad with a standalone OS, finally iPadOS can provide more feature to the tablet, a classic desktop replacement could possible – view the demo below
stay tuned for final release around mid-september with likely new 2019 iPhone
madereal - enterprise mobility - innovation 