apple

whats new in enterprise – iOS14 and macOS Big Sur

matthias mader

apart from consumer features from iOS with it’s homescreen widgets, app libary, app clips or picture-in-Picture and many other features (already available in Android) – so, what’s new about managing the new release to utalize of enterprise with mdm

iOS 14 release date, beta, features and compatible iPhones @techradar

announced at wwdc 2020 the upcoming releases are packed full of features even for enterprise, a lot a leasons learned from iOS transered to macOS and some highlights in my opinion

  • macOS enrollment – more seamless with detailed options to ease the onboarding process
  • auto advance for mac – added an offline enrollment method that just require connecction network and power
  • lights out management for mac pro, payload via mdm
  • user enrolled macOS are supervised !!!
  • macOS managed software – defer updates up to 90 days, same as for iOS or force update
  • macOS managed apps – remove by mdm, managed app configuration or convert from managed to unmanaged
  • download profiles for macOS – privacy from iOS to prevent mistakes and manually install profile iOS-style
  • shared iPad for business – multi user device with managed apple id via apple’s abm
  • non-removable managed apps – homescreen layout advanced to allow rearrange but prohibit uninstall of apps
  • managed openin support shortcuts app
  • set timezone – without location service
  • per account vpn – mail,contact,calendar for same domain
  • encrypted dns
  • randomized wifi mac

about managing apple devices at wwdc @apple

read more about how to join and even downgrade from beta

downgrade beta

…it’s quite easy to join a public beta, a lot of chinese vendor develop there software while customer already using it – for ios and android it is possible to get a sneak look into new features or test changes behaviour in your enterprise environment before public rollout join beta at https://beta.apple.com/ https://www.google.com/android/beta top 3…

by matthias mader

technology

picture-in-picture checkup 2020

matthias mader

let’s have a look how to use, why it is useful, what other alternatives are around or how to implement – this was introduced recently in iOS14, appletv already provide this feature, but just in tv app

almost every modern tv got it’s own picture-in-Picture (PiP) and even youtube in browser offers a PiP option with a miniplayer

beginning from api Level 26 the PiP is available for android devices, very useful to navigate with google maps while browse for a new playlist … but:

  • feature support no equal between vendor and app developer (e.g. brave browser doesn’t switch to PiP from fullscreen on honor devices)
  • picturesize is not scaleable, there are just 2 predefined views
  • usability how to open differ from os level or vendor

in my opinion, the best way to view video while doing something beside is splitscreen view with 2 different apps/browsers, although is depends on vendor/app > long press recent apps button on huawei respectively swipe up at samsung with long press relevant app icon to show option, or use app pair from samsungs side panel

with apple’s new mobile os 2020 this feature is finally also available, even your able to make video window larger or pinch to zoom and you got the option to keep audio playing while docking video side and with the benefit of the same behaviour for all iOS devices

copied but well impemented

technology

save data or at least reduce the consumption, optimize for rural regions, holidays, etc.

matthias mader

your inclusive data volume is up… throttling to 64 kbit/s.

the consuption of data doubles every year, the mobile abo’s evolved as well but there is a gap between the required data volume for services and the availbale mobile capacity, below approximately amount for different services

teams e.g. need for a group websession 1 Mbps, when turn off incoming video it could reduced further for about 75%, tested by myself, round about 1GB per workday

read below some further tipps in different catagories to optimze mobile data consuption

windows

right at your windows10 device, your can select your phone hotspot as a metered connection, cellular data connections are set as metered by default

below you can additionally view data usage per app and set a data limit

chrome android

  • at your android enable for chrome browser the lite mode in settings > advanced > turn on lite mode
  • data usage of apps and set a capacity limit could be reviewed in settings > mobile network > data warning (depending on android vendor)
  • file download, disable in your mail client or chat app the automatic download of media and attachments
  • other browser e.g. Brave to use integrated add blocker and enable data compression
  • battery saver, when enabled disallow app launch in background and disable push notifications

iOS

with iOS13 there is a new feature called low data mode, enabel in settings > mobile data

also possible to review the volume per app in mobile data and disable unreqired

spotify

reduce consuption for your favourite playlist, choose

  1. tab start
  2. tab settings
  3. tab data saver
  4. enable it

offline

try plan to use offline apps, while download and store data infront of traveling, read below

offline is the new online

in times like always connected, it could happen – no connection – no fear, here are apps with offline functionality to bridge with google maps – download areas and maps offline, others maps.me, here   spotify – offline music in flight mode, required premium subscription   amazon kindle – ebooks pay it, download it, read it offline…

by matthias mader

… check every app whether it offers a data save option

google

android 11 beta public available

matthias mader

dessert code name, but lots of new features, focused on three key themes: People, Controls, and Privacy

perform update at https://www.google.com/android/beta for the following devices:

  • Pixel 2
  • Pixel 2 XL
  • Pixel 3
  • Pixel 3 XL
  • Pixel 3a
  • Pixel 3a XL
  • Pixel 4
  • Pixel 4 XL

… best obviously feature so far:

  • Priority conversations, mark as “priority”
  • Media controls, in Quick Settings
  • Bubbles, chat over other apps
  • Notifications, simpler and more control
  • Conversations
  • Do Not Disturb, per App
  • Screenshots, in lower left corner
  • Screen recording, native android feature
  • Privacy, one-time permission to localtion, camera or mic

further with Project Mainline, google push key system components directly over the air independant from carrier/vendor

btw Easter egg isn’t updated yet (in Settings > About phone > Android Version > repeatedly tap on Android version)

unwrapping android 11 beta plus more @google


microsoft

windows 10 may 2020 update – what’s in it

matthias mader

microsoft published is next update for windows 10 – called version 2004 – are your ready ?

What’s new in Windows 10 for IT Pros

  • Windows Hello, support Fast Identity Online 2 (FIDO2)

special items have picked, full list @microsoft

windows 10 is smarter as you’d might think

check out these features to improve your daily work dynamic lock since Microsoft doesn’t offer own smartphones anymore, they integrate some clever/smart features to connect with mobile devices – e.g. ensure that your windows 10 is locked when your away from keyboard with dynamic lock picture password to get rid of long passwords with complex…

by matthias mader

what’s new in MDM for Windows 10

for enterprise some configuration service provider (csp) have added or advanced

TopicDescription
Policy CSPadded new policies in Windows 10, version 2004: •ApplicationManagement/BlockNonAdminUserInstall •Bluetooth/SetMinimumEncryptionKeySize •Education/AllowGraphingCalculator •TextInput/ConfigureJapaneseIMEVersion •TextInput/ConfigureSimplifiedChineseIMEVersion •TextInput/ConfigureTraditionalChineseIMEVersion
DevDetail CSPadded the following new node:
Ext/Microsoft/DNSComputerName
EnterpriseModern
AppManagement CSP		added the following new node:
IsStub
SUPL CSPadded the following new node:
FullVersion

select Start  > Settings  > Update & Security  > Windows Update and select Check for updates otherwise click below

security

deploy client certificates – secure your data

matthias mader

cybersecurity thread gain more and more weight and potential to harm your seriously, time to protect your data

asymmetric cryptography enable two parties to communicate securely with eachother, by using a related private and public key, let’s have a lot how to usalize

X.509 is the official standard for public key certificates, secure the access to webbased services or protect access via vpn or wifi – the schema below is my interpretation, or definition @wikipedia

x.509 client certificate authenticiation

OpenSSL

OpenSSL is a cryptographic tool, open-source, to provide free encryption – jump in to see how easy to generate private security certificates

FIRST generate private key for your certificate authority (ca)

openssl genrsa -out ca.key 4096

create ca certificate from key, fill out the reqired certificate information

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

implement ca certificate in your application/service

NOW create client private key …

openssl genrsa -out /etc/nginx/ssl/key/client_abc.key 1024

… and certificate signing requst (csr)

 openssl req -new -key client_abc.key -out client_abc.csr

SIGN the client certificate

openssl x509 -req -days 365 -in client_abc.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client_abc.crt

provide client certifcate to used client devices

online/hosted service

CAcert is a comunity-driven and want to push awareness for encryption und education by providing cryptographic certificates

enterprise

several vendor offer pki services – microsoft provide it’s windows server 2008R2 buildin certificate services selfhosted, with network device enrollment service (ndes) for automated client certificate enrollment – others like digicert/globalsign/etc. provide payed hosted services

apple

iOS client certificate authentication or iOS13.5 – the real important fix

matthias mader

“Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.”

https://nvd.nist.gov/vuln/detail/CVE-2015-1129#VulnChangeHistoryDiv

Impact: Users may be tracked by malicious websites using client certificates

Description: An issue existed in Safari’s client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates.

security content of iOS 9 @apple

apple

jailbreaking made easy for everyone [update: fix out now]

matthias mader

even with the current release of iOS13.5 it is possible to jailbreak an iOS device, to either customize your design or even worse to get around systemlevel security

  • first your need to download AltStore, also sideload any ipa without a jailbreak
  • trust App as developer in settings on your device
  • open unc0ver.dev and select “Open in AltStore”
  1. open unc0ver to perform jailbreak
  • done, now check Cydia App for Tweaks e.g. OpenSSH
we’re connected via putty

but in my opinion…

  • require a desktop macOS/Win10/LInux perform
  • AltServer works just for a single device at a time
  • unc0ver needs to be excuted after a device reboot
  • iOS 13.5.1 beta already fixed is [update: is fixed right now]
  • minor benefit for personal
  • enterprise are aware of this issue and scan device with UEM and Advance Thread Detection

it will always be a cat-and-mouse game 

technology

websessions with custom background

matthias mader

in times of corona in homeoffice and a lot of websessions it’s a nice feature to hide your background or change carpet color

teams

offer “background effects” to insert custom image to live video, at windows add your custom image here

%APPDATA%\Microsoft\Teams\Backgrounds\Uploads

zoom

called as virtual backgrounds it is also possible to hide real background, for multiple os and even with custom files

webex

called as video background it is for suce possible to add custom background, since a few days also for iOS devices

… and many many more

technology

gather ios device logs on the fly without a mac

matthias mader

it usually requires a mac with configurator installed to gather iOS device logs while troubleshooting an issue, there a some alternatives around…

#1 virtualize macOS

… and use apple’s configurator on windows, read more how to establish this below

touch @macos

apple introduced the “all news” touch bar in 2017 for macbook pro, but what most mac users missing is a touchscreen – the addon airbar, extra hardware attached to the screen, looks unbeautiful every smartpsmartsmaand a lot other notebook own a touchdisplayt, so what to do if you don’t want to run or carry separate device – vitualize…

#2 itools

as an alternative software for iTunes, it it further able to access device logs and is supported at windows & macOS for the following devices

iPhone X, iPhone 8,iPhone 5, iPhone 6, iPhone SE, iPhone 7,iPhone 5C,iPhone 5S, iPhone 6S,iPhone 6 plus, iPhone 6S plus, iPhone 7 Plus, iPod touch, iPad 4,iPad Mini 4, iPad Mini 3 and iPad Mini 2,iPad Pro (9.7 , 12.9 inch),iPad Air and iPad Air 2

#3 buildin analystics

even directly from the device it self it’s possible to gather debug information, with this workaround

  • enable AssistiveTouch
  • select analytics
  • press virtual Homebutton
  • reproduce the issue/crash
  • upload logs