tim cook recently spoke about user data and privacy, while criticizing technology companies, like google or facebook
iOS is enterprise’s first choice for mobile activity, egnyte‘s enterprise insight showed a clear weighting and content is getting more more mobile
the biggest change since iOS5 introduced supervised devices and open-in management debuted in iOS7
iOS 13 will available in fall 2019 – since google is pushing hard with android enterprise to fit business needs, with it’s buildin containerization based on samsung’s KNOX – iOS 13 provide more granular security and better privacy restriction
enrollment methods
there are already rolled out thousands of iOS devices with either manually installing a mdm profile (uamdm) or centralized with device enrollment program (dep) to get the device under control of a unified endpoint management (uem) – additionally you can enable your iOS device as supervised either while dep enrolled or via apple configurator connected to a mac
newly added – user enrollment – previously an administrator of a managed device was able to retrieve the installed apps, remove the passcode or wipe the entire device – at least the privacy controls of the registered uem prohibit this features to individuals – with user enrollment there are huge improvements to the users privacy
user needs to login with managed apple id
uem unable to retrieve device information like IMEI, serial or mac address
private apps aren’t reported to uem
no control about device passcode or to wipe the entire device
still the configuration of wifi, vpn or exchange accounts will available
other existing restrictions reserved for supervised devices, see listing below
restriction changes
allowSafari, available since iOS 4, require supervised device as of iOS 13
allowVideoConferencing, available since iOS 4, require supervised device as of iOS 13
allowWiFiPowerModification, available for supervised iOS 13 devices
safariAllowAutoFill, available since iOS 4, require supervised device as of iOS 13
allowAddingGameCenterFriends, available since iOS 4.2.1, require supervised device as of iOS 13
allowAppInstallation, available since iOS 4, require supervised device as of iOS 13
allowCamera, available since iOS 4, require supervised device as of iOS 13
allowCloudBackup, available since iOS 5, require supervised device as of iOS 13
allowCloudDocumentSync, available since iOS 5, require supervised device as of iOS 13
allowCloudKeychainSync, available since iOS 7, require supervised device as of iOS 13
allowContinuousPathKeyboard, available for supervised iOS 13 devices
allowExplicitContent, available since iOS 4, require supervised device as of iOS 13
allowFindMyDevice, available for supervised iOS 13 devices
allowFindMyFriends, available for supervised iOS 13 devices
allowiTunes, available since iOS 4, require supervised device as of iOS 13
allowMultiplayerGaming, available since iOS 4.1, require supervised device as of iOS 13
read a full list of apple’s device management restrictions here
Sign in with Apple vs. managed Apple ID
while sign in with apple is the approach to to compete with google or facebook as a identity provider (idp) for external services, for business on the other hand managed Apple IDs were so far to manage functions of Apple Business Manager, since WWDC 2019 it’s necessary to register with user enrollment, enterprise create additional account’s for byod user to add to their device, keeps data completely separated between both accounts, hopefully compared to now:
iPadOS
along with iOS13 apple separate to path between iPhone and iPad with a standalone OS, finally iPadOS can provide more feature to the tablet, a classic desktop replacement could possible – view the demo below
stay tuned for final release around mid-september with likely new 2019 iPhone
ios12was announced and demonstrated at wwdc, beta started at june 19th and public beta followed at june 25th
since ios 11.3 it is possible to surpress ios update on managed devices – cause you want to test new releases in your infrastructure – ensure that all of your productivity apps running fine with the new version
it is mandatory that those devcies are supervised, setup with apple device enrollment program or enabled with apple configurator
with current emm vendor it is possible to simply enable/disable this value – otherwise configure a profile in apple configurator, either send it via mail or upload to enterprise mobility management suite and deploy remote
This slideshow requires JavaScript.
if your device running ios version below ios 11.3 your able to configure global http proxy – with *.pac file your able to redirect apple update url
madereal - enterprise mobility - innovation 