Apple @ Work is brought to you by Mosyle, the only unified Apple platform. Mosyle is the only solution that fully integrates 5 different apps into one single Apple platform, allowing businesses and schools to easily and automatically deploy, manage and protect all of their Apple devices. More than 32,000 organizations use Mosyle solutions to automate the deployment, management and security of millions of Apple devices every day. Request a FREE account today and find out how you can put your Apple fleet on autopilot at a price that’s hard to believe.
Security has never been such a critical component of an IT department’s budget, time and attention. Remote work has continued to change the way security enhancements are delivered, with the focus shifting from securing the campus network to securing the device. This week, I want to see what impact Managed Device Attestation will bring to IT employees looking to support remote workers.
About [email protected]: Bradley Chambers managed a corporate IT network from 2009 to 2021. With his experience deploying and managing firewalls, switches, mobile device management system, Wi- Fi enterprise, hundreds of Macs and hundreds of iPads, Bradley will highlight the ways Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management and ways Apple could improve its products for IT services.
Prior to remote work, IT departments spent much of their time on security by location. When users needed access to organizational resources, such as websites, servers, and databases, you ensured that they could set up a VPN tunnel or require them to be on campus. Essentially, security was designed to protect resources with a security boundary. Unfortunately, this model hasn’t kept up with the way people interact with modern, remote organizations. Because cloud service providers place resources outside the campus perimeter, threats can originate from inside the office.
Apple’s answer to this problem with called Managed Device Attestation, and it’s coming with iOS 16. Managed Device Attestation is a new security feature for iPads and iPhones that will use the Secure Enclave device to provide strong assurances that the device requesting access is the device it claims to be.
These security enhancements only require trusting the Secure Enclave and Apple’s attestation servers, which access Apple’s manufacturing records and operating system catalog. If you use the devices and keep data on them, you probably already trust them anyway. Managed Device Attestation takes the typical security posture (identity, location, time, connectivity, management, etc.) and takes it to the next level.
Conclusion on Managed Device Attestation
The DeviceInformation MDM command has been enhanced so that the benefits of attestation are available to the MDM server. Apple has also added support for an Automatic Certificate Management Environment (ACME) payload. I won’t go into the technical details of Managed Device Attestation, but I want to point out Apple’s presentation at WWDC on the subject. Apple details how managed device attestation will ensure IT professionals know that devices interacting with the infrastructure are the device they claim to be. In a world that is a mix of SaaS applications, on-premises servers, remote working, and hybrid, managed device attestation is an incredible way for IT pros to increase security using Apple hardware (Secure Enclave) with a strong software link.