[ad_1]
Wait, no, do not close the tab! Do not do it! Yes, it is the company. I know. But, wait a second. These new features for iOS 13, iPadOS and macOS Catalina in business are: cool. Mainly because I like what they might well suggest for the future of all Apple's operating systems … and for all of us.
security
I will divide this into three parts. Well, two parts actually since the first part, security, I had already covered in my video macOS Catalina an hour.
This includes read-only system volumes, kernel extensions, DriverKit, and the Gatekeeper, which does not only check for malware at first launch, but at every launch, notarization, and a series of new privacy permissions.
I will not waste your time repeating it, so check out the link in the description for full details.
Management
The second part, management, is where it starts to cool down. Now, Apple has offered device registration for a while. This is where a company uses a mobile device management system (MDM) to control a device, decide what you can and can not do, and take ownership of it, from code creation to complete removal.
Previously, Apple had added automatic device enrollment. The idea was zero contact. For example, an iPhone purchased by a company could be shipped to an employee, always packaged, and that employee could open it, and it would be ready to run, no computerist with a cable or cable. a practical configuration is not necessary. And from there, the company could manage it as needed.
And it's great, for the iPhones of the company. Now, Apple will let even automated registrations create personalized branding, content, consent text and authentication related to cloud-based identification providers.
However, BYOD – bring your own device – has been a problem for over ten years now. This is where a company allows employees to freely buy the devices they want to use or simply saves money by having them buy their own devices, or both.
In reality, if you buy it, you own it and your business should no longer have total control.
At least that's where Apple pulls the line when it comes to control: whoever bought it understands it.
And this brings us to the latest feature: User Registration.
The best way to describe it is that it is your device and your documents, but it allows your company to give you some of their documents and only manage the documents they have provided.
You download a registration profile, launch the settings, tap Register, and then sign in with the managed Apple ID that your company has assigned to you. More on that in a bit.
Once registered, the company gets its own unique identifier for the device, which only persists for as long as it is registered. They can set up accounts, application-specific VPN, and company-installed applications. They may require an authentication code and set certain restrictions.
What they can not do is get other credentials for the device, such as serial number, UDID or IMEI, require a complex alphanumeric secret code, support the management of any application installed by the device. user, erase the device remotely, access any type of device. cell functions, add anything that collects log information or add supervised restrictions.
Again, Apple draws the limit on the owner of the device. If the company requires you to buy it or bring it, it's up to you, not them, and they can not take full control of it. It rests with you.
For this to work, user registration creates a separate APS volume for managed accounts, applications, and data. It is cryptographically separated from the rest of the device and is not saved to the iCloud account of the user.
Notes, Files, Third Party Applications and Keychains are completely separate. The mail and the calendar are partially separated. For mail, previews and metadata remain on the user's volume, just like calendar events.
When you unregister it, the separated volume and its encryption keys are destroyed and all the applications, accounts, and configurations removed by the company are deleted.
Identity
The third part of all this is identity. User registration is integrated with managed Apple IDs, which can be created by Apple School Manager for Training and Apple Business Manager for the company. They can also be federated with Microsoft Azure Active Directory.
Managed Apple IDs provide access to iCloud Notes, iCloud Drive, iCloud contacts and calendar, and other services.
And, for user registration, the personal Apple ID is associated with all your personal content and managed Apple ID, to everything that has been pushed by the company.
In addition, there is a new single sign-on extension for native applications and the Web, so you do not have to create, manage, and store separate, unique, long, and strong passwords for each application and service.
It is used by identification providers and configured by the MDM. Thus, once connected, this connection only works for all your company's applications and services, iCloud keychain, application-based VPN, multifactor authentication and notifications.
There is even a Kerberos extension for authentication of Web sites and Active Directory services.
Taken together, it should allow everything to coexist peacefully, privately and securely, on a single device, without having to manage separate environments.
It's a smart implementation, but I'll let all IT professionals tell me how it works for you in the comments.
[ad_2]
Source link