Posted on in AirWatch, iOS, Learning, MDM/UEM, MEM, Mobile Computing, Mobility / Unified Management, Security, Tech

Securing work contacts while keeping caller ID 03: iOS with Boxer

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?”

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

Table of contents:

(more…)

Advertisements
Posted on in AirWatch, Android, Learning, MDM/UEM, MEM, Mobile Computing, Mobility / Unified Management, Security, Tech

Securing work contacts while keeping caller ID 02: Android

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?”

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

Table of contents:

(more…)

Posted on in AirWatch, Android, iOS, Learning, MDM/UEM, MEM, Mobile Computing, Mobility / Unified Management, Security, Tech

Securing work contacts while keeping caller ID 01: Android vs iOS

I had a week of customer meetings, each (literally!) asking the same question: “How can I prevent WhatsApp from grabbing the corporate contacts on my device?” This happens more often than you think – the infamous GetContact collected over 3.5B contacts in just a few months, all of which were officially available for sale! With GDRP in effect, how much could this cost?

Of course, both iOS and Android offer means to securely lock down enterprise data on BYOD devices. But this comes at a price of usability, the most cited problem being the caller it. We know that in the modern day an unhappy and discomforted user is essentially a backdoor waiting to happen. How can we keep this balance between security and productivity?

In this series of posts we will explore the options of deploying corporate email/contacts/calendars with the goal of maximal work/personal contact separation, while trying to minimally impair the user experience (such as the Caller ID).

We will explore several approaches, their limitations and shortcomings for iOS and Android. This post lays the foundations and provides a TL:DR style summary/comparison of my current findings.

Table of contents:

(more…)

Posted on in AirWatch, MDM/UEM

WorkSpace ONE Intelligence Custom Reports available + Free Trial of other features

Legacy AirWatch reports are being deprecated, and replaced by the next-generation Workspace ONE Intelligence Reporting. The point of this quick post is to provide a bullet-style quick overview and resources for further reading.

TL:DR

  1. they are cool, customizable, and free* (=included in all UEM v9.2.3+ license types ,  cloud and on-prem).
  2. There are even cooler features (custom dashboards, automation), which are premium, but a free 30-day trial is available.

(more…)

Posted on in Android, Mobile Computing, Security

Does Android P private DNS really contribute to privacy? Or to Enterprise control?

Private DNS is a new feature in Android P, which allows you to globally override the DNS settings (received from your carrier, hotspot provider etc.). This means that the said carrier’s or provider’s DNS servers will not be able to log your browsing habits.

Read more here (Android Police).

Screenshot_20180422-175014.png
Private DNS configuration (c) Android Police

This looks like privacy, but isn’t necessarily so…

(more…)

Posted on in AirWatch, iOS, MDM/UEM, Security

iOS Trustjacking protection with EMM

Trustjacking is a new “scary” attack on iOSnew “scary” attack on iOS devices, exploiting user’s lack of understanding or what’s going on. When plugging into an unknown computer or charger user may choose to “trust” it, which allows the remote device quite a degree of access to iPhone/iPad data. Many don’t realize that this trust remains after the device is disconnected and may be exploited, for instance, via Wi-Fi, if Wi-Fi sync is enabled. Many others also think that this trust is necessary for charging.

ios20blog2021-e1524555570975.png
What is really should read: “Your settings and data will be accessible from this computer even after disconnected. You DON’T need this for charging”

Basically, Apple should have looked at how Android 6+ has a “charge only” USB mode by default, fixed the wording and be done with it.

Protecting from this attack is extremely simple on Supervised (DEP) devices via EMM.

Here’s how it’s done via AirWatch, but any other major EMM will have something similar – this is Apple’s standard OS feature.

iOS Trustjacking AW
iOS Trustjacking protection: it only takes one tick

As a bonus, this will prevent not just the Trustjacking attack, but many other threats and leaks, since it blocks everything.

Wondering, how many had this configured before the Trustjacking news?

Posted on in MDM/UEM, Opinion

Change of wind

Those of you who follow me on LinkedIn may have noticed that I have a new workplace, which comes with a Digital Workspace.

This means less wireless, but even more on Enterprise Mobility, EMMs, mobile security Android, iOS, Windows 10 and MacOS (did you know that both MS and Apple made their desktop OSes manageable by EMM ?)

If you are not following me in LinkedIn and Twitter, you are probably missing 90% of the stuff! So, please consider (or save yourself lots of noise and unsubscribe – fair enough 😉 )

Why VMware/AirWatch, why EMM?

This is going to be a long-ish and exalted neophyte read, purely optional.

If you prefer a less-neophyte approach, here’s a post of a very influential EMM expert (I follow brianmadden.com for quite a while) that did the same thing around the same time as I.

OK, now my version.. You’ve been warned 🙂

Given the events in the last two years, I think that UEM solutions are ripe for conquering whatever remaining market is left there, and VMware is surely spearheading the charge with AirWatch (market-dominant) and the new WorkSpace ONE (watch the cool 7-min  demo here). I am personally really sold on this story and here’s why:

  • One can’t manage iOS without EMM
  • In 2017 Google had really made Android Enterprise their focus, and I believe it is now very much ready for “serious” Enterprise use. Up to the point of stating that GMS devices are now better and more secure than non-GMS. That being said, I’ve never been a fan of AirWatch managing Android pre-AE, but with AE the playing field is levelled and most of the custom stuff that other EMM vendors did no longer matters.
  • Desktop OSes (Win10 1709+ and MacOS High Sierra+) can be managed with EMM just like the mobile devices, and both MS and Apple seem to take this direction seriously.
  • CE6 is dead and WEHH6.5 dies in less than two years. Given no other competition, everythin will be either iOS or Android, and none of those can be realistically deployed without MDM/EMM. And another weak spot for AirWatch that is going away soon.
  • Identity management and SSO have fully matured in the last few years, and are ripe to become standard, rather than “enhanced/advanced” functionality in the Enterprise infrastructure. And WorkSpace ONE (if you’ve seen the demo) has a unique value proposition here.
  • Being able to show off AutoCad on an iPad is cool! 🙂 But more importantly, being able to free the enterprise from the leash of legacy apps (must have IE6, Java5 etc etc etc) by delivering them virtualized even to mobile devices means that mobile first has to real reason not to happen.
  • Who else can combine the industry-leading EMM/UEM, identity management and virtualization into one package?

So, where else to be in the EMM world? 🙂

Or do you disagree? Let me know your thoughts here or on LinkedIn/Twitter!

P.S. Bonus point to those who recognize the cover image 🙂