Fighting the recent Apple DEP “vulnerability” with Workspace ONE UEM (AirWatch)

There’s been recently a wave of news along the  “OMG Apple DEP is insecure we are all doomed” line. While there is indeed a few flaws in Apple Device Enrollment Program, I want to show how to fight it with Workspace ONE UEM (AirWatch) in a simple 3-step process

Step 1: Go to your DEP profile in Settings -> Devices -> Apple -> Device Enrollment Program

Step 2: Ensure Authentication is ON

DEP-FUD-WS1-Auth

Step 3: You are done. Really, this “vulnerability” is only serious in two cases:

  • Using no authentication, implicitly trusting anything that comes from the Internet over DEP
  • Staging (specifically using the staging process with the staging user) sensitive information – certificates, etc. Just don’t – have all the sensitive bits assigned to the end-user who has to authenticate.

So, now you are armed with knowledge!

More reading:

Advertisements