Fighting the recent Apple DEP “vulnerability” with Workspace ONE UEM (AirWatch)

There’s been recently a wave of news along the  “OMG Apple DEP is insecure we are all doomed” line. While there is indeed a few flaws in Apple Device Enrollment Program, I want to show how to fight it with Workspace ONE UEM (AirWatch) in a simple 3-step process

Step 1: Go to your DEP profile in Settings -> Devices -> Apple -> Device Enrollment Program

Step 2: Ensure Authentication is ON

DEP-FUD-WS1-Auth

Step 3: You are done. Really, this “vulnerability” is only serious in two cases:

  • Using no authentication, implicitly trusting anything that comes from the Internet over DEP
  • Staging (specifically using the staging process with the staging user) sensitive information – certificates, etc. Just don’t – have all the sensitive bits assigned to the end-user who has to authenticate.

So, now you are armed with knowledge!

More reading:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

<span>%d</span> bloggers like this: