There’s been recently a wave of news along the “OMG Apple DEP is insecure we are all doomed” line. While there is indeed a few flaws in Apple Device Enrollment Program, I want to show how to fight it with Workspace ONE UEM (AirWatch) in a simple 3-step process
Step 1: Go to your DEP profile in Settings -> Devices -> Apple -> Device Enrollment Program
Step 2: Ensure Authentication is ON
Step 3: You are done. Really, this “vulnerability” is only serious in two cases:
- Using no authentication, implicitly trusting anything that comes
from the Internetover DEP - Staging (specifically using the staging process with the staging user) sensitive information – certificates, etc. Just don’t – have all the sensitive bits assigned to the end-user who has to authenticate.
So, now you are armed with knowledge!
More reading:
- A deeper look at DEP from the very same Duo Security (how many Twitter reposters have actually found it at all? 🙂 )
- An even deeper look into DEP security from BlackHat if you really want to
hack someoneexplore further possibilities - WS1 UEM DEP Guide with this and other cool features.
- DEP Best Practices from WS1 UEM – Security etc.
Arsen Bandurian: Technical Blog 
Leave a Reply