Apple has an option to encrypt the MDM profile payloads (both iOS and macOS). But then when you try to view the profile XML in the console (ex. migrating payloads between UAT and Production environments, working with custom profiles) - they are encrypted! Turns out, there is a way to view the XML w/o having... Continue Reading →
Use compliance data in Azure AD Conditional Access policies by integrating Workspace ONE UEM with Microsoft
The title says it all! The feature has been available for a while in a closed preview status, but with 2008 it has moved to Public Preview! Similarly, Microsoft moved the APIs on their side to Public Preview as well, listing VMware Workspace ONE as the ONLY (currently) supported EMM. Needless to say, we are... Continue Reading →
Watch your certificates when working with Apple devices!
A while ago a colleague turned to me for help. Customer tested iOS, Android and Win10 with a SCEP server. Win10 and Android had no issues, but on iOS the certificates failed to install with a cryptic error. I decided to write a blog about it, because I expect a second wave of such issues... Continue Reading →
RIP AirWatch Container – move to Hub Registered Mode
Yesterday, the end of general support announcement for AW Container (the app) was posted in VMware KB effective as of August 9 2020. This is a long expected move, but I know that there are still customers out there using it on unmanaged devices for MAM only mode. What can they do to replace the... Continue Reading →
On Apple, Security by Obscurity and WS1 Trust Network.
In the last several weeks a number of bugs were found in Apple's iOS, MacOS and protocols. This had coincided with a partner workshop last Friday, where the decisive argument was "Have you ever heard of an Antivirus for an iPhone". Here's what came out.
Apple iOS User Enrollment vs Android Enterprise and the real MDM needs #WWDC2019
Every WWDC has a session called What’s New in Managing Apple Devices. This year's one was no exception. During this session Apple presented they new take on BYOD called User Enrollment. Here's my brief analysis and comparison with Android Enterprise. Links to the source video, slide deck and some other useful resources are below. TL:DR... Continue Reading →
Interesting stats on Android Security and AER Program [2019 Android Enterprise Summit]
Interesting statistics regarding Android Exploits and Android Enterprise Recommended influence on buyers presented during Android Enterprise Recommended Summit 2019 London
Sideloading iOS apps: the good, the bad, the ugly collection
This brief post is a collection of links on the matter of sideloading iOS apps, the consequences and how to prevent it. Mostly via BrianMadden.com. https://www.brianmadden.com/opinion/Did-you-know-how-easy-it-is-to-sideload-iOS-apps-to-your-iPhonehttps://techcrunch.com/2019/02/12/apple-porn-gambling-apps/Software pirates use Apple tech to put hacked apps on iPhones >> Between February 2016 and February 2017, 11% of enterprise iOS devices encountered a sideloaded app. > Wandera’s data... Continue Reading →
[iOS vs Android] OS and Application Updates
I frequently get this question from customers and partners: "How can I control Application and OS Updates in iOS and Android". So I'll drop a note here. Update management includes: Configuring the behaviour of OS upgrades (major), patches, public apps (via App/Play Store, VPP) and private apps (via App/Play Store or directly via EMM)Scheduling updates to happen (or... Continue Reading →
Fighting the recent Apple DEP “vulnerability” with Workspace ONE UEM (AirWatch)
There's been recently a wave of news along the "OMG Apple DEP is insecure we are all doomed" line. While there is indeed a few flaws in Apple Device Enrollment Program, I want to show how to fight it with Workspace ONE UEM (AirWatch) in a simple 3-step process Step 1: Go to your DEP... Continue Reading →