Fighting the recent Apple DEP “vulnerability” with Workspace ONE UEM (AirWatch)

There’s been recently a wave of news along the  “OMG Apple DEP is insecure we are all doomed” line. While there is indeed a few flaws in Apple Device Enrollment Program, I want to show how to fight it with Workspace ONE UEM (AirWatch) in a simple 3-step process

Step 1: Go to your DEP profile in Settings -> Devices -> Apple -> Device Enrollment Program

Step 2: Ensure Authentication is ON

DEP-FUD-WS1-Auth

Step 3: You are done. Really, this “vulnerability” is only serious in two cases:

  • Using no authentication, implicitly trusting anything that comes from the Internet over DEP
  • Staging (specifically using the staging process with the staging user) sensitive information – certificates, etc. Just don’t – have all the sensitive bits assigned to the end-user who has to authenticate.

So, now you are armed with knowledge!

More reading:

Advertisements

Changing Android device settings unavailable in AirWatch native GUI (Zebra MX)

Zebra devices have a cool set of extensions called MX. It can do tons of things. But, can we expect every EMM vendor to timely implement them natively in their consoles?

Unlike SOTI (which can use SOTIscript for advanced features), AirWatch only allows changing settings that you can see in the GUI. If it’s not in console GUI – you can’t have it. However, there are a few exceptions.

In this post we will talk about one extremely simple, yet little-known way of extending AW functionality beyond the GUI limitations. Read on if you want to know how to apply any MX setting via AirWatch to your Zebra device.

(more…)