Apple has an option to encrypt the MDM profile payloads (both iOS and macOS). But then when you try to view the profile XML in the console (ex. migrating payloads between UAT and Production environments, working with custom profiles) - they are encrypted! Turns out, there is a way to view the XML w/o having... Continue Reading →
Android management in China – what are your options?
After I published the article regarding the enrollment of Android devices in closed networks, the hottest question was how to apply it for China. The answer is as usual “it depends”. If you want to know more – read on! What’s the problem?What options are available?What is the optimal approach? What’s the problem? Problem is... Continue Reading →
Watch your certificates when working with Apple devices!
A while ago a colleague turned to me for help. Customer tested iOS, Android and Win10 with a SCEP server. Win10 and Android had no issues, but on iOS the certificates failed to install with a cryptic error. I decided to write a blog about it, because I expect a second wave of such issues... Continue Reading →
Remediate the Pixel4 and Galaxy S10 biometric security flaws with Workspace ONE
I am pretty sure you've heard already about the issues with Samsung Galaxy S10 fingerprint sensor and Google Pixel 4 Face Unlock. Both companies have acknowledged the issues and committed to releasing the patches "soon" (Samsung is said to be testing fixes in certain countries already). What can you in the meantime? With Workspace ONE... Continue Reading →
Apple iOS Update Management with WorkspaceONE UEM (AirWatch)
This practical entry briefly outlines how to force or defer OS Update for Apple iOS devices (iPhones, iPads). There are two completely opposite use cases for this: Critical 0-day vulnerability - must force push OS Update to patch the devicesBusiness critical apps not tested with the latest iOS update - must delay/disallow update before testing.... Continue Reading →
Fighting the recent Apple DEP “vulnerability” with Workspace ONE UEM (AirWatch)
There's been recently a wave of news along the "OMG Apple DEP is insecure we are all doomed" line. While there is indeed a few flaws in Apple Device Enrollment Program, I want to show how to fight it with Workspace ONE UEM (AirWatch) in a simple 3-step process Step 1: Go to your DEP... Continue Reading →