Apple gets serious about enterprise & security features
Apple has announced a swathe of features and functionality designed for enterprise users, including new BYOD policies, managed Apple IDs, security enhancements, and even an app that allows users to find their phone or their friends.
macOS Catalina, iPadOS and iOS 13 will allow organisations to streamline Apple device deployments using management tools that simplify account setup, configuration of institutional policies, distribution of apps, application of restrictions, and enrolling BYOD devices.
- User Enrollment for BYOD
- iOS 13 and iPadOS introduces a new lightweight management tool, designed for Bring Your Own Device (BYOD) to protect user privacy while still giving IT the tools they need to keep corporate data secure, without having to manage the entire device.
- Users can access both personal and work data without the possibility that their personal data will be erased.
- User Enrollment cryptographically separates corporate accounts, apps, and data onto a separate APFS. volume. The end user's mail, calendar, notes, and keychain data are kept separate on the device, in addition to data from managed apps.
- This ensures user privacy and protects corporate data while not requiring IT to manage the full device, achieving a better balance for BYOD.
- Managed Apple IDs for Business with Federation
- Enables Apple Business Manager to assign separate work Apple IDs to employees.
- Apple Business Manager enables federation with Microsoft Azure Active Directory and dynamically create Managed Apple IDs for their users.
- End users find it easier because they don't need to remember a separate username and password, and it makes it easier for IT to allow access to Apple services in a managed way.
- Single Sign-On Extension:
- Will allow enterprise app developers to integrate with established corporate identity providers (like Okta or Azure) so that users only have to login once to access their corporate apps and services (connected with their Managed Apple ID).
- iOS 13 and macOS Catalina introduce a new Single Sign-on Extension to enable seamless authentication using a corporate identity for native iOS and macOS apps, as well as websites.
- This extension is for use by identity providers to deliver a seamless experience as users log into apps and websites.
- When properly configured using MDM, the user authenticates once then gains access to subsequent native apps and websites automatically.
- Business Chat Suggest
- Will show users the option to Message a business when they tap on a phone number.
- More than 50% of people typically choose message vs. call when presented side-by-side.
Security
In iOS 13, iPadOS and macOS Catalina, organisations will benefit from enhanced security measures and customising new device enrolment.
- Enrollment:
- Whether enterprises have 10 devices or 10,000, it's easier than ever to manage iPhone, iPad, Mac and Apple TV. With Apple Business Manager, devices can be distributed directly to employees and used straight out of the box, leaving manual configuration behind forever.
- User Enrollment for BYOD: allows users to feel more confident in bringing a personal device to work, as it protects their privacy while still giving IT the tools they need to keep corporate data secure.
- Mac Security Enhancements: macOS Catalina introduces enhanced security features to better protect macOS against tampering, help ensure that the apps are safe, and give greater control over access to data. And it's even easier to find a Mac if it's lost or stolen.
- Dedicated system volume: macOS Catalina runs in a dedicated, read-only system volume — which means it is separate from all other data, and nothing can overwrite critical operating system files.
- Enhanced Gatekeeper: Gatekeeper will ensure that all new apps users install have been checked for known security issues by Apple before users run them the first time, and periodically thereafter. This extends the protection from the app's source to include automated checks for what's in the app.
- Activation Lock: All Mac models with the Apple T2 Security Chip now support Activation Lock — just like the iPhone or iPad. If a Mac is ever misplaced or lost, the only person who can erase and reactivate it is the user.
- DriverKit and user space system extensions: Previously many hardware peripherals and sophisticated features needed to run their code directly within macOS using kernel extensions, or kexts. Now these programs run separately from the operating system, just like any other app, so they can't affect macOS if something goes wrong.
- Data protections: macOS Catalina checks with users before allowing an app to access data in Documents, Desktop, and Downloads folders; iCloud Drive; the folders of third-party cloud storage providers; removable media; and external volumes. In addition, users are asked before an app can perform key logging or capture a still or video recording of the screen.
- Find My: The new Find My app combines Find My iPhone and Find My Friends into a single, easy-to-use app on macOS, iPadOS, and iOS devices.
- Find offline devices: Locate a missing device even if it's not connected to WiFi by using crowdsourced locations. When users mark the device as missing and another Apple user's device is nearby, it can detect the device's Bluetooth signal and report its location to users. It's all anonymous and end-to-end encrypted so no one, including Apple, knows the identity of any reporting device. The reporting happens silently using tiny bits of data that piggyback on existing network traffic, so there is no impact on battery life, data usage, or privacy.
- Enhanced location notifications: Location notifications include the ability to schedule notifications for different days of the week, more useful place names, and enhanced privacy controls.
The developer previews of macOS Catalina, iPadOS and iOS 13 are available to Apple Developer Program members now. Public beta programs will be available next month. macOS Catalina, iPadOS and iOS 13 will be available this spring as a free software update for compatible devices.