Managed Device Attestation in iOS 16

Apple @ Work is brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple-only platform, allowing Businesses and Schools to easily and automatically deploy, manage & protect all their Apple devices . Over 32,000 organizations leverage Mosyle solutions to automate the deployment,  management and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.

Security has never been a more critical part of an IT department’s budget, time, and attention. Remote work has continued to change how security improvements are made as the focus has moved away from securing the campus network to securing the device. This week, I want to look at what impact Managed Device Attestation will bring for IT employees looking to support remote workers.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.

Prior to remote work, IT departments focused a lot of their time on security by location. When users needed to access organization resources, such as websites, servers, and databases, you’d ensure they could set up a VPN tunnel or require them to be on campus. Essentially, security was designed to protect resources with a security boundary. Unfortunately, this model hasn’t kept up with the way people interact with modern and remote organizations. As Cloud service providers put resources outside the perimeter of the campus, threats can start from inside the office.

Apple’s response to this problem with called Managed Device Attestation, and it’s coming with iOS 16. Managed device attestation is a new security feature for iPads and iPhones that will use the device Secure Enclave to provide strong assurances that the device requesting access is the device it claims to be.

These security enhancements only require trusting the Secure Enclave and Apple’s attestation servers, which access Apple’s manufacturing records and OS catalog. If you’re using the devices and keeping data on them, you likely already trust these anyways. Managed Device Attestation takes the typical security posture (identity, location, time, connectivity, management, etc.) and takes it to the next level.

Wrap up on Managed Device Attestation

The DeviceInformation MDM command has been enhanced, so the benefits of attestation are available to the MDM server. Apple has also added support for an Automatic Certificate Management Environment (ACME) payload. I am not going to get into the technical weeds on Managed Device Attestation, but I want to point you to Apple’s presentation at WWDC on the topic. Apple goes in-depth on how Managed Device Attestation will ensure IT professionals know that devices that are interacting with infrastructure are the device it claims to be. In a world that’s a mix of SaaS apps, onsite servers, remote, and hybrid work, Managed Device Attestation is an incredible way for IT professionals to increase security using Apple’s hardware (Secure Enclave) with a strong software tie-in.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Leave a Comment