apple, innovation

whole new iOS13 with more privacy in enterprise

tim cook recently spoke about user data and privacy, while criticizing technology companies, like google or facebook

iOS is enterprise’s first choice for mobile activity, egnyte‘s enterprise insight showed a clear weighting and content is getting more more mobile

How-Businesses-Work-in_employees-840x1087

the biggest change since iOS5 introduced supervised devices and open-in management debuted in iOS7

iOS 13 will available in fall 2019 – since google is pushing hard with android enterprise to fit business needs, with it’s buildin containerization based on samsung’s KNOX – iOS 13 provide more granular security and better privacy restriction

enrollment methods

there are already rolled out thousands of iOS devices with either manually installing a mdm profile (uamdm) or centralized with device enrollment program (dep) to get the device under control of a unified endpoint management (uem) – additionally you can enable your iOS device as supervised either while dep enrolled or via apple configurator connected to a mac

newly added – user enrollment – previously an administrator of a managed device was able to retrieve the installed apps, remove the passcode or wipe the entire device – at least the privacy controls of the registered uem prohibit this features to individuals – with user enrollment there are huge improvements to the users privacy

  • user needs to login with managed apple id
  • uem unable to retrieve device information like IMEI, serial or mac address
  • private apps aren’t reported to uem
  • no control about device passcode or to wipe the entire device
  • still the configuration of wifi, vpn or exchange accounts will available
  • other existing restrictions reserved for supervised devices, see listing below

restriction changes

  • allowSafari, available since iOS 4, require supervised device as of iOS 13
  • allowVideoConferencing, available since iOS 4, require supervised device as of iOS 13
  • allowWiFiPowerModification, available for supervised iOS 13 devices
  • safariAllowAutoFill, available since iOS 4, require supervised device as of iOS 13
  • allowAddingGameCenterFriends, available since iOS 4.2.1, require supervised device as of iOS 13
  • allowAppInstallation, available since iOS 4, require supervised device as of iOS 13
  • allowCamera, available since iOS 4, require supervised device as of iOS 13
  • allowCloudBackup, available since iOS 5, require supervised device as of iOS 13
  • allowCloudDocumentSync, available since iOS 5, require supervised device as of iOS 13
  • allowCloudKeychainSync, available since iOS 7, require supervised device as of iOS 13
  • allowContinuousPathKeyboard, available for supervised iOS 13 devices
  • allowExplicitContent, available since iOS 4, require supervised device as of iOS 13
  • allowFindMyDevice, available for supervised iOS 13 devices
  • allowFindMyFriends, available for supervised iOS 13 devices
  • allowiTunes, available since iOS 4, require supervised device as of iOS 13
  • allowMultiplayerGaming, available since iOS 4.1, require supervised device as of iOS 13

read a full list of apple’s device management restrictions here

Sign in with Apple vs. managed Apple ID

while sign in with apple is the approach to to compete with google or facebook as a identity provider (idp) for external services, for business on the other hand managed Apple IDs were so far to manage functions of Apple Business Manager, since WWDC 2019 it’s necessary to register with user  enrollment, enterprise create additional account’s for byod user to add to their device, keeps data completely separated between both accounts, hopefully compared to now:

iPadOS

along with iOS13 apple separate to path between iPhone and iPad with a standalone OS, finally iPadOS can provide more feature to the tablet, a classic desktop replacement could possible – view the demo below

stay tuned for final release around mid-september with likely new 2019 iPhone


technology

iOS security framework like a swiss cheese

apple did a quite good job with the restrction of openin function between managed and unmanaged apps, and advanced it’s separation within it’s native mail and even contacts app

  • allow open documents from unmanaged apps to managed apps
  • allowUnmanagedToRead ManagedContacts

read more >>

manged_contacts

but

there are still leaks in the security framework to get around enterprise restrictions, further details below


openin

apps and even accounts are separated in managed/unmanaged, via enterprise deployed exchange configuration could blocked to move/forward messages to other email accounts within the native apple mail app – the separation between private/business accounts highlighted in colors red/blue through managed domain configuration and also apply to safari domains, downloaded files from managed web domains could only be shared with managed mail accounts, 3rd party apps could implement app configuration to disable copy/paste, sounds perfekt so far,
…but it is still possible to copy/paste business data to private

quick look

an opened document in nativ viewer also respect to managed/unmanaged restriction…
…but when open the file in quick look, you able to send the file in any account without restriction

pictures

it is possible to save media to gallery, for sure it is possible to perform a screenshot but is a bit more tricky

lockscreen

via enterprise registered bringyourowndevices could display sensitive information without the need to enter device credentials at the lockscreen, a mangement system could block the information for devices registered

  • allowLockScreenNotificationsView
  • allowLockScreenTodayView

… but this would impact also the notification for private apps

keyboard

furhtermore for byod it is hard to maintain security without restricting private use, users could use custom keyboard with potential embedded keylogger, iOS developer could add a code below in their project’s to present default iOS keyboard


stay tuned for iOS13 adding more security features 🔐 and privacy with user enrollment 🔏

technology

maximum exchange partnership exceeded – how to solve

with a lot testing with mobile device, i reached again the maximum number of allowed mobiles devices to sync with exchange environment via active sync

You have 100 device partnerships out of the maximum allowed 100 partnerships. After you reach the maximum, you can’t create additional partnerships until you delete existing ones from your account. To do this, sign in to Outlook Web App, click Options > Phone > Mobile Devices, and delete any unused partnerships.

when logged in via webmail it is possible to remove the paired devices via selfservice, unfortunately it is just possible to remove each device by itself in a not very performant ui

exchange mobile devices

as an admin there a other ways to get around this limitation via powershell

change the limit and increase the number – execute Get-ThrottlingPolicy | Set-ThrottlingPolicy -EASMaxDevices 20

programatically remove paired mobile devices Get-MobileDeviceStatistics -Mailbox "tonysmith" | Format-Table DeviceType, FirstSyncTime, LastSuccessSync, Guid

microsoft

windows 10 is smarter as you’d might think

check out these features to improve your daily work

dynamic lock

since Microsoft doesn’t offer own smartphones anymore, they integrate some clever/smart features to connect with mobile devices – e.g. ensure that your windows 10 is locked when your away from keyboard with dynamic lock

picture password

to get rid of long passwords with complex characters for login – choose picture password – lock your desktop with secure pattern

windows hello

login with face recognition like already known from your smartphone @microsoft


your phone app

as already reported > windows is (still) mobile < will add the ability to receive push notifications from your mobile device directly at your desktop screen


breaking news: microsoft blocks in his june update unsecure bluetooth devices like google’s fido-stick titan @google – read more about secure 2 factor authentication


quick assist

already in 1607 was this features introduced to easiely share you screen with onboard tool quick assist – the your phone app even added a beta feature to remote display of your mobile device (currently for some Samsung and OnePlus devices available)

continue on PC

when you connect your mobile device with your windows 10, there is some kind of seamless handover to share links in between


one drive

is microsoft’s cloud storage to easy access and share files from any devices, even for automatic photo backup from your mobile

where are cool new features, there are also some limitations, or at least considerations …

  • running the latest Insider builds (1903)
  • metered wifi networks are currently not supported
  • disable optimize battery settings at your phone
  • Batterysaver mode on your PC is turned off
  • your windows10 needs Bluetooth with Low Energy Peripheral mode
  • iris scanner, a fingerprint reader or a special near-infrared 3D camera
  • conditions defer for each feature …

read more about microsofts’s capabilties

innovation, technology

… not in june

everyone is promising what to wait for, but not in this article – we’re ahead of big upcoming technology – it’s may 2019, but as mention in the title not in june

Samsung Fold

Samsung already presented one of the first foldable phones, but seam to struggle with the folding mechanics @androidauthority


Huawei OS

Since the ban of Huawei devices, their pushing “plan b”, what is necessary for there announced but not released device Matex and Honor20(Pro) @techradar


iOS13

At WWDC Apple will demonstrate iOS13 with it’s features, like dark mode, but release probably in late summer @macrumors


Blackberry Messenger

the messenging service is about to shutdown and will not available until june @slashgear

apple, google, innovation, microsoft, technology

windows 10 is (still) mobile

by the end of this year microsoft will end the support for windows 10 mobile on december 10 2019, the october release 1709 was the last update back in 2017

since microsoft wasn’t able to get a markable footprint in mobile business, windows phone failed, relaunched a windows 10 mobile .. there are still ways to combine windows 10 and mobile

launcher 10 – android launcher

i was a huge fan of windows 10 mobile and it’s live tile design, but missing enterprise features und apps forced me to look for other opportunities

launcher 10 offers the beloved windows phone design for android smarthphones as seaperate launcher, sort and resize your tiles including a paid feature of live tiles

live tiles are deprecated of microsoft, and microsoft missed to remove all refences, so it’s possible to do a sub domain tack over, the the service is still online http://www.buildmypinnedsite.com/

your phone app companion

every windows 10 embed a feature to connect your ios or android phone to be able to remote use features like sending messages or access media remotely from your device or synchronize file changes between devices

with is current windows 10 insider preview build 18885 (20H1) microsoft added notification for android devices – stop reaching for your phone to check your with features like

  • see incoming phone notifications in real-time
  • view all of your phone notifications in one place
  • customize which notifications you want to receive
  • clear notifications individually or all at once

read more about productivity with a second screen

3rd party services

other apps like airdroid pushbulltet, mightytext and others offer the also the ability to compose and receive messages from desktop , transfer files without a wired connection and for sure receive push notifications directly from device – additionally
possible within your browser, independent from your platfrom os or even device with when using a webservice

apple

if your using an apple device you’d probably own a mac and should use features like
universal clipboard, make calls with your mac, send and receive messages or handoff immediately between devices where your stopped before, everything connected to icloud

use continuity to connect your mac, iphone, ipad, ipod touch, and apple watch

general

as unsmart as possilbe

wikipedia does not have an article with this exact name

if wikipedia don’t know it, is it worth to think about it? is the opposite of smart just “not smart”?

digitalisation

is the driver to be more and more effective

arrow

read more: artificial intelligence

where are running to

smart manufacturing, smart power, internet of things, smart home, blockchain, internet of humans?

we optimize everyday – new tools to improve, new technique to handle, new security to protect, new data to analyse

pause

isn’t it smart to be sometimes uneffective – dumb phone @telegraph

we move forward in an extraordinarily rapid pace, time to step back and check what’s important – more work life balance, more offline

technology

downgrade beta

…it’s quite easy to join a public beta, a lot of chinese vendor develop there software while customer already using it – for ios and android it is possible to get a sneak look into new features or test changes behaviour in your enterprise environment before public rollout

join beta at

top 3 features of upcoming mobile os

ios 13 “yukon” android q “quinoa/quiche”
split view more granular location control
multi-user ipad undo app removal
dark mode dark mode

but when it comes to downgrade from a current beta, android raise the bar

ios can easiely opt out of beta, but to download grade you finally need to restore your entire device locally with itunes

technology

cookbook: have I been breached or leaked?

… again 620 million accounts were stolen – it is all about your data – in the digitalisation it defines who you are – who do you trust – the following assist you to check if you got pwned and should raise the awareness


leaked

accounts monitored and collected in this database
=>> https://hacked-emails.com/


check

if you got pwned, enter your email address

=>> https://haveibeenpwned.com/

dns

leak is atransparent way to intimidate your traffic =>>https://www.dnsleaktest.com/

tracking

of your browser analyse your behavior, quick test of your browser is safe against tracking
=>> https://panopticlick.eff.org/

bad passwords

still common in 2019, if your password is listeted here? change it!
=>> https://www.prweb.com

read more about secure authentication and multi factor

tips

to being completely anonymous online
=>> https://www.csoonline.com

apple

apple adds more barriers to increase security

as far fas know from this ios 12.2 beta, there are several improvement/changes, at least in regards to the users security

enroll here: beta.apple.com


ssl security

not just since edward snowden, chelsea manning and other leaked infromation – your data matters – apple adds the noticable change in safari when browsing at webages that a not secure

@ios.gadgethacks.com
This image has an empty alt attribute; its file name is arrow-e1536485014760.jpg

read more about ssl strip @wifi security today and attack vectors


profile installation

profile at ios devices mean everything in enterprise, to enroll a private users device in emm system it is nessccary to manually install the ios mdm profile – before ios 12.2 the profile popped up to install – beginning with the new release, after successfully authenticated with emm the ios profile is download, user needs to manually navigate to settings and select to install profile

motion data

the new motion & orientation access stetting is toggled off by default, a webpage is unable to get accelerometer and gyroscope data from the iPhone – test at what web can to today website with iOS 12.2 beta

ios13 should be available in about 4 months