apple, innovation, technology

defer ios updates

ios12 was announced and demonstrated at wwdc, beta started at june 19th and public beta followed at june 25th

since ios 11.3 it is possible to surpress ios update on managed devices – cause you want to test new releases in your infrastructure – ensure that all of your productivity apps running fine with the new version

it is mandatory that those devcies are supervised, setup with apple device enrollment program or enabled with apple configurator

appleconfigurator

with current emm vendor it is possible to simply enable/disable this value – otherwise configure a profile in apple configurator, either send it via mail or upload to enterprise mobility management suite and deploy remote

 

This slideshow requires JavaScript.

if your device running ios version below ios 11.3 your able to configure global http proxy – with *.pac file your able to redirect apple update url

proxypac

mobile devices fit enterprise needs

innovation, technology

multi-factor authentication

most used passwords still “12345” and “password”, keep you private data as save as enterpises

secure authentification needs to be smart

smssim

short message service is the most convinat second factor, but sms is insecure and can be intercepted – major us carriers working together on next-gen ‘mobile authentication platform’ to replace weak sms system

mobile id

is a more secure service, based on certificates and secured with a seperat pin – special sim needs to be provided form the carrier @mobileid

id cardLogo_nPA

electronic id function of the german passport to secure authenticate at public services, insurances or banks – registred to you secured with a pin – you need a card reader or app @personalausweisportal

oath

is an open standard that allow strong authentication of all users on all devices – no need to send or her intercepted with man in the middle (mitm) attack, code ist calculated in an app – get code right at your smartwatch or backup you accounts with andotp

pointsharp

d2ff31ae74196b94cdbdf4dd812ea5bb.png

provides secure login with multi-factor authentication to enterprise alliances or cloud services – use pointsharp passwort for mobile services, instead of windows accounts – login with scratch cards, hardware token smartwatch, biometrics or one-time pin

fido

71G5MIq2OPL._SL1500_
review here

an alliance to provide passwordless experience and a secure second factor – a hardware device ensure the trust of identity @fidoalliance.org

microsoft announced “password-less sign-in to windows 10 & azure ad using fido2” @blog.microsoft

cloud

casb (cloud access security broker) check access based on security policy infront a a cloud service

iam (identity access management) manage user identities centralised, provide role-based access

emm alone can’t prevent users from accessing cloud services via unmanaged apps or browsers. neither iam nor casb have the visibility or ability to allow or deny access to a cloud service based on the state of the mobile device or application. @mobileiron

access.png

arrow be safe – review here for list of websites and whether or not they support 2fa

no excuses anymore

google, innovation

enterprise features of android p

only a few days ahead of google i/o – google’s annual developer conference – may 8-10 – were they will present android p, gmail, android wear 3.0, vr with daydream, google home and maybe more

here are the main feature to be provided to the enterprise – rock solid progression of android enterprise – modifications from other os’s found as well – some cool admin gadgets

work profile user interface

  • Switch apps across profiles

  • Programmatically turn work profiles on or off

lock down any app to a device

  • whitelist and control certain system ui features

support multiple users on dedicated devices

  • multiple users can share a single device, dedicated for a specific purpose, managed via emm

clear package data and remove accounts

new user restrictions and increased control over settings

  • Configure APNs

  • Configure time and timezone

  • Enforce user restrictions on important settings

  • Metered data

migrate dpc

  • handover a device between different emm verdor

postpone over-the-air (ota) updates

  • also possible at ios device since ios 11.3

restrict sharing into a work profile

hardware-secured keys and machine certificates

  • enerated keys never leave the secure hardware and can be used from the android keychain

password blacklist

streamlined qr-code enrollment

androidenterprise2

  • wifi profile supported like with ncf enrollment

@google

innovation

artificial intelligence

ai.png
ai in smartphones – huawei mate 10 pro uses ai to …., the upcomming lg v30s thinq provide with qlens an image regonition to display where to by, price tag or releavant infomation about a poi
ai for flight bookinghooper is a just mobile service that predict when to book, when to fly and even where to fly powered by artificial intelligence
ai in cars – for autonomous driving
ai in refrigerators – as family smart hub, to fill up the shopping lists
ai in voice assistance – alexa, siri , cortana
ai for surveillance – facial recognition technology, to track behavior and even identing a crime before it happens <digitaltrends>

we are infront of the peak of inflated expectations until we know what it could exactly used for to gain wide productivity

but:

artificial intelligence is no match for natural stupidity

apple, innovation, technology

managed ios contacts

restriced access to enterprise contacts … a long journey to find its holy grail in ios 11.3

grant or deny access to your contacts

was introduced in ios 6, since 2012 it is possible to decide which apps is allowed to access your contacts – there were no api to configure the setting in an enterprise environment, block access from apps like facebook, whatsapp, line, viber, path, e.g. to enterprise contacts – with containerization you can restrict enterprise content from unauthorized access, along with usabilitity limitations

grant contact access ios 6

allow open documents from unmanaged apps to managed apps

was presented in ios 7 release, since then enterprise management was able to restrict data exchange from untrusted, unsecure, private (unmanaged) to enterprise apps (managed) – apple´s native mail is per default a private app

managed domains

to separate the private from enterprise accounts inside the mailapp, apple enabled this setting in ios 8 – managed domain remain blue, unmanaged marked as red – mail and web domains respect the “allow open documents from…” restriction to interact with managed apps, except the contacts

manged_domains

ios call kit

announced in ios 10, call kit improves the usability when called and even contacts secured inside a container, the name is resolved and displayed

prevent contacts in managed accounts from being used in unmanaged apps or accounts

finally, apple introduced this feature within ios 11.3 – only managed apps able to access managed contacts, this closes the gap to securely use apple mail in an enterprise environment

 

pexels-photo-39803.jpeg
holy grail

 

=> video for “managed ios contacts” and “ios managed domains” attached

google, innovation

gmail predict reply to mails

gmail prepares to add nudges that suggests mails to reply to, adding more functionallity also like amp [related post] to add more intelligence

amp1

nudges in general…

proposes positive reinforcement and indirect suggestions to try to achieve non-forced compliance to influence the motives, incentives and decision making

@wikipedia

it is all about to stay productive, either to show mail just from your contacts, sort newsletter or intelligent reply – currently available email apps are unibox, microsoft’s outlook and google’s inbox

update: google presented new features about confidential mode with 2 factor authentication, smart reply and new g suite security features @digitaltrends

google, innovation, technology

amp – accelerated mobile pages

accelerated mobile pages is an open-source standard for any publisher to load pages quickly on mobile devices, supported browser currently are

amp2

amp3google added the ability to the amp header that makes it possible to open or copy the non-amp link, also load a webpage as non-amp with this noamp app

some web developers have expressed concern that google is getting too much say in how the web operates.

@firstpost

the intelligence spreading further with gmail integration, other mail provider can adopt amp as well – a price tag is always up to date, no matter when you open the mail or enter feedback without opening the browser

update: development of a new accelerated Mobile pages (amp) component enabling publishers to acquire user consent is underway and accepting comments.

google, innovation

android go

android go – fit for low-end devices –  comprised of three parts: the operating system, google apps and play store apps reduce memory consumption, less storage required for android os, smaller go-version of basic apps, save mobile data

go2.pnga few year ago google already launched android one to capture “the next billion”, also caused by exploding growth of smartphones sales in india

announced back in december, devices now arrive at mwc as nokia 1, android oreo go installed and about 85$, spec here

sailfish os is already a light operating system, release in version 3, designed to run on devices with less than 1 gb of ram, they now got a huge competitor with google’s android go

google signaled:

let’s go beyond for the next billion

general, innovation

better veil mit privacy

veil is a system to make private browsing more private – wang, an mit graduate student, said:

…the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser’s best effort is, it still collects it…

it doesn’t require any modification on the browser, because it doesn’t rely on browsers – a compiler can create a veil version of a site

mitveil was presented at the network and distributed systems security symposium or read at mit news  

apple, general, innovation

touch @macos

apple introduced the “all news” touch bar in 2017 for macbook pro, but what most mac users missing is a touchscreen – the addon airbar, extra hardware attached to the screen, looks unbeautiful

macos_with_touchscreen3.png

every smartpsmartsmaand a lot other notebook own a touchdisplayt, so what to do if you don’t want to run or carry separate device – vitualize it – get the comfort of 2 devices in one and have to ability to use your touchscreen on macos

psp-mini-hero-configurator-icon_2xadditionally some features and software are just available to macos, like apple configurator, xcode or imovie – guides how to use apple configurator are recorded and online at madereal youtube channel

not allowed to run macos on other then apple hardware, but inside are also intel chips, thats why it is possible to run it on windows – see also “hackintosh”

a fews steps are necessary to host macos in vmware running on windows…

  1. download – vmware player, macos iso or vmware and unlocker
  2. intel vt-x & amd virtualization – enable in bios and vmware settings
  3. vmware player – install software, but do not launch
  4. vmware unlocker  – execute win-install.cmd and “run as administrator.”
  5. macos iso – mount in vmware player and launch

…now your ready to use the macos features right at your finger tips

macos_with_touchscreen4.pngOther more detailed guides at @techsviewer and @tactig – virtualbox is also possible

the author is not be liable for any errors or omissions in this information nor for the availability of this information. the author is not be liable for any losses, injuries, or damages from the display or use of this information.
apple, general, google, innovation

preconfigure outlook

with it’s current release of microsoft outlook app for ios and android it is possible to preconfigure via enterprise mobility suite @microsoft

following values are suppoted for android, a step further for android enterprise to get rid of the “almost”

configure_outlook2

for ios refer to apple’s managed app configuration and it’s key value pairs

within windows10 there are some possiblities to preconfigure an email profile in outlook, even via emm

other mircosoft office apps don’t support these functionality – graph api is the approach, any vendor can integrate with intune to use it as middleware to manage office apps – a powerful api with the intelligence in microsoft’s hands

microsoft_graph.png

 

 

general, innovation

wine

wine enables linux, mac, freebsd, solaris and android users to run windows applications – “wine is not an emulator” – instead of simulating windows it translates windows api calls on-the-fly – wine is free software under constant development – codeweaver sells a supported version as crossover – commented from wine:

this brings us to the chicken and egg issue of linux on the desktop. until linux can provide equivalents for the above applications, its market share on the desktop will stagnate. But until the market share of linux on the desktop rises, no vendor will develop applications for linux. how does one break this vicious circle?

… wine is an answer, they released wine3.0 with is higlights @winehq

  • direct3d 10 and 11 support.
  • direct3d command stream.
  • android graphics driver
  • improved directwrite and direct2D support

cheers

wine.png