apple, google, innovation, microsoft, technology

windows 10 is (still) mobile

by the end of this year microsoft will end the support for windows 10 mobile on december 10 2019, the october release 1709 was the last update back in 2017

since microsoft wasn’t able to get a markable footprint in mobile business, windows phone failed, relaunched a windows 10 mobile .. there are still ways to combine windows 10 and mobile

launcher 10 – android launcher

i was a huge fan of windows 10 mobile and it’s live tile design, but missing enterprise features und apps forced me to look for other opportunities

launcher 10 offers the beloved windows phone design for android smarthphones as seaperate launcher, sort and resize your tiles including a paid feature of live tiles

live tiles are deprecated of microsoft, and microsoft missed to remove all refences, so it’s possible to do a sub domain tack over, the the service is still online http://www.buildmypinnedsite.com/

your phone app companion

every windows 10 embed a feature to connect your ios or android phone to be able to remote use features like sending messages or access media remotely from your device or synchronize file changes between devices

with is current windows 10 insider preview build 18885 (20H1) microsoft added notification for android devices – stop reaching for your phone to check your with features like

  • see incoming phone notifications in real-time
  • view all of your phone notifications in one place
  • customize which notifications you want to receive
  • clear notifications individually or all at once

read more about productivity with a second screen

3rd party services

other apps like airdroid pushbulltet, mightytext and others offer the also the ability to compose and receive messages from desktop , transfer files without a wired connection and for sure receive push notifications directly from device – additionally
possible within your browser, independent from your platfrom os or even device with when using a webservice

apple

if your using an apple device you’d probably own a mac and should use features like
universal clipboard, make calls with your mac, send and receive messages or handoff immediately between devices where your stopped before, everything connected to icloud

use continuity to connect your mac, iphone, ipad, ipod touch, and apple watch

technology

downgrade beta

…it’s quite easy to join a public beta, a lot of chinese vendor develop there software while customer already using it – for ios and android it is possible to get a sneak look into new features or test changes behaviour in your enterprise environment before public rollout

join beta at

top 3 features of upcoming mobile os

ios 13 “yukon” android q “quinoa/quiche”
split view more granular location control
multi-user ipad undo app removal
dark mode dark mode

but when it comes to downgrade from a current beta, android raise the bar

ios can easiely opt out of beta, but to download grade you finally need to restore your entire device locally with itunes

technology

cookbook: have I been breached or leaked?

… again 620 million accounts were stolen – it is all about your data – in the digitalisation it defines who you are – who do you trust – the following assist you to check if you got pwned and should raise the awareness


leaked

accounts monitored and collected in this database
=>> https://hacked-emails.com/


check

if you got pwned, enter your email address

=>> https://haveibeenpwned.com/

dns

leak is atransparent way to intimidate your traffic =>>https://www.dnsleaktest.com/

tracking

of your browser analyse your behavior, quick test of your browser is safe against tracking
=>> https://panopticlick.eff.org/

bad passwords

still common in 2019, if your password is listeted here? change it!
=>> https://www.prweb.com

read more about secure authentication and multi factor

tips

to being completely anonymous online
=>> https://www.csoonline.com

innovation, technology

virtual smart card

… for desktop/laptop a physical smartcard inserted in the device provides additional security, user just need to unlock the smartcard with a pin, without the need to know their password – in times of mobile devices it is possible to attach those smartcard with adapters, but with bad user experience

derived credentials ensure compliance with HSPD12 / FIPS 201 personal identity verification (piv) requirements


derived credentials provider, e.g. entrust, provides an overview about the integration in the infrastructure and enrollment of trusted certificate with modern emm system


citrix provides an easy way to secure authenticate at workspace app for emm trusted devices, better usability and higher security

download NCCoE released second draft version of NIST cybersecurity practice guide SP 1800-12, derived piv credentials attached:

technology

authenticator usability matrix

security is important and 2fa should mandatory …

 read more: multi factor authentication

… while more and more services offer this capability – how to handle all those tokens, here are my analyse of some authenticator apps

appaccount app lockbackup
google
authenticator
microsoft
authenticator
optionalscreenlock
authyphone & emailcloud
andotppin,
password
local encrypted
lastpass
authenticator
optionalpin,
fingerprint
cloud
1passswordprice starts $2.99pin,
fingerprint
cloud, local, wlan

… this is neither comlete market analyse nor evaluate all available features, like enterprise grade rights management

stay tuned about secure authentication with virtual smart card 

general, technology

digital detox

christmas time, family time – decide for a smartphone diet, focus to the really important things

  • turn you device in airplane/fight mode
  • configure do not disturbe

  • remove unneccesary notifications
  • clean desk, delete apps

  • work profile could turned off for android enterprise

or

  • reactivate your old school watch
  • buy an classic alarm clock
  • shut down your smartphone
innovation, technology

progressive web apps

progressive web apps (pwa) getting more popular due to their ability to send push notifications – provide offline content and add to homescreen – no need to install pwa, improve functionallity above browsers with less costs compared to apps – load faster than web – enhanced conversion – scroll 60 frames per second

@google developers training

test your browser online, the featureset differs a lot between mobile platform and browser-  compatibility estimated by appswithlove.com

https://whatwebcando.today

2015 a chrome developer coined progressive web app, adopted by apple and even windows 10 joined as well


Some good examples what pwa’s can do and how already using it:

how to deal with acceleated mobile pages (amp) in times of pwa, how to choose between faster loading or offline functionality, it’s possible to combine both like washington post

read more: acceleated mobile pages


in an enterprise perspective it is about how to deploy applications, with mdm it is quite easy to push an app to a device, even silent installation is possible with android enterprise or apple vpp…

…but pwa’s aren’t that apps anymore and there is no api to remote set homescreen icon 

general, technology

mirroring, casting, streaming, etc.

let’s check the main differences, possiblities, describe examples and how business utilize mirroring, select term:

streaming – casting – mirroring – miracastairplaychromecastamazondlnamirrorsharesamsung – clicksharechromecastappletv


streaming

is the technology to get to your data, data needs to be transfered and could directly viewed while transfering, other that simply copy and paste between to places

casting

the content from internet (netflix) goes direct to your tv, optional initiat the connection from your smartphone, you could leave the network without interrupting the stream

casting.png

mirroring

to display the exact same content at another display, in fact if you leave the wifi the transmissing is broken

mirroring.png

miracast

despite from it’s name, miracast is also a screen-mirroring protocol @wikipedia, miracast is vendor independant, integrated in tv or seperate hdmi stick, even windows10 device could mirrored

airplay

is a streaming protocol between apple devices, your able to stream music but also mirror your device screen to an apple tv, other remote controller could “learned” to control apple tv, offer access to apple’s appstore

streaming_appletv

update: simulate airplay to stream from ios devices to android tv with airreceiver app



chromecast

google offers a lot streaming devices with this name, integrated in every android device, it’s the largest framework, more smart with integration of speakers, similar setup with amazon’s alexa possible, integrated in many apps to watch live tv, stream from you synology nas and for sure in every google app, example in medialibary below

2018-12-02 19_16_23-streaming-mirroring.pptx - PowerPoint.png

arrow read also: how to configure your synology nas

amazon
offer it’s own devices (fire tv stick) to display it’s own contect (amazon music, prime video), but current device doesn’t support miracast anymore, amazon’s fling as chromecast pendant discontinued, see some fire tv app screens attached below, but with android apps quite powerful to customize

 

dlna
alliance founded by ease sharing digtal media, handling often not that userfriendly, local app render content to be displayed at a supported dlna device (tv) e.g. allcast app, not mirroring supported

dlna.png

mirrorshare
huawei’s native feature to mirror your device to a connected tv, but mirrorshare support miracast, for chromecast you need to install dedicated google home app


samsung

also samsung got it’s own sharing option – allshare, now called smartview to easily share between samsung camera, samsung laptop, samsung phones, samsung tabs, samsung …

smartcast

vizio updated it’s tv’s with smartcast 3.0, able to stream from any mobile device, native ios support with airplay 2.0, no additional device or dongle needed @blog.vizio


business …

…even more got the challange to guarantee the usability and  functionallity

barco-clickshare-cse-200
clickshare

is an enterprise solution, stable and expensive, needs to be connected to the device, multiple device can mirror to a tv

chromecast

do not support wpn2 enterprise, no device management possiblities, perfect for private use – no enterprise grade

appletv

enrolled with apple’s device enrol lment program, managed with an emm system, connected to 802.1x wifi networks and restricted with buildin policies, perfect for enterprise with apple devices


apple, google, innovation, technology

qr code & share wifi

qr code in business it is quite common to use qr code to optimize processes – in private this feature is rarely adopted, but …

arrow read more: enterprise features of android pie

 

qr code

often used to link webpages, promote sales offers or share contacts – different styles, colors or even logos are possible …

2018-09-09 11_37_59-QR Code Generator - Create QR codes here     2018-09-09 11_40_44-QR Code Generator - Create QR codes here

 

… but it gets complicated if you don’t know how to scan the code, first need to download a qr code reader app – since ios11 apple added the native function to scan qr code with camera app – some android device got a qr code reader pre-installed, other need to download it from app store

 

wifi qr code

enterprise facing other challenges to secure authenticate and trust devices

arrowread more: wifi security today and attack vectors

friends often request to join private wifi – tell the password ? no – enter your 12diget&complex$pezialC4ract3r password ? maybe not

create a qr code of your wifi incl. password, with services like qifi, your friends needs to “simply” scan the code

tested: for ios since ios11 it is working pretty easy, android devices with pre-installed qr code reader need to find the right app, but even my huawei ai powered camera is unable to recognize the qr code

update: since ios12 it is possible to add qr code scanner to control center to access from lockscreen and qr codes  highlighted in camera while scanning

qr12-e1537271073765.jpg

 

ios share wifi

even since ios11 apple added a feature to share wifi password between two ios devices, unless you have an ios device, the are some requirements to be meet

  • both ios devices need ios11 or newer installed
  • both ios devices need wifi and bluetooth enabled
  • your ios device must be actively connected to the wifi that the other device wants to join
  • both ios devices need physical proximity to each other
  • you must have each other in contacts list

 

be aware

  1. that trusted devices are inside your network, may access your private services (sonos) or unsecured storages (nas) – better setup a separate guest wifi, with just access to the internet
  2. shared passwords synced to google backup or icloud backupScreenshot_20180909-120209
google, technology

evolution of android security updates

android has a huge diversity in os versions, for enterpise is mandatory to provide high security …

arrowread more: mobile os version spread

samsung

launched it’s own EFOTA service to control software update remote to your managed samsung device @samsung

android enterprise recommended

android devices must satisfy numerous requirements, including regular security updates: at least every 90 days, with monthly updates strongly recommended. @google

 

android one

designed by google. smart, secure and simply amazing

devices that run the unmodified android to provide best compatibility and support @google

project treble

restructued android os framework since android 8 to make it easier, faster, and less costly for manufacturers to provide updates @google

 

update: what enterprise devices already got, will privided to all android devices – google mandates two years of security updates for popular phones in new android contract

 

android
be aware of malware

google, technology

android pie enterprise

announced device administrator deprecation pushing android enterprise futher to…

improving productivity, security, and digital wellbeing for the enterprise

key facts for enterprise are:

  • better realisation (separation) of work profiles
  • deaper support for single purpose devices
  • advanced security

arrow

read more: enterprise features of android p

already rolling out android 9 to pixel devices, huawei mate 20 get it preinstalled, huawei is pushing hard in android enterprise recommenced, device running android oreo should get updates quicker as before because of google’s project treble

@google

proof: my huawei still got google august security update

apple, google, innovation, microsoft, technology

unified endpoint management

today’s employees use at least two or more devices to do daily work on various os at different versions – it is time for a new class of tools – unified endpoint management (uem) combine the management of multiple endpoint types in a single console

evolution

from pc configuration lifecycle management (pcclm) via client management tools (cmt) to unified endpoint management (uem) – companies listed in the client management tools magic quadrant already transformed, other a overruled

content

emm

while enterprise mobility management (emm) is highly competitive and rapidly transforming — for instance, good technology, which was in gartner’s magic quadrant in 2015, was acquired by blackberry, airwatch was acquired by vmware in 2014 – emm contains of:

  • mobile device management (mdm)
  • mobile application management (mam)
  • mobile identity (mi)
  • mobile content management (mcm)

uem combine cmt + emm + iot

benefit

  1. reduce it management cost – a single tool
  2. improved security – get the best of both
  3. better insights – reporting
  4. prepared – enterprise of things

gartner

magic quadrant reports the ability to execute and completeness of vision for vendors – read full report here

Magic Quadrant for Unified Endpoint Management Tools

tco

according to gartner research, the annual tco of a fully managed smartphone using emm is almost
80% lower than the annual tco of a fully managed desktop using cmt

@mobileiron

apple, google, technology

right at your thumb

touch has become the main input method, time to think about the best way to utilize it

it’s usually a mistake for the app to take over the decision-making

mobile os vendor successfully implemented ui guidelines – consistent app handling while implementing familiar standards – apple provide tip about do’s and don’ts – to offer great opportunities for engaging apps – apple’s human interface guidelinesgoogle’s material design guidelines

android guide to provide navigation up the hierachy, to parent and ancestor screens – develeopter have to, because some devices don’t have a “home button” anymore
arrow read more about android tips and tricks @madereal

some pattern are universal – a design solution that has proven to work more than once – androidpatterns

leveraging device capabilities vs. mobile first

Tablet thumb zone

all those ui descisions rely on finder friendly design – rule of thumb – larger the screen, the harder it is to take in the whole thing at a glance – responsive design is neccessary to fit all needs – new rule: every desktop design has to go finger-friedly

touch_win.jpg

gorilla armssteve jobs said – “ergonomically terrible” – “touch surfaces don’t want to be vertical” – but it works, use touch at notebooks in trains, for presentation or layed back at a sofa
arrow read more about how to use touch at macos @madereal

Touch mode hand icon

every desktop ui should be designed for touch now -even microsoft’s office optimize for use with touch – but still optimized not developed

get focus on maximizing usablity

apple, innovation, technology

defer ios updates

ios12 was announced and demonstrated at wwdc, beta started at june 19th and public beta followed at june 25th

since ios 11.3 it is possible to surpress ios update on managed devices – cause you want to test new releases in your infrastructure – ensure that all of your productivity apps running fine with the new version

it is mandatory that those devcies are supervised, setup with apple device enrollment program or enabled with apple configurator

appleconfigurator

with current emm vendor it is possible to simply enable/disable this value – otherwise configure a profile in apple configurator, either send it via mail or upload to enterprise mobility management suite and deploy remote

 

This slideshow requires JavaScript.

if your device running ios version below ios 11.3 your able to configure global http proxy – with *.pac file your able to redirect apple update url

proxypac

mobile devices fit enterprise needs

technology

everything you need to know about malware and how to protect

 

rootkit, control your device and get your data – mining-software, steal your power to mine crypto currency – trojan, install other malware, to send spam from your device or steal information like passwords

 

only 14% of businesses have implemented even the most basic cybersecurity practices

 

 

the signs are clear that mobile threats can no longer be ignored

 

 

a combination of vulnerability management, anomaly detection, behavioral profiling, intrusion prevention and transport security technologies to protect mobile devices and applications from advanced threats

 

 

technology

secure private cloud

secure your private data as secure as enterprises – accessing a synology nas for private or small and medium-sized businesses

authentication

enable for admin and other sensitive accounts the 2-step verification – read more @multi-factor authentication

syn_2fa

dns

add some kind of dynamic dns service to access your changing public ip address like dyndns, changeip, strato, etc.

syn_dns.png

certificate

secure encrypted connection should mandatory, at least since edward snowden leaked information about “security” agency’s

  1. redirect traffic from http to encrypted https – be aware of public wifi, read more about ssl strip @attack vectors
  2. add a public trusted certificate to your system, letsencrypt.org provide free certificates – request via control panel at your synology

This slideshow requires JavaScript.

firewall

active port forwarding for vpn connection to your nas/vpn server

sync_port.png

vpn

to access private data from remote, configure devices vpn settings or download an app, enter you external ip address or full qualified domain

This slideshow requires JavaScript.

additionally you can add higher security if you authenticate via certificate from your device – read more @blog.centurio

profile

create a vpn profile in apple configurator with you account information and connection secret, send to your apple devices

syn_profile.png

we’re done

IMG_20180620_231411.jpg

 

innovation, technology

multi-factor authentication

most used passwords still “12345” and “password”, keep you private data as save as enterpises

secure authentification needs to be smart

smssim

short message service is the most convinat second factor, but sms is insecure and can be intercepted – major us carriers working together on next-gen ‘mobile authentication platform’ to replace weak sms system

mobile id

is a more secure service, based on certificates and secured with a seperat pin – special sim needs to be provided form the carrier @mobileid

id cardLogo_nPA

electronic id function of the german passport to secure authenticate at public services, insurances or banks – registred to you secured with a pin – you need a card reader or app @personalausweisportal

oath

is an open standard that allow strong authentication of all users on all devices – no need to send or her intercepted with man in the middle (mitm) attack, code ist calculated in an app – get code right at your smartwatch or backup you accounts with andotp

update: since ios12 and macos 10.14 it is possible to configure oauth in exchange payload via emm, read detailed at: apple’s configuration profile reference

pointsharp

d2ff31ae74196b94cdbdf4dd812ea5bb.png

provides secure login with multi-factor authentication to enterprise alliances or cloud services – use pointsharp passwort for mobile services, instead of windows accounts – login with scratch cards, hardware token smartwatch, biometrics or one-time pin

fido

71G5MIq2OPL._SL1500_
review here

an alliance to provide passwordless experience and a secure second factor – a hardware device ensure the trust of identity @fidoalliance.org

microsoft announced “password-less sign-in to windows 10 & azure ad using fido2” @blog.microsoft

cloud

casb (cloud access security broker) check access based on security policy infront a a cloud service

iam (identity access management) manage user identities centralised, provide role-based access

emm alone can’t prevent users from accessing cloud services via unmanaged apps or browsers. neither iam nor casb have the visibility or ability to allow or deny access to a cloud service based on the state of the mobile device or application. @mobileiron

access.png

arrow be safe – review here for list of websites and whether or not they support 2fa

no excuses anymore

technology

wifi security today and attack vectors

because of current occasion …

… inside a wifi you could find your ip in android 8 settings > about > status, use unsecured services like sonos, scan for other clients, check open ports, bruteforce backend services (router, firewall)

open wifi – in 2018 none should access untrusted unsecured wireless networks anymore

wpa encryption – works with “handshake” to ensure trust between devices – wpa2 added advanced encryption standart (aes) – wpa2 is vulnerable: key reinstallation attacks – wi-fi alliance announced wpa3 with additional security features

public wifi – when accessing a wifi while shopping, your devices are redirected to a captive portal to accept policies and establish a secure connection

vpn – apps like nordvpn esablish secure connection to add another layer of security, browse incognito through the internet

business – could use radius protocol to check validity of authentification – further enroll client certificate via mdm to authenticate via 802.1x – aruba clearpass can check devices status in mdm to ensure security and trust at the entire cycle

rouge access – attacker can fake access points to start a man in the middle (mitm) attack, intercept your private data, for example this pineapple nano

hashcat – new technique allow to get all the information they need to brute force decrypt a Wi-Fi password, by snooping on a single data packet going over the air

ssl srip – a method to redirect traffic from https to http to force unencrypted transport – every passcode is unprotected, even it is shown as secure

secure-info.jpg

mobile devices management – is a way to protect company devices, e.g. disallow profile installation – but in a byod or mam-only scenario you can’t disable all features

mobile thread defense – mtd is for private and business devices, check behaviour and use ai to protect – like lookout as cloud service and additionally on device like zimperium, partners with mobileiron

microsoft, technology

windows managed kiosk

kiosk is a configuration for single purpose devices(cosu) e.g. info stand or remote work device – provide conditional access in public and semi public areas – ios could set in supervised mode and enable device owner for android to convert consumer devices to fit business needs

autostart is a convenient but unsecure way accomplish a kiosk like behavior and with app locker it is possible to blacklist apps, but both are not an enterprise solution

assignedaccess1assigned access to assign an app to a user – just universal windows platform(uwp) or modern apps are supported – located in settings > familiy and other users > set up assigned access – this could remote configured via syncml or powershell

assignedaccess3.png

once you have set everything up, simply relogin to the selected account, the app automatically launch

z-order for views when the app is running in lock modekiosk apps already existing next to mdm, uses the technoligy – microsoft advices how to build your kiosk app – there a separate layer to develop it and even quit assigned access via software

lockHost->RequestUnlock();

hosted web apps are the easiest way to pin a webpage to a windows client in a kiosk setup – like web clips for ios devices, since ios 11.3 it could arranged with the home screen layout– create a web view with windows template studio

fall update 1709 with it’s windows release it is possible to select allowed apps, provide a startlayout and disable taskbar, even device win32 applications – remote configured via mobile device management

assignedaccess2.png.jpg

spring update 1803 published days ago, assinged access csp advanced to configure shell launcher – “you cannot configure both assigned access and shell launcher on the same system” – additionally the accounts csp added to create a new local windows account

Accounts CSP diagram

since microsoft doesn’t provied any smartphone – it is prepared persist in enterprise – outlook to new build 17661, a modern snipping experience

windowsredstone5.gif

 

 

technology

everything just cloud

from bad weather to increase productivity – pamphlet for the cloud

  • flexibility – easy to setup, scalable according to your requirements, highavailable
  • technology – hosted private or public, a mix of both as hybrid or as community cloud
  • security – encryption, access control, access rights, identity management

a service could be as secure or reliable as possible – it is all about trust

pictured from faz

cloud access security broker (casb) is state ot the art technology to utilize security where trust is missing, e.g. mobileiron access ensure secure access of trusted devices from mobile to cloud services

mobileIron access

google, technology

android tips & tricks everyone should know

  • android developer – customize your device like a pro, go to settings > about phone and tap the build number 7 times – successful enabled, e.g. select developer options from the main Settings and scroll down to enable force activities to be resizable or speed up your device by slowing down or turning off animation scale

developer_options

  • split-screen – android support to open 2 apps at the same time, press and hold the recent apps button, with developer feature enabeld above almost every app work in split-screen mode, move slider up/down to fit your needs
  • chrome bar bottom – easy the use with url and search bar at bottom, right at your fingertips tips – open the url chrome://flags in chrome and enable chrome home
  • quick last app switch – quick double tab the recent apps button
  • picture in picture – overlay an app above another since android oreo, more flexible than split-screen, in full screen mode simply tab the home button, search in settings picture-in-picture to list supported apps – youtube offers pip just with it’s red abo
  • lockscreen message – when device is lost and locked, an honestly finder is able to inform about your contact data, you’ll find the info at the lockscreen

  • screen pinning – quick and easy setup a kiosk mode, just enable screen pinning in settings, tab pin at recent apps button, disable by touch and hold back key

    This slideshow requires JavaScript.

  • fake gps – to hide or fake the position of your device, select a mock location app in developer settings and try like this

apple, technology

dual-sim

travelling between two countries or managing dual persona at the same device

in enterpise those solutions are quote interesting, provide full flexibility with just one device

  • Android support DUAL-SIM/MULTIPLE SIM cards in API since ANDROID 5.1
  • Samsung KNOX support Enterprise billing on dual SIM devices

  • first dual-sim phone was the benefon twin in 2000, sim card needs to be selected at phone launch
  • 2003 dual-adapter became popular, but it was still not possible to use both at the same time
  • several chinese device spotted beginning 2006, samsung’s first dual-sim device d880 was released in 2007
  • 2012 Nokia released a cheap nokia 101
  • beginning 2014 microsoft provied dual-sim devices 530 and 630

read more: huawei’s flagship devices with dual sim

  • update: 12.09.2018 apple released iPhone XR, XS and XS Max , all got dual-SIM capabilities, one will be a physical SIM card and the other an eSIM (embedded SIM), a chinese only device will hold two physical cards
  • hopefully those solutions are from the past

51865.jpg

technology

approved travel gadgets

…within several years on the road and rail, some gadget needs to be highlighted:

smartphone – mobile swiss knife – huawei mate 10 pro or huawei p20 pro, multi sim, 4000 mAh akku, octa  core cpu

Huawei 774268 Mate 10 Pro Smartphone 128GB Brand Tim
review here

powerbank – requisite, power on the go, at least 20.000 mAh, several ports, usb-c recommended

review here

multi usb cable – get rid of to many cable, be prepared for every device

review here

organiser bag – stay productive inside your bag – sort cable, adapter and etc.

review here

privacy screen – mandatory in public, protect your screen from unwanted looks

Privacyguard / Blickschutz Folie Filter Privacy 60 Grad / Für Laptop Notebook Monitor / 12,5 Zoll / 16:9 Widescreen (12,5 Zoll - 31,6cm)
review here

 

… some kind of windows notebook running mac vm [related post] rounds the entire setup, surface aren’t recommended – see why

IMG_20180409_074502.jpg

apple, innovation, technology

managed ios contacts

restriced access to enterprise contacts … a long journey to find its holy grail in ios 11.3

grant or deny access to your contacts

was introduced in ios 6, since 2012 it is possible to decide which apps is allowed to access your contacts – there were no api to configure the setting in an enterprise environment, block access from apps like facebook, whatsapp, line, viber, path, e.g. to enterprise contacts – with containerization you can restrict enterprise content from unauthorized access, along with usabilitity limitations

grant contact access ios 6

allow open documents from unmanaged apps to managed apps

was presented in ios 7 release, since then enterprise management was able to restrict data exchange from untrusted, unsecure, private (unmanaged) to enterprise apps (managed) – apple´s native mail is per default a private app

arrow read: how to setup outlook of ios enterprise devices

managed domains

to separate the private from enterprise accounts inside the mailapp, apple enabled this setting in ios 8 – managed domain remain blue, unmanaged marked as red – mail and web domains respect the “allow open documents from…” restriction to interact with managed apps, except the contacts

manged_domains

ios call kit

announced in ios 10, call kit improves the usability when called and even contacts secured inside a container, the name is resolved and displayed

prevent contacts in managed accounts from being used in unmanaged apps or accounts

finally, apple introduced this feature within ios 11.3 – only managed apps able to access managed contacts, this closes the gap to securely use apple mail in an enterprise environment

arrow read: how oauth changed in ios12

allowManagedToWrite UnmanagedContacts & allowUnmanagedToRead ManagedContacts

ios12 improve contact management since managed open-in restriction to enhance the managed from unmanaged separation for secure byod deployments, payload need to be deployed via mdm

arrow view how to: “managed ios contacts” & “ios managed domains” attached

google, innovation, technology

amp – accelerated mobile pages

accelerated mobile pages is an open-source standard for any publisher to load pages quickly on mobile devices, supported browser currently are

amp2

amp3google added the ability to the amp header that makes it possible to open or copy the non-amp link, also load a webpage as non-amp with this noamp app

some web developers have expressed concern that google is getting too much say in how the web operates.

@firstpost

the intelligence spreading further with gmail integration, other mail provider can adopt amp as well – a price tag is always up to date, no matter when you open the mail or enter feedback without opening the browser

update: development of a new accelerated Mobile pages (amp) component enabling publishers to acquire user consent is underway and accepting comments.

technology

domino v10

ten years after last important release 8.5, there will be a version 10 in 2018, maybe at october 10th *g*

imb signed strategic partnership with hcl technologies or was just an offload, ibm still continue to sell, improved should the rate of new features

domino2

#domino2025 jams took place to get feedback, the results were presented at feb 28th – basically it ist about better integration (adfs, saml), better features set that missing since years and enhancement development with nodejs …

domino4

notes revenue grew all four quarters of 2017, the first time since 2011

sadly ed brill left IBM, he even started at lotus, ibm acquired lotus software in 1995, ed announced last year “there is no end of life planned for notes and domino”

general, technology

got leaked?

are you really sure that your account is/was not compromised – hasso plattner institute analysed over 5 billion leaked user accounts – your able to check if it’s listed in at least one stolen or unlawful published identity leak

they further analyse password qualityastonishing how easy password are still in 2018

password quality

need an extra layer of security ? use multi factory authentication, two factor authentication, 2fa, two step verification or fta – additionally to username and password are further method is requested to successfully authenticate like

  • software token
  • hardware token
  • sms token
  • google authenticatorandroid | ios
  • microsoft authenticatorandroid | ios

a lot of services currently offer this security, you just need to enable it

gotleaked3e.g. fedex exposed thousands customer records on a password-less server, companys should care about your data as well, especially for european citizen because of gdpr

general, google, technology

android (almost) enterprise

…launched in 2015, renamed in 2017 from android for work and now it’s time for enterprises to adopt android’s modern device management

androidenterprise2.pngapproach of google to manage devices, regardless of any vendor, to better integrate android in enterprise

device admin api’s started deprecating some features, emm system unable to reset device passcode for android 7.0 devices, google will deprecate further in android “p” release in 2018 and stop working with major release of android in 2019

not yet – tested a lot of android’s feature to get a markable footprint in enterprise, realized use cases to bring value for customers but unfortunately android enterprise can’t replace device admin, that’s why…

enrollment – apple’s devices can centralized ordered, prepared and assigned to an emm system via dep (device enrollment program) – google’s pendant zero touch enrollment is currently just available for android 8.1 and pixel devices – samsung got it’s own knox mobile enrollment (kme) which depends on the installed knox version and is for sure just available for samsung devices – a fully managed samsung device via android device owner needs at least knox version 2.8, otherwise you need to prepare all devices locally via qrcode or nfc

certificate authentication is a basic requirement for a secure enterprise deployment, with am emm you’re able to enroll client certificates and distribute via android enterprise to mobile devices – but with current emm tools it’s further possible to achieve a seamless authentication with kerberos constrained delegation, the continuous synchronisation is provided even a user change his password

vpn started a full device tunnel for windows notebooks, beginning with ios is was possible to configure dynamic vpn based on domain rules, even vpn connection can secure a single app, with android enterprise it is possible to setup the vpn just for work content – was missing? a simple “on demand” could stop draining battery life from “always on” vpn or prohibit mistakes if forgot to “manually” enable it

reliability – inconsistent experience noticed – depending of build version, huawei ignore that device passcode is already set – lenovo yoga missing android enterprise enrollment capability – when sending a (private) picture via (secure) mail, login to work container, attachment lost in mail – honor device completly ignore passcode policy for work container – convert phone number to link in gmail is just working sometimes @theverge 

use cases could realized with android enterprise, e.g. silent app and unattended certificate installation is possible for non-samsung devices could , comparing to device admin, but there’s space for improvement…

androidenterprise.png