Jun
10
2019
--

Apple is making corporate ‘BYOD’ programs less invasive to user privacy

When people bring their own devices to work or school, they don’t want IT administrators to manage the entire device. But until now, Apple only offered two ways for IT to manage its iOS devices: either device enrollments, which offered device-wide management capabilities to admins or those same device management capabilities combined with an automated setup process. At Apple’s Worldwide Developer Conference last week, the company announced plans to introduce a third method: user enrollments.

This new MDM (mobile device management) enrollment option is meant to better balance the needs of IT to protect sensitive corporate data and manage the software and settings available to users, while at the same time allowing users’ private personal data to remain separate from IT oversight.

According to Apple, when both users’ and IT’s needs are in balance, users are more likely to accept a corporate “bring your own device” (BYOD) program — something that can ultimately save the business money that doesn’t have to be invested in hardware purchases.

The new user enrollments option for MDM has three components: a managed Apple ID that sits alongside the personal ID; cryptographic separation of personal and work data; and a limited set of device-wide management capabilities for IT.

The managed Apple ID will be the user’s work identity on the device, and is created by the admin in either Apple School Manager or Apple Business Manager — depending on whether this is for a school or a business. The user signs into the managed Apple ID during the enrollment process.

From that point forward until the enrollment ends, the company’s managed apps and accounts will use the managed Apple ID’s iCloud account.

Meanwhile, the user’s personal apps and accounts will use the personal Apple ID’s iCloud account, if one is signed into the device.

Third-party apps are then either used in managed or unmanaged modes.

That means users won’t be able to change modes or run the apps in both modes at the same time. However, some of the built-in apps like Notes will be account-based, meaning the app will use the appropriate Apple ID — either the managed one or personal — depending on which account they’re operating on at the time.

To separate work data from personal, iOS will create a managed APFS volume at the time of the enrollment. The volume uses separate cryptographic keys which are destroyed along with the volume itself when the enrollment period ends. (iOS had always removed the managed data when the enrollment ends, but this is a cryptographic backstop just in case anything were to go wrong during unenrollment, the company explained.)

The managed volume will host the local data stored by any managed third-party apps along with the managed data from the Notes app. It also will house a managed keychain that stores secure items like passwords and certificates; the authentication credentials for managed accounts; and mail attachments and full email bodies.

The system volume does host a central database for mail, including some metadata and five line previews, but this is removed as well when the enrollment ends.

Users’ personal apps and their data can’t be managed by the IT admin, so they’re never at risk of having their data read or erased.

And unlike device enrollments, user enrollments don’t provide a UDID or any other persistent identifier to the admin. Instead, it creates a new identifier called the “enrollment ID.” This identifier is used in communication with the MDM server for all communications and is destroyed when enrollment ends.

Apple also noted that one of the big reasons users fear corporate BYOD programs is because they think the IT admin will erase their entire device when the enrollment ends — including their personal apps and data.

To address this concern, the MDM queries can only return the managed results.

In practice, that means IT can’t even find out what personal apps are installed on the device — something that can feel like an invasion of privacy to end users. (This feature will be offered for device enrollments, too.) And because IT doesn’t know which personal apps are installed, it also can’t restrict certain apps’ use.

User enrollments will also not support the “erase device” command — and they don’t have to, because IT will know the sensitive data and emails are gone. There’s no need for a full device wipe.

Similarly, the Exchange Server can’t send its remote wipe command — just the account-only remote wipe to remove the managed data.

Another new feature related to user enrollments is how traffic for managed accounts is guided through the corporate VPN. Using the per-app VPN feature, traffic from the Mail, Contacts and Calendars built-in apps will only go through the VPN if the domains match that of the business. For example, mail.acme.com can pass through the VPN, but not mail.aol.com. In other words, the user’s personal mail remains private.

This addresses what has been an ongoing concern about how some MDM solutions operate — routing traffic through a corporate proxy meant the business could see the employees’ personal emails, social networking accounts and other private information.

User enrollments also only enforces a six-digit non-simple passcode, as the MDM server can’t help users by clearing the past code if the user forgets it.

Some today advise users to not accept BYOD MDM policies because of the impact to personal privacy. While a business has every right to manage and wipe its own apps and data, IT has overstepped with some of its remote management capabilities — including its ability to erase entire devices, access personal data, track a phone’s location, restrict personal use of apps and more.

Apple’s MDM policies haven’t included GPS tracking, however, nor does this new option.

Apple’s new policy is a step toward a better balance of concerns, but will require that users understand the nuances of these more technical details — which they may not.

That user education will come down to the businesses that insist on these MDM policies to begin with — they will need to establish their own documentation, explainers, and establish new privacy policies with their employees that detail what sort of data they can and cannot access, as well as what sort of control they have over corporate devices.

Feb
21
2019
--

Microsoft bringing Dynamics 365 mixed reality solutions to smartphones

Last year Microsoft introduced several mixed reality business solutions under the Dynamics 365 enterprise product umbrella. Today, the company announced it would be moving these to smartphones in the spring, starting with previews.

The company announced Remote Assist on HoloLens last year. This tool allows a technician working onsite to show a remote expert what they are seeing. The expert can then walk the less-experienced employee through the repair. This is great for those companies that have equipped their workforce with HoloLens for hands-free instruction, but not every company can afford the new equipment.

Starting in the spring, Microsoft is going to help with that by introducing Remote Assist for Android phones. Just about everyone has a phone with them, and those with Android devices will be able to take advantage of Remote Assist capabilities without investing in HoloLens. The company is also updating Remote Assist to include mobile annotations, group calling and deeper integration with Dynamics 365 for Field Service, along with improved accessibility features on the HoloLens app.

IPhone users shouldn’t feel left out though because the company announced a preview of Dynamics 365 Product Visualize for iPhone. This tool enables users to work with a customer to visualize what a customized product will look like as they work with them. Think about a furniture seller working with a customer in their homes to customize the color, fabrics and design in place in the room where they will place the furniture, or a car dealer offering different options such as color and wheel styles. Once a customer agrees to a configuration, the data gets saved to Dynamics 365 and shared in Microsoft Teams for greater collaboration across a group of employees working with a customer on a project.

Both of these features are part of the Dynamics 365 spring release and are going to be available in preview starting in April. They are part of a broader release that includes a variety of new artificial intelligence features such as customer service bots and a unified view of customer data across the Dynamics 365 family of products.

Feb
05
2019
--

Coda’s programmable document editor comes out of beta, launches iOS app

Coda, which is coming out of its limited beta today, wants to reinvent how you think about documents and spreadsheets. That’s about as tough a challenge as you can set yourself, given how ingrained tools like Word, Excel and their equivalents from the likes of Google, Zoho and others are. Coda’s secret weapon is that it combines text and spreadsheet functionality into a single document, with the ability to build some basic programming into them and add features from third-party services as a bonus.

In addition to opening up the service to anyone, Coda also today launched its new mobile app for iOS (with Android following at some point in the future).

“It’s the best of documents, spreadsheets, presentations, applications — all brought into one new surface,” Coda founder and CEO (and former head of product for YouTube Shishir Mehrotra told me. “But the phrase we like to use is that Coda allows anyone to make a doc as powerful as an app.”

You’re not going to use Coda, which was founded in 2017 and received funding from VC heavyweights like Greylock, Khosla Ventures and NEA, as a full-blown low code/no code service. It’s still a bit too limited for that. But you can use it to build your own custom inventory system, for example, or to build a basic CRM or to-do app that fits your specific needs. Or you could just use it as an online text editor and then slowly add features like third-party integrations with the likes of Slack or Figma as needed. All of that is easy enough for anybody who has ever used a function in Excel or Google Sheets.

So far, tens of thousands of people have used the service during its private beta. Mehrotra tells me that about 15 percent of them are from the Bay Area and that a good amount of them simply use the service as a basic document editor.

The new iOS app, unsurprisingly, mostly focuses on consuming content and using the functions that you have built in the web app. It’s unlikely that you’ll want to build a whole new experience on your phone, after all. In the demos I’ve seen, Coda nicely transforms cells and their functions into usable tables and cards on the iPhone.

Oct
19
2017
--

Apple’s enterprise strategy begins to take shape

 When Apple announced its partnership with GE this week, it would have been easy to dismiss it as another random collaboration from a company people don’t generally associate with the enterprise. After all, Apple killed off their enterprise server product years ago. You might rightly ask, what exactly do they have to do with the enterprise these days? But if you consider the notion of… Read More

Oct
18
2017
--

Apple and GE announce deep partnership

 While Apple has had its share of enterprise partners in recent years including IBM, Cisco and SAP, today’s announcement that it will be working directly with GE feels a bit different with the two companies more closely intertwined than in previous deals. Apple and GE have committed to build a set of development tools and to develop apps together using Apple’s design sensibility… Read More

Aug
29
2017
--

Apple and Accenture teaming up to help enterprises build advanced mobility tools

 There is a general misconception that Apple is strictly about consumer tools, but the fact is that the company has a big presence in the enterprise just by the sheer number of iPhones and iPads in the business world. It also has some high-profile partnerships with hefty enterprise vendors like IBM, SAP and Cisco. Today, Apple announced that it is building on those relationships with a brand… Read More

Nov
07
2016
--

Gmail’s iOS app gets a familiar new look, improved search and undo send

img_2923 Gmail users on iOS – if you haven’t downloaded it yet, there’s likely a new version of Gmail waiting in your queue. Google’s near ubiquitous electronic mail application is getting some key upgrades for version 5.0.3, including, notably, a revamped UI that makes it look just like the native Android version of the app. Along with a more defined color scheme and more… Read More

Jun
21
2016
--

Microsoft brings SharePoint to iOS

sharepoint-ios Microsoft announced this morning the launch of a new mobile app for SharePoint customers aimed at bringing a company’s SharePoint-powered intranet portal and its content to users’ smartphones and tablets. The app is initially available on iOS – meaning it will work on iPhone and iPad – but it will arrive on both Android and Windows platforms before year end,… Read More

May
05
2016
--

SAP announces new partnership with Apple to expand iOS in the enterprise

A man walks up the stairs at the Apple Store in Grand Central Station February 25, 2016. 
Apple has been in a legal fight with the government in the San Bernardino case, where the FBI wants the company to help hacking the iPhone of Syed Farook, a US citizen, who gunned down 14 people with his Pakistani wife Tashfeen Malik in the California city in December. / AFP / Timothy A. CLARY        (Photo credit should read TIMOTHY A. CLARY/AFP/Getty Images) SAP announced a broad partnership with Apple today to bring iOS to SAP’s enterprise customer base. The announcement comes almost two years after Apple made a similar deal with IBM. Steve Lucas, president for SAP’s Digital Enterprise Platform says while it’s natural to see similarities between the two deals — two large enterprise companies making a deal with Apple… Read More

Aug
31
2015
--

Apple And Cisco Ink Nebulous Enterprise Partnership

apple-wwdc-20150411 Apple playing nicely with enterprise companies is a sight for sore eyes. The edict that Microsoft has enterprise on lockdown is dissipating. Huge enterprise player Cisco and Apple announced a “Fast Lane” for iOS enterprise users, which promises a more streamlined and optimized experience for those enterprise customers using Cisco networks and products. There aren’t a lot… Read More

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com