![]() Note: Check out our MDM simulation to learn more about our MDM configuration settings. Apple now supports using a DNS Proxy just for individual apps by specifying the UUID of the new configuration within the app management dictionaries during installation. Making sure network traffic goes where admins direct it is an important task for any device. ProxiesĪpple Devices have supported the configuration of proxies via MDM configuration profiles, including Global HTTP Proxies, and a Network Proxy Configuration, as well as DNS Proxies. This is a big feature for some diverse carrier groups, and one of those if-you-know-you-know sort of things. The good news is a new setting will allow admins to set APNs to include 464XLAT, which translates back and forth between IPv4 and IPv6 and back again. The same is true for our cellular carriers. Knowing how to handle the translations between IPv4 to IPv6 and back again is equally challenging. One of the hardest things for anyone to do in 2022 is understand when to use IPv4 instead of IPv6. This new framework has the potential to revolutionize Zero Trust postures in your organization and prove that devices are legitimate at authentication time. This includes certs backed in the Secure Enclave of devices that generate private keys, but can never be exported. Undoubtedly, Apple has produced some incredibly secure ways of proving device and user identity to a given service. These ACME certs are also at the core of Apple’s new Device Attestation framework for iOS, iPadOS, and tvOS. Based on JSON objects transmitted over TLS, this is a better way to a) get some certs on your devices and b) use them with your own apps and services to keep your environment secure. The old SCEP method of generating certificates that all sides can trust actually predates TLS encryption, so having a replacement for a new era of certificates sounds pretty dandy.Īpple has decided to support the ACME protocol, which originated out of Let’s Encrypt’s CA infrastructure. Solving the chicken and egg problem related to how to generate the right kinds of device trust has always been a challenge. In addition, the Kerberos version of the SSOE will now support falling back to Platform SSO, allowing you to use IDP-backed authentication if Kerberos TGTs are unavailable at the time of authentication. These keys allow admins to use either passwords or hardware-backed elliptical curve certificates to handle device authentication to the IDP. These are additions, including two new keys that will help power the Platform SSO feature:ĪuthenticationMethod and RegistrationToken, both of which are used by your IDP’s Platform SSO Extension. Authenticationįirst up, are changes to the keys for Extensible SSO, first released with macOS Big Sur. Let’s review the Documentation section by section. But Apple has updated several policy keys, some of which are incredibly exciting (especially to JumpCloud)! This is the only deprecation in the Profile-Specific Payload Keys section. Translation: if you’re hiding Preference panes from your users, you will need to file a Feedback with Apple to get a new management configuration. This restriction allows admins to hide individual Preference panes from the end user, but with the advent of the new System Settings app, this configuration is currently deprecated. Most notably, Apple has massively changed the SystemPreferences policy that has been around since macOS 10.7 Lion. Beta payloads may not work like you think, or at all, depending on implementation. Red Outline, – character: there is a deprecation in this object.įurthermore, Apple is now releasing some additions, like the ACMECertificate Payload, in Beta. ![]() Green Outline, + character: there is an additional behavior or setting. Purple Outline, ~ character: there is a functional change in this object. Select the value Xcode 13.3 to Xcode 14.0 beta 1 to compare between the current version of macOS Monterey and the beta version of macOS Ventura.Īpple uses symbols and colored outlines to indicate change: Check out the key in the upper right hand corner of the documentation page: Let’s start by talking about how we derive these changes - reading Apple’s Documentation:Īpple has a fantastic documentation system that clearly shows what’s changed between major and minor releases of macOS and iOS. Keep reading for an overview of what types of changes you can expect and how to optimize your mobile device management strategy. So, I rolled up my sleeves and got to it. I thanked them for their candor and request as many of us have yet to dive into Apple’s MDM documentation. ![]() That’s exactly what a friend in the Mac Admin community asked me recently. Last week, Apple released beta versions of the macOS Ventura operating system for desktops and the iOS 16 mobile operating system for mobile devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |