BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Apple has added iOS enterprise features and programs that IT should be aware of to make their jobs easier and their...
devices more secure.
Apple iOS 12, expected in September, will be available to all devices that support iOS 11, but without Apple's traditional method of dropping support for any older hardware with each update. Administrators will not have to worry about older devices missing the latest security updates and bug fixes.
Explore what else is new with this update of iOS security features in the enterprise.
Options for securing Apple devices
IT gained the ability to delay a software update for up to 90 days on corporate-owned devices when iOS 11.3 was released in March. This device management feature gives IT the time to test updates and train users on the OS version.
BYOD organizations, however, still don't have control over iOS updates. In addition, iOS 11.3 classifies users' contact information as managed data to prevent unmanaged apps and accounts from accessing it.
Apple's Device Enrollment Program (DEP) simplifies the process for IT to enroll a new Apple device through automation. It eliminates extra work for IT and enables them to implement security protocols. Unlike Apple's previous device management tools, DEP prevents users from removing devices from the program.
Before an organization even receives the requested devices from Apple or an authorized seller, Apple signs the device up for the organization's mobile device management (MDM) server. Even if someone wipes the device, DEP automatically enrolls it again until IT disowns the device. DEP can also be combined with supervised mode to lock down some enterprise features, such as single app mode and control over OS updates.
Apple may eventually replace the DEP and the Volume Purchase Program with the new Apple Business Manager. IT can use the program for some device management tasks, such as managing accounts and policies, creating managed Apple IDs for admins, and streamlining the app purchasing experience.
Apple Business Manager includes some iOS security features, such as the ability to deactivate user accounts and set the level of passcode complexity that users must meet. Organizations will still need their enterprise mobility management tools, however, and Apple Business Manager cannot create Apple IDs for employees.
Updates in iOS 12 boost security, privacy
Users are often the biggest risks to mobile security, and the next OS aims to decrease vulnerabilities with some new iOS security features. Apple's iOS 12 enhances authentication, which puts pressure on users to implement stronger, more unique passwords, for example.
Apple's Security Code AutoFill will automatically fill in SMS one-time passcodes sent to a device without switching apps and copying codes, which makes two-factor authentication simpler. A new feature will also automatically create strong passwords and store them in iCloud Keychain. Another feature offers the additional bonus of alerting users if they have already used a password for another service and suggesting they change one of them.
Apple's newest OS comes with an influx of iOS security features. The Intelligent Tracking Prevention feature in Safari controls data acquisition from cookies, cracking down on third-party data collection. Plus, iOS 12 goes further to block social media sharing icons and comment widgets that collect information even if a user doesn't click on them.
To secure data and passwords, iOS 12 will require App Transport Security for data encryption and implement restrictions on password sharing and Password AutoFill. The iOS Password Manager API will also be able to access passwords stored in third-party password managers.