What is Managed Device Attestation?
Apple Mobile Device Management has become even more secure with the rollout of Managed Device Attestation in OS 16 (including iOS 16, iPadOS 16, and tvOS 16). Managed Device Attestation (MDA), in a nutshell, proves a device’s identity. It makes sure that only genuine and approved devices can connect to an organization's server. It ensures that the iOS/iPadOS identifier (UDID and serial number) is authentic; it also ensures that it hasn’t been altered or misused by an attacker.
MDA does this by using Apple’s Secure Enclave— a dedicated subsystem integrated into Apple systems on chip (SoCs). The Secure Enclave is isolated from the main processor and provides an extra layer of security. It’s designed to keep sensitive user data secure even if the application processor kernel becomes compromised.
How does MDA work?
Apple Admins can install a newly-supported Automatic Certificate Management Environment (ACME) payload profile through an MDM, such as Jamf Pro. With a profile containing an ACME payload, your device provides an attestation to an organization's ACME server. Based on this, the ACME server can now issue a new client certificate trusted by your servers.
These two new attestation certificates prove that:
- The device is genuine Apple hardware
- The device is a specific device
- The device has certain properties
- A private key is bound to the device
What attestation means for Apple and the IT industry
Apple’s unveiling of this capability at WWDC 2022 showcases its ability to adjust device security protections to the needs of an increasingly mobile workforce. Apple understands that security must evolve beyond traditional perimeter protections such as VPNs or firewalls.
A well-known and well-respected company like Apple building a feature that thoroughly commits to remote work indicates a wider acceptance of remote work. And a firm understanding that device management is an important building block for device security.
How MDA impacts Apple admins
MDA is a powerful tool for IT professionals to increase security using Apple’s hardware (Secure Enclave), and a Mobile Device Management solution, (MDM) such as Jamf Pro. This combination assures Apple admins that devices are what they claim to be. Those using MDM now have Managed Device Attestation, Apple Configurator updates, sign-in with Apple and Managed Apple IDs at their disposal.
How is Managed Device Attestation different?
Many organizations, including Jamf, have been focusing on user identity to aid a company’s security when remote workers access servers, and that’s a good thing. MDA focuses on device identity, which combines with user identity for a harder security posture.
Available with OS 16. Download our iPadOS and iOS Upgrades Guide For Beginners and upgrade today!
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.