It’s an exciting time of year for Apple lovers-- here comes the next OS updates! Whether you’re just hoping the update includes that emoji you’ve been waiting for, or if you want enhanced privacy and security, the little red dot on your settings app is sure to catch your attention.
Apple takes care in each iteration to add new privacy and security features, and iOS 16 is no exception. At Jamf, we know this is part of why users love Apple-- you can trust us to build and extend on Apple’s security features, whether on your personal or your company-issued devices.
It’s the safety dance
While our personal lives came to a screeching halt during the pandemic, technological innovation accelerated as we were forced to physically separate from our friends, families and workplaces. Now, whether you’re fully remote, in a hybrid model or transitioned back into the workplace full time, what remains consistent is that we rely on our mobile devices more than ever.
We all have different security needs. Apple has introduced security measures for the average user as well as those needing extreme levels of security.
This new iOS cracks down on pasteboard permissions. Similar to camera and microphone usage, apps must now receive user permission to access the clipboard to copy and paste content. This adds another layer of security to ensure your data remains in the right hands.
Cyber threats move quickly; so should your security. The new Rapid Security Response feature doesn’t rely on the the managed software update delay, keeping your devices secure even if you’ve deferred the next OS update ten times already. And admins can trust that their devices are secure and end users are still productive without having to push out a new OS that isn’t yet tested with their apps and workflows.
Some users require next-level security measures to protect their devices-- and themselves. iOS 16 has Lockdown Mode for activists, journalists, and anyone who may be targeted by sophisticated cyberattacks. This mode heavily limits or disables a number of features, apps and websites. Most attachment types are blocked in Messages, FaceTime calls are restricted to contacts, web browsing is limited and configuration profiles are blocked from installation. This feature is disabled by default, and can be enabled in the Privacy and Security section of the Settings app for users needing drastic security measures.
iOS 16 offers the use of passkeys instead of your traditional password on compatible sites. Passkeys, like Touch ID and Face ID, rely on biometric information totally unique to you. This reduces the need for MFA and the likelihood of phishing attacks. Passkeys are a great technology, particularly for consumers who might not currently use a password manager. But when it comes to organizational use, there is always a need for extra layers of defense. Businesses and schools should not rely on any single technology to protect their sensitive data. Beyond passkeys, businesses should be layering on critical device and patch management tools, endpoint security, and web filtering technologies that work together to protect the user from a variety of threats.
Takin’ care of business(es)
It’s official: offices are no longer tied to corporate buildings but to people’s homes and locations of choice. This effectively antiquated perimeter security and VPNs as applications and data are moved into the cloud. Resources now live outside the perimeter and threats can spoof legitimate clients to infiltrate or start from within.
Apple introduced Managed Device Attestation (MDA) with this in mind, helping keep your company’s assets safe and secure. MDA stringently determines the identity of mobile devices attempting to connect to your network. It offers two ways to use attestation certificates. Your MDM server can obtain a device attestation from Apple’s servers by using the newly-enhanced DeviceInformation query and new keys. To further prove the device’s identity is authentic, a now supported Automatic Certificate Management Environment (ACME) payload profile can be installed. With a profile containing an ACME payload, your device provides an attestation to an organization ACME server. Based on this, the ACME server can now issue a new client certificate trusted by your servers. These two new attestation certificates prove that:
- The device is genuine Apple hardware
- The device is a specific device
- The device has certain properties
- A private key is bound to the device
In late 2021, Apple introduced Apple Configurator for iPhone, allowing admins to manually add Mac to Apple Business Manager. Now, with iOS 16 and iPadOS 16, admins can add iPhone and iPad to Apple Business Manager right from their iPhone instead of being tied down to a Mac and a cable. By simplifying the device management process, it’s easier to keep more of your company devices safe under the blanket of your MDM.
Have you ever used the Sign in with Apple feature? Maybe you’ve downloaded a new app, and instead of making a new app-specific account, you’ve signed in with your Apple ID by selecting that black and white box. This way, you don’t have to remember yet another password or put your email on another list. This convenient and secure method is now available with managed Apple IDs. Administrators and people managers can control which apps can use Sign in with Apple, providing greater security oversight.
Simplify your upgrading process
Learn how to prepare for OS upgrades
Have market trends, Apple updates and Jamf news delivered directly to your inbox.