With iOS 11 expected in the fall, at VMware AirWatch we’re working to support and ensure our productivity apps are compatible with iOS 11. We’re especially excited about a few key features announced at the Worldwide Developers Conference (WWDC) that will help our customers easily deploy devices, make sure devices are properly configured and ensure devices are secure. Check out the iOS 11 preview webpage on Apple’s website for more information.
1. Device Enrollment Program
With iOS 11, any device will be able to be added to the Device Enrollment Program (DEP) using Apple Configurator 2. Previously, only devices purchased directly from Apple or a participating Apple Authorized Reseller could be added to DEP.
Devices added to DEP will be in a provisional period for 30 days, during which users can opt out to protect personally owned devices from accidently being added, supervised and managed with mobile device management (MDM). This will be especially useful for schools that may receive donated devices, for example. DEP provides a streamlined way to deploy corporate or school-owned devices, and we’re excited it will expand with iOS 11.
New skip keys are also coming with iOS 11 for DEP enrollment, including keyboard chooser and Apple Watch migration. Apple also expanded the DEP to include tvOS earlier this year and will support skip keys for signing into TV providers and to set up with iOS devices.
2. VPN Settings
Users are increasingly concerned about their digital privacy and protecting personal data. With the repeal of FCC rules that prevented internet service providers (ISPs) from selling personal data to third parties, many are recommending the use of a virtual private network (VPN). This article from PC Magazine outlines the concerns and recommendations. However, if users introduce their own VPN on a managed device, it can break down access to enterprise systems and mess with the device configuration.
With iOS 11, admins will be able to disable VPN creation. This will prevent users from taking matters into their own hands and allow enterprises to protect their users while giving them secure access to corporate resources.
3. Security Enhancements
Apple announced several new security enhancements to help protect iOS devices. With iOS 10.3, partial trust was introduced for manually installed certificates and certificate profiles. To establish full trust quickly, an automated installation with MDM is needed.
For AirPrint, custom ports will be supported and Transport Layer Security (TLS) can be set to required. And, for supervised devices, iBeacon discovery, credentials storage in iCloud Keychain and allowing AirPrint can all be configured.
And, although not a feature of iOS 11, we were excited to hear that App Transport Security (ATS) will be a requirement in 2018. ATS is a must for secure communications, and AirWatch is already compliant with the new requirement ahead of next year.
AirWatch Customer Recommendations
Customers, before the fall releases of these operating system updates, we encourage you to test compatibility with critical applications (including VMware apps), especially as pre-released versions are made available. If you encounter issues, work with your vendors to identify and fix the issue prior to the commercial release.
Keep in mind, beta software is not commercially released software, and there may be errors or things that do not function as well as released versions. Back up devices running iOS and macOS prior to accessing public betas. We also recommend installing beta software on a secondary device or partition.
AirWatch customers, read more about support, compatibility and current known issues at myAirWatch, and subscribe to the “Getting Ready for Apple Updates: iOS 11, macOS 10.13 and tvOS 11” article for updates.