by Armen Gharibian
Practice Leader – Desktop & Applications
Apple has announced upcoming changes to its MDM workflow enrollment for manual profile installations starting with the beta release of iOS 12.2. This new process, targeted for late 2019, is intended to improve platform security for all iOS users.
According to Apple, the purpose for these changes is to protect iOS devices from malicious profile installations. Apple is now separating the process of downloading and installing updates to help prevent users from being tricked into installing an unintentional, malicious profile. This new workflow only impacts the initial enrollment into MDM. In the new enrollment process, users will no longer be automatically redirected from Safari to the device Settings.
Currently, attackers can trick users into installing configuration profiles (like VPN profiles to redirect traffic) from websites or email attachments. With the latest iOS beta and enrollment workflow, even if a user were to encounter a malicious website or email attachment, the device will download the profile, but then require the user to manually complete the profile installation through the Settings app.
As suggested, this new workflow requires additional steps for users to install their configuration profiles. But the new process does allow them to install profiles from a simple email request, or through a website portal. The changes do not affect the actual profiles installed by MDM solutions, or for MDM enrollment through Apple Business Manager, Apple School Manager, or profiles installed via MDM (Wi-Fi, Passcode, etc..). After MDM enrollment, additional profiles can be installed without user interaction.
VMware is also in the process of updating its Workspace ONE UEM platform as well as Workspace ONE Intelligent Hub are being made to include instructions and links for the enrollment process, to assisting users to complete successful iOS 12.2 enrollments.
Organizations will have the opportunity today to beta test this new workflow and prepare for its release. To preview this change, firms download betas from AppleSeed for IT (https://appleseed.apple.com/sp/welcome), Apple Developer Program (https://developer.apple.com/), and Apple Beta Software Program (https://beta.apple.com/sp/betaprogram/welcome).
If you have any questions or need assistance with this new profile installation workflow, please contact us at service@helient.com.