Apple Works to Make BYOD Company Programs Private

It isn’t just consumer technology. Apple is also working to make enterprise technology more private, like Bring Your Own Device (BYOD) programs. Apple announced a new type of mobile device management (via TechCrunch).

MDM Enrollment

Apple has a video explaining the new system here. There are three components to the new system:

  • Managed Apple ID
  • Separate APFS volume for the managed Apple ID
  • Limited management capabilities for IT

This is designed to help keep personal data and work data separate. The managed Apple ID will be the work ID created for you by your company’s IT department. It will live in a separate APFS volume, with separate encryption keys. When the enrollment period ends, the volume and keys are destroyed.

wwdc 2019 MDM BYOD

The volume will contain data stored by managed third-party apps, managed data from Apple Notes, a managed keychain for passwords and certificates, authentication credentials for managed accounts, and mail attachments with full email bodies.

IT won’t be able to manage personal apps and their data. User enrollments in this new system also won’t provide a UDID or any other persistent identifier. It will create a new enrollment ID used with the MDM server and destroyed when enrollment ends.

Personal data also won’t go through the company’s VPN. Only traffic that matches the business domains will pass through. Example: will pass through the VPN, but not

Further Reading:

[Parental Control Apps Removed Over Security Concerns, Apple Insists]

[MDM Hack Targeted 13 iPhones With Malicious Apps]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.