It isn’t just consumer technology. Apple is also working to make enterprise technology more private, like Bring Your Own Device (BYOD) programs. Apple announced a new type of mobile device management (via TechCrunch).
Apple has a video explaining the new system here. There are three components to the new system:
- Managed Apple ID
- Separate APFS volume for the managed Apple ID
- Limited management capabilities for IT
This is designed to help keep personal data and work data separate. The managed Apple ID will be the work ID created for you by your company’s IT department. It will live in a separate APFS volume, with separate encryption keys. When the enrollment period ends, the volume and keys are destroyed.
The volume will contain data stored by managed third-party apps, managed data from Apple Notes, a managed keychain for passwords and certificates, authentication credentials for managed accounts, and mail attachments with full email bodies.
IT won’t be able to manage personal apps and their data. User enrollments in this new system also won’t provide a UDID or any other persistent identifier. It will create a new enrollment ID used with the MDM server and destroyed when enrollment ends.
Personal data also won’t go through the company’s VPN. Only traffic that matches the business domains will pass through. Example: mail.work.com will pass through the VPN, but not mail.personal.com.
[MDM Hack Targeted 13 iPhones With Malicious Apps]