![](\"https:\/\/images.idgesg.net\/images\/idge\/imported\/imageapi\/2022\/06\/06\/11\/wwdc-2022-main-hero-100928697-large.3x2.jpg?auto=webp&quality=85,70\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jonny Evans| Date: Fri, 26 Aug 2022 09:43:00 -0700<\/strong><\/p>\n Announced at WWDC 2022<\/a>, Managed Device Attestation protection shows that Apple is adjusting device security protections to adapt to an increasingly distributed age.<\/p>\n This adjustment reflects a reality shift. Work doesn\u2019t happen on specific servers or behind defined firewalls today. VPN access can differ across teams. And yet, in a workplace defined by multiple remote devices (endpoints), the security threat is greater than ever.<\/p>\n Managed Device Attestation works to create a second boundary of trust around which device management solutions can work to protect against attack.<\/p>\n This is one of a wide and growing range of security enhancements coming to Apple\u2019s platforms, including declarative device management<\/a>, Rapid Security Response<\/a>, and Private Access Tokens<\/a>. All these solutions represent Apple\u2019s work to deliver rock-solid security in such a way as to also improve the user experience.<\/p>\n It\u2019s all about philosophy. Apple understands that security must evolve beyond traditional perimeter protections such as VPNs or firewalls. Protection must be put in place across the edge of the network and needs to become increasingly autonomous. After all, protection can\u2019t be wholly reliant on the data flow between device and server, as even that communication can be undermined.<\/p>\n Managed Device Attestation forms a proof point to help secure the device and confirm its identity. Think of it this way \u2013 you as a user may have proved who you are, and you may be in a location that your management systems see as viable \u2013 but how do you prove you are using a registered device?<\/p>\n That\u2019s what Managed Device Attestation seeks to do. It requires only that you trust the Secure Enclave on your device processor, and that you also trust Apple to attest to the status of the device.<\/p>\n Essentially, the highly secured process shares key identity and other characteristics of the device as evidence with which to reassure the service that the device is one it can support. The Secure Enclave provides evidence to Apple\u2019s attestation servers that the hardware is legitimate, Apple shares this with the service, and because the service trusts Apple the device is seen as legitimate.<\/p>\n The idea is to protect against use of compromised devices, situations in which an attacker is spoofing a service by pretending to be a legitimate device, or against attempts to access the network conducted by people who may have the users details but are working from an unrecognized device.<\/p>\n While you\u2019ll need to dig deep to get to grips with the technology behind the system<\/a>, a zoomed-out explanation follows:<\/p>\n At its simplest, when you want your device authorized and request permission to do so, the device sends key information such as user or device identity to the service to confirm it is who it claims to be. This information is secured, of course, and works via an Apple server.<\/p>\n The service looks at what it’s been told, compares it to its own records, verifies the message is genuine (as in signed and delivered by Apple\u2019s servers) and approves access. Attestation works thanks to MDM servers and the company\u2019s Automatic Certificate Management Environment (ACME) protocol, which makes attestation available to services beyond MDM.\u00a0<\/p>\n Managed Device Attestation will be available for iOS 16, iPad OS 16 and tvOS 16 as the new operating systems appear over the coming weeks. MDM providers such as Jamf will certainly embrace support for this once it appears.<\/p>\n Apple developers can find out more about Managed Device Attestation at the WWDC 2022 session<\/a> that explains it and within this extensive Device Management roundup<\/a> on Apple’s developer site.<\/p>\n Please follow me on\u00a0Twitter<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Jonny Evans| Date: Fri, 26 Aug 2022 09:43:00 -0700<\/strong><\/p>\n<\/p>\n