Enrollment is easy and driven by the user through native iOS/iPadOS user interface and federated authentication.Most employees no longer need to carry around two phones as privacy and transparency builds user confidence to adopt user enrollment on their own device.Conversely, a user is free to use iCloud Private Relay or their own VPN of their choice that will only apply to their unmanaged personal applications.įrom a Trusted Access perspective, this allows the solution architecture to treat the personal side of the device as "unsanctioned" while treating the work side of the device as "sanctioned".īy coupling this deployment strategy with Jamf technologies via Trusted Access: An IT administrator can only apply company VPN networking to managed work applications, with no ability to manipulate or intercept traffic on the personal side in any way. This separation even extends to networking. This allows a user to use a MAID without really knowing it: they just use their email address and IdP credentials to initialze and use them. with authentication provided by the organization's identity provider through a process known as federated authentication. MAIDs are special organization-managed Apple IDs that typically take on the form of the user's work email address (e.g. To support app installation and further separation of work and personal identity, Apple requires the use of About Managed Apple IDs (MAIDs) to create and use the Work partition on the device. Apple provides innovative and integrated Focus Filters that allow a user to hide work apps from view, disable notifications, and hide emails and calendar events when it is time to check out for the day. To the end user, Apple blends the work and personal apps at the user interface level, so it feels like the user has a single device. ![]() Administrators have limited but essential controls to manage data flow between the partitions for Data Loss Protection purposes. There is a strict firewall between work and personal, preventing IT administrators from having any visibility or control on data-in-motion or at-rest on the personal side. Work apps, accounts, and data are stored within a "managed" partition on the device, while personal apps and data are encrypted separately on the "personal" partition. ![]() Specifically, on a single physical device, user enrollment effectively enables two logical device partitions: one for personal use and one for work. Trusted Access depends upon the inherent, private-by-design architecture delivered by User Enrollment. User Enrollment is the native Apple-supplied vehicle to support personally-owned / BYO devices.* Trusted Access is specifically designed to leverage User Enrollment, with other BYOD strategies not supported by the solution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |