Managed device attestation in iOS 16

Apple @ Work is brought to you by Mosyle, Apple’s only unified platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple platform, allowing businesses and schools to easily and automatically provision, manage and protect all their Apple devices. Over 32,000 companies use Mosyle solutions to automate the deployment, management and security of millions of Apple devices every day. Request a FREE account today and discover how you can put your Apple fleet on autopilot at a price you won’t believe.

Security has never been a more critical part of an IT department’s budget, time and attention. Remote working has continued to change the way security improvements are made as the focus has shifted from securing the campus network to securing the device. This week I want to take a look at how Managed Device Attestation will impact IT pros looking to support remote workers.

About Apple@Work: Bradley Chambers managed an IT business network from 2009 to 2021. With experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, hundreds of Macs and hundreds of iPads, Bradley will demonstrate ways Apple IT managers are deploying Apple devices, building networks their support, educate users, stories from the IT management ditch and ways Apple could improve its products for IT departments.


Before working remotely, IT departments spent a lot of time focusing on security by location. If users need to access corporate resources such as websites, servers, and databases, ensure they can set up a VPN tunnel or that they must be on campus. Security was essentially designed to protect resources with a security boundary. Unfortunately, this model hasn’t kept up with the way people interact with modern and distant organizations. As cloud service providers place resources outside of campus boundaries, threats can emanate from within the office.

Apple’s answer to this problem is called Managed Device Attestation and it comes with iOS 16. Managed Device Attestation is a new security feature for iPads and iPhones that uses the Device Secure Enclave to provide strong assurances that the device requesting access is the device is what it is claimed to be.

These security enhancements require only trust in Apple’s Secure Enclave and authentication servers, which access Apple’s manufacturing records and operating system catalog. If you use the devices and store data on them, you probably already trust them anyway. Managed Device Attestation takes the typical security posture (identity, location, time, connectivity, management, etc.) and takes it to the next level.

Completion of the Managed Device Attestation

The MDM DeviceInformation command has been enhanced to provide the benefits of attestation to the MDM server. Apple has also added support for an ACME (Automatic Certificate Management Environment) payload. I’m not going to get into the technical weed about Managed Device Attestation, but I would like to draw your attention to Apple’s presentation at WWDC on the subject. Apple details how Managed Device Attestation ensures IT professionals know that devices interacting with infrastructure are the device they say they are. In a world that’s a mix of SaaS apps, on-premises servers, remote and hybrid work, Managed Device Attestation is an incredible way for IT pros to increase security using Apple’s hardware (Secure Enclave) with a strong software integration .

FTC: We use income earning auto affiliate links. More.


Visit 9to5Mac on YouTube for more Apple news:

Leave a Comment

%d bloggers like this: