Home Blog Page 3

Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry


Apple has struck a big blow against the mercenary “surveillance-as-a-service” industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.

Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers. Apple describes this protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”

In recent years, a series of targeted spyware attacks against journalists, activists, and others have been exposed. Names including Pegasus, DevilsTongue, Predator, Hermit, and NSO Group have undermined trust in digital devices and exposed the risk of semi-private entities and the threat they show against civil society. Apple has made no secret that it is opposed to such practices, filing suit against the NSO Group in November and promising to oppose such practices where it can.

“Apple’s newly released Lockdown Mode will reduce the attack surface, increase costs for spyware firms, and thus make it much harder for repressive governments to hack high-risk users,” said John Scott-Railton, senior researcher at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy.

“We congratulate [Apple] for providing protection to human rights defenders, heads of state, lawyers, activists, journalists, and more,” tweeted the EFF, a privacy advocacy group.

What does Lockdown Mode do?

At present, Apple says Lockdown Mode provides the following protections:

Copyright © 2022 IDG Communications, Inc.

10 next-level tricks for your Pixel Clock app


Google’s Pixel phones are practically overflowing with useful stuff. And some of the best options of all are things you’ve probably never even noticed.

That’s true for the Pixel’s core Android software as well as its Google-made apps — everything from the excellent calling-related features in the Pixel Phone app to the expanded array of advanced options in Google Assistant on Pixels.

It’s even true in apps that seem so basic and utilitarian, you’d never think they had anything interesting lurking in their dusty virtual corners.

Today, it’s time to explore one such app — the seemingly mundane Pixel Clock app that came preinstalled on your phone. The Clock app may appear to be a simple spot for setting a timer or alarm, but don’t let yourself be fooled: Beneath its second-ticking surface, that unassuming part of your Pixel has some powerful options that’ll make your life a whole lot easier.

Oh, and if you don’t have a Pixel, by the way, don’t worry: While the Clock app is the default time-keeping tool on Google’s self-made phones, you can actually download it on any Android device and get the exact same experience even outside of the Pixel universe.

All right — ready to see all the cool stuff your phone’s Clock app can do?

Copyright © 2022 IDG Communications, Inc.

How to set up and use Focus modes on iOS 16


Focus mode is Apple’s way of helping users get the task at hand done filtering out the noise. It’s available in iOS and for iPads and Macs and can be a real productivity boost — if you know how to set it up right.

This is how it works.

Finding Focus

Since iOS 15, Focus has appeared as an option in Control Center, or via Settings>Focus.

In iOS 16, due out this fall, it can recommend relevant Lock Screens for the Focus options you provide, such as a data-rich Lock Screen for work.

Apple has four suggested focus types:

  • Do Not Disturb
  • Sleep
  • Personal
  • Work

You can also create new Focus groups, including those for Driving, Fitness, Gaming, Mindfulness, Reading, and Custom.

Copyright © 2022 IDG Communications, Inc.

The Android clipboard enhancement you didn’t know you needed


Unless you’re an exceptionally quirky creature, your phone’s clipboard probably isn’t something you spend a ton of time contemplating.

And really, why would you? It’s just an invisible layer that works quietly in the background and supports a relatively mundane system function.

Keep a pinch of your contemplation energy available, though, ’cause my goodness: A teensy bit of attention to your phone’s clipboard now can enhance your Android-using experience in some pretty powerful ways. And you’ll enjoy those enhancements for months or maybe even years to come.

Fittingly enough, Google itself is turning its focus to the Android clipboard in the upcoming Android 13 release. As we discussed in my newsletter on Friday, Android 13 will introduce a slew of genuinely useful clipboard-centric enhancements, all revolving around a new clipboard pop-up that appears anytime you copy something on your phone.

But you don’t have to wait for Android 13 to get some significant new clipboard smarts on your favorite Android phone — and you don’t have to stop with the device-specific improvements Google’s about to give us, either.

Allow me to introduce you to your new Android clipboard BFF.

Copyright © 2022 IDG Communications, Inc.

How Apple is improving single sign-on


Among a slew of announcements at WWDC this year were some important changes to Apple’s support for single sign-on (SSO). Here’s what’s coming when new updates ship this fall.

SSO + BYOD = iOS 16, iPadOS 16

Apple first introduced SSO support at WWDC 2019 with Sign in with Apple, which also saw the introduction of extensions to enable this kind of authentication. It allowed a user to access a service or website using their Apple ID, and meant support for identity providers, the use of highly secure token-based signatures and the tools service providers required to implement these systems.

That was v.1, and Apple has continued to improve its offerings since then. All the same, the reality is that because apps and services must be equipped to accept SSO, it’s sometimes necessary to use third-party authentication services such as Okta and others, or simply manual sign in to access some sites.

Apple at WWDC 2022 updated SSO with two critical enhancements:

  • SSO support for user enrollment for iOS 16 and iPadOS 16.
  • Platform SSO support to macOS Ventura.

What’s new in SSO support for user enrollment

What’s changed is that when enrolling an iOS device, users can now download a mobile app from their identity provider (IdP) to enable use of SSO on that device. The system also requires a Managed Apple ID set up using Apple Business or School Manager and use of an MDM (Mobile Device Management) system of some kind, such as Apple Business Essentials, Jamf, or Kandji, to name but three.

Apple also made it possible to use Apple Configurator for iPhone to add Macs, iPads, and iPhones to Apple Business or School Manager starting this fall. The company has also made it much easier to enroll personal devices to MDM.

Copyright © 2022 IDG Communications, Inc.

How Apple plans to dent reality in the next 12 months


Apple updates hardware, software, and services every year and has never been too afraid to cannibalize an existing product range to make way for the new — the iPhone ate the iPod, after all. Now, we hear that Apple is preparing its late 2022/early 2023 product salvo, and, as expected, this may include AR glasses.

What’s the story?

Mark Gurman at Bloomberg condensed all the current Apple speculation in a recent post. In brief, upcoming arrivals include:

  • Macs, including M2 and M3 models, including an M2 Pro, Max, Ultra and Extreme configurations.
  • Four iPhone 14 devices – two with an A16 chip and always-on display.
  • iPad updates, including M2 iPad Pro models and an A14 entry-level model.
  • Three Apple Watch models, including an SE and a rugged version.
  • The mixed-reality headset, equipped with an Apple chip, likely a low-power, high performance M2 processor.
  • An Apple TV upgrade, with additional gaming capabilities and a better processor.
  • HomePod, which may include a display.
  • And an AirPods Pro upgrade, including heart monitor.

That’s the round-up, so what might it tell us?

New business opportunities loom

First, it tells us Apple is preparing to open a new business segment around AR glasses. CEO Tim Cook has been guiding us towards this for ages and we’ve written extensively about the company’s purported plans. But this fresh frontier is now about to emerge and will provide businesses with a chance to build customer and internal collaboration relationships, digitize business processes, and explore/pioneer new market opportunities.

We can anticipate companies already in the space will probably be preparing to pivot their own product design and development roadmaps to reflect Apple’s eventual design. Sony, Microsoft, Valve, HTC, and Meta will all be watching, and you can anticipate some spicy talk from at least some competitors through the vehicle of the Metaverse Standards Forum. Talk is cheap, but the overall effect will be to promote rapid growth across the existing AR/VR industry.

Content and services developers will directly benefit, predicts analyst Ming-Chi Kuo. I agree.

Apple silicon roadmap is coalescing

Second, it tells us that Apple is very, very focused on its own Apple silicon chips. We knew this already, of course, but any business considering implementing employee-choice schemes or introducing/extending support for iPads/Macs can now (if they didn’t already) see a clear road map for product development stretching out years ahead. Apple has proved its commitment to regular security and software updates while the market for enterprise supporting products and services continues to expand. There seems little beyond inertia to stop businesses from deploying additional Apple products. That’s possibly why Jamf CIO Linh Lam expects the company will be the number one (endpoint) vendor by 2030.

This is also why Apple will continue to evolve its offer to enterprise pros.

For end users? Fast, increasingly powerful computers with incredibly low power requirements, all of which include on-chip features (such as UWB (probably) and/or machine-learning capabilities) much of which haven’t really been stretched yet.

That built-in and unexploited upside within existing products, along with Apple’s commitment to continuous software upgrades, means the Mac or iPad you purchase today (or next year) will be a better machine the year after that.

One more thing: We don’t know, and we’ve not been told, but it appears Apple is betting on COVID-related production slowdowns ending. With this in mind a lot will depend on health data as we enter the fall.

Health, fitness – and eye care?

Third, it tells us about health. A second report today explains that the new AirPods Pro will use USB-C, have microphones built into the case for use as a hearing aid, motion sensors, built-in fitness tracking, temperature detection, and a heart rate sensor.

In other words, Apple is proliferating its health data collection systems across its personal products, further expanding its reach into augmented health.

When not evangelizing Apple’s AR products, Cook has frequently extolled his company’s work in health. While I don’t think we’ve seen Apple’s big idea in that sector yet, the addition of health sensors to AirPods gives us a firm direction of travel and, if nothing else, probably means digital health solutions developers should sign up for an Apple developer account.

Starting in iOS 16, Apple has told us to expect the capacity to save vision prescriptions to HealthKit. It says this is because such prescriptions are easy to use. But given the looming launch of AR glasses and that such data is now available to developers via ‘requestPerObjectRead’ authorization, it’s hard not to wonder if there’s something more to this. After all, 75% of US adults rely on prescription glasses. There’s not a huge amount of value in mixed reality if all you can see is the overlay.

The return of the Apple quadrant

Back when Steve Jobs returned to a near-dead Apple and cut the cruft, the company adopted a much-simplified product road map: Pro, Consumer, Mobile, Desktop. There were and still are shades within that, and new product families also now exist, but the company has remained focused around those divides.

Apple’s claimed decision to place A16 chips only in the Pro iPhone models while equipping the iPhone range with (albeit optimized and improved) A15 processors suggests the company’s returning to that strategy. Pro iPhones (and by inference, all Apple’s pro products) will gain additional features and capacities to set them apart more clearly from the consumer range. Apple has reached a point where it’s only truly credible competitor is itself. What’s a firm to do?

[Also read: We already know how Apple will prosper in uncertainty]

Consumer users needn’t feel too down about this, of course: Those high-end features get to be universal features eventually, usually over around two years.

The green slide

One thing that isn’t being discussed much is how Apple must continue work to mitigate the impact of hardware manufacturing as it seeks to meet its own zero carbon 2030 goals. Manufacturing is inherently wasteful of resources, raw materials, water, fuel, and more. The need to optimize manufacturing processes continues across every industry, and this means sustainability and recycling will be core to new hardware designs from the firm. Apple’s approach to “designing in” sustainable business practice across its own and partner businesses should help inform every enterprise as to what’s possible.

The green slides Apple produces during its looming product presentations should be looked at deeply for what they reveal around process innovation, use of recycled materials and more. There is, after all, a lot of otherwise squandered cash to be released within any company through application of more efficient, less wasteful manufacturing and distribution practice. To what extent can Apple’s decisions on this help guide your own as you seek to more effectively manage your business?

One more thing

Bloomberg also seems to predict the introduction of a multitouch screen atop a new model HomePod. If that’s the case, this could conceivably offer up more visual elements such as album art and an on-device music selection system, but it’s not too huge a stretch to imagine support for relevant home-focused apps and widgets. To what extent will Matter and Thread support enable smarter smart homes?

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2022 Softwaretoolapps, Inc.

Time for a mid-year browser security check


We’ve reached the mid-point of 2022 and when it comes to security, I feel like we’re not making much headway. I still see people report they’re getting scammed, ransomed, and attacked on a regular basis — and for many users the browser is becoming the most important part of whatever platform you use. So now is a good time to review your browsers, and any extensions you’ve installed to beef up security.

Note, I said browsers —plural. While enterprises might want to standardize on only one browser for better control, for small businesses and individual users, I recommend installing more than one. (I often use three different browsers.)

Why is this important? Because attackers (and trackers) go after browsers. In fact, it’s good to think of your browser a separate operating system, and act accordingly to protect it. Though I focus mainly on Windows issues, these guidelines and recommendations apply to Mac OS, Ubunto, Mint, and others.

Basically, every browser should be reviewed for additional protection against malicious sites and ads. On platforms such as macOS, you will need to focus on Chrome, Firefox, or WaterFox protections; if you’ve standardized on Safari, you will need to use Adguard.

Even now, I see malicious banner ads in rotation. If you don’t have endpoint protection or something similar, you can better protect yourself by deploying something like uBlock Origin, which blocks ads and unwanted content.

Be aware that uBlock and uBlock Origin are two different products, with the latter being a fork of the former. They’re separately maintained. I recommend uBlock Origin, which you can install and deploy as a standalone extension. Once it’s installed, you can then build whitelists of sites that you will allow and adjust other settings as needed. If you are new to ublock, you can leave the defaults alone, or review these posts for recommended settings. You can also click on the extension icon in your browser and select “Filter lists.”

Copyright © 2022 IDG Communications, Inc.

The surveillance-as-a-service industry needs to be brought to heel


Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there’s justification for keeping mobile platforms utterly locked down.

What has happened?

I don’t intend to focus too much on the news, but in brief it is as follows:

  • Google’s Threat Analysis Group has published information revealing the hack.
  • Italian surveillance firm RCS Labs created the attack.
  • The attack has been used in Italy and Kazakhstan, and possibly elsewhere.
  • Some generations of the attack are wielded with help from ISPs.
  • On iOS, attackers abused Apple’s enterprise certification tools that enable in-house app deployment.
  • Around nine different attacks were used.

The attack works like this: The target is sent a unique link that aims to trick them into downloading and installing a malicious app. In some cases, the spooks worked with an ISP to disable data connectivity to trick targets into downloading the app to recover that connection.

The zero-day exploits used in these attacks have been fixed by Apple. It had previously warned that bad actors have been abusing its systems that let businesses distribute apps in-house. The revelations tie in with recent news from Lookout Labs of enterprise-grade Android spyware called Hermit.

What’s at risk?

The problem here is that surveillance technologies such as these have been commercialized. It means capabilities that historically have only been available to governments are also being used by private contractors. And that represents a risk, as highly confidential tools may be revealed, exploited, reverse-engineered and abused.

As Google said: “Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits. This makes the Internet less safe and threatens the trust on which users depend.”

Copyright © 2022 IDG Communications, Inc.

Apple says it’s time your business ran BIMI


Apple will add another obstacle against successful phishing attacks in iOS 16, iPadOS 16, and macOS Ventura, which will show a company’s official logo to help recipients recognize genuine from fake emails.

Brand Indicators for Message Identification

Apple’s forthcoming operating systems will support Brand Indicators for Message Identification (BIMI). This is a specification to enable the use of brand-controlled logos within emails and will be a way to tell recipients that an email genuinely comes from the company concerned. Google has supported BIMI since 2021.

BIMI requires that companies authenticate their email using DMARC. Described by the IETF in more detail in a March 2015 document, DMARC helps mail administrators prevent hackers and other attackers from spoofing their organization and domain. 

The feature won’t provide complete peace of mind.

  • Not every company will be certified (though if you wish to begin using the system at your company, the BIMI website is a good place to start).
  • Many smaller companies probably will never get certified, and it’s possible the system itself may be abused over time — those who construct these attacks are ever inventive.
  • The feature also requires support from the email client, which won’t appear until Apple ships the next iterations of its operating systems.

What BIMI provides

But what BIMI does provide is a visual way to assess trust when receiving a message, helping protect us against phishing and ransomware exploits by making it far more challenging for criminals to impersonate brand names in emails.

That’s important in the pluralistic sense — we’ve all experienced attempts at malware infection buried in emails that purport to come from big brands.

Copyright © 2022 IDG Communications, Inc.

14 ways Google Lens can save you time on Android


Psst: Come close. Your Android phone has a little-known superpower — a futuristic system for bridging the physical world around you and the digital universe on your device. It’s one of Google’s best-kept secrets. And it can save you tons of time and effort.

It’s a little somethin’ called Google Lens, and it’s been lurking around on Android and quietly getting more and more capable for years. Google doesn’t make a big deal about it, weirdly enough, and you really have to go out of your way to even realize it exists. But once you uncover it, well, you’ll feel like you have a magic wand in your pocket.

At its core, Google Lens is best described as a search engine for the real world. It uses artificial intelligence to identify text and objects both within images and in a live view from your phone’s camera, and it then lets you learn about and interact with those elements in all sorts of interesting ways. But while Lens’s ability to, say, identify a flower, look up a book, or give you info about a landmark is certainly impressive, it’s the system’s more mundane-seeming productivity powers that are far more likely to find a place in your day-to-day life.

So grab your nearest Android gadget, go install the Google Lens app, if you haven’t already, and get ready to teach your phone some spectacularly useful new tricks.

Google Lens trick No. 1: Copy text from the real world

Google Lens’s most potent power and the one I rely on most frequently is its ability to grab text from a physical document — a paper, a book, a whiteboard, a suspiciously wordy tattoo on your rumpus, or anything else with writing on it — and then copy that text onto your phone’s clipboard. From there, you can easily paste the text into a Google Doc, a note, an email, a Slack chat, or anywhere else imaginable.

To do that, just open up the Google Lens app and tap the “Search with your camera” area at the top of the screen. Point your camera at any text around you, then tap your finger onto any area of the viewfinder — and you’ll be able to select the exact portion of text you want as if it were regular ol’ digital text on a website.

Copyright © 2022 IDG Communications, Inc.

Hexnode’s CEO on Apple in the enterprise and the transformation of the workplace


Apple’s rapidly growing enterprise market share is generating an expansion in the support services ecosystem for the products. One company to recently enter the Apple device management space is Hexnode. I spent a little time with company founder and CEO Apu Pavithran to see this part of the world through his eyes.

What will the workplace of the future look like? 

As we work through the pandemic, we hear a lot about the new workplace. But no one yet knows what this will be. We know expectations have changed and employees have proved that remote work can be productive, though many managers are having problems making this transition.

How does Pavithran see the future of work?

Looking at it through the lens of device management, he points to the need for cloud-native device management systems. “We can safely say that almost every application will migrate to an entirely cloud-based or hybrid solution in the next few years,” he says.

This move away from on-premises systems to cloud-backed intelligence is likely to show up as increased spending on SAAS, which is certainly what Gartner, IDC, and others expect.

This is also going to generate challenges in terms of handling multi-cloud deployments, applying customer-led pressure on vendors to build solutions that play nice with others,” says Pavithran. “On top of easing the burden of IT administrators, application integration offers many other benefits. Organizations may establish integrations that update their infrastructures and enable agile business operations by combining and streamlining data and workflows between disparate software applications.

“New cybersecurity ideas like SASE result from the growing convergence between existing solutions.”

Hexnode’s boss also sees the new workplace as an intelligent workplace. “From medical to automotive to cybersecurity and E-commerce, AI has strongly impacted almost every industry,” he said, predicting this will continue and accelerate.

Apple is growing in the enterprise

Pavithran definitely sees growth in Apple and Mac market share. Windows was the de facto enterprise OS 10 years ago. Today, the resurgence of Apple means millions of Macs, iPhones, and iPads are in use across every industry. The feedback is that TCO spending falls, productivity increases, and employee loyalty grows when offering such choice.

“Apple played an essential role in turning the MDM industry into what it is today,” says Pavithran. “The device management APIs Apple introduced with iOS 4 in 2010 introduced many new capabilities…. For example, through Apple Device Manager or Apple School Manager, MDMs can onboard any organization-owned Apple device to their fleet. Even the new user enrollment capability was launched so that MDMs can better manage the devices in their arsenal.

“The capabilities Apple has released in supporting device management functionalities have allowed vendors like us to securely manage both personal and corporate-owned Apple devices. Hexnode has seen considerable growth in Apple in the enterprise.”

[Also read: How Apple improved enterprise deployments at WWDC]

The digital transformation of the workplace

Alongside the move to adopt different platforms and practices, the way work works is also changing.

Accelerated by the pandemic, this digital transformation means new challenges and opportunities to keep business leaders up at night.

“It is true that digitalizing the different processes, procedures, and operations of work will see significant benefits in the form of increased productivity, faster provisioning, reduced costs and so on. Unfortunately, the advent of new technologies and solutions requires changes in the traditional methods of operation. Employees, IT administrators, and managers will have to re-learn new techniques to keep up with it. Fortunately, improvisation is one of the greatest boons of our kin, and as new challenges emerge, so do new solutions.”

These include MDM APIs Apple provides, including its relatively recent user enrollment capability to help endpoint management solutions like unified endpoint management (UEM) or mobile device management (MDM) protect user privacy by separating personal and corporate data. 

“I don’t see hybrid work coming to an end any time soon. However, successfully maintaining a remote environment poses many difficulties in both device management and data security,” he says.

That’s why the MDM market is evolving so fast.

“UEMs are even a part of next-generation architecture like zero trust. One of the tenets of zero trust is that you don’t trust either the user or the device. In essence, people must verify that they are who they claim to be, and devices must verify that they are what they claim to be. UEMs are one class of solutions that allow admins this visibility into their remote devices while providing additional security.”

How MDM works with Apple devices

Apple uses Managed Apple IDs to authenticate user enrollment. Controlled and created by enterprise admins in Apple School Manager or Apple Business Manager, Managed Apple IDs are different from regular Apple IDs. They usually handle things like your email, may manage data storage and app provisioning, and will likely feed into endpoint security systems. It is now possible to host both a personal and a managed Apple ID on one device, using containerization.

Containerization means a person’s personal data existence is kept separate — you even get access to your personal iCloud storage — striking a balance between security and privacy for both company and employee.

UEM/MDM systems provide administrators with intricate visibility and management of every device, but this can affect user privacy if containerization is not in play.

The difference between Apple user enrollment and Android

On the outside, both Apple’s user enrollment and Android’s work profile aim to secure corporate resources while respecting employee privacy, says Pavithran.

“Implementation is similar, as both systems create separate virtual containers for work apps and data,” he explains.

However, on Android, the virtual container is visible in the user interface as a separate folder or a section of the app drawer, which means various versions of the same application may be operated with different accounts.

“Unfortunately, since Android only sets a framework for this feature, the scope and capabilities of Android’s work profile changes according to the device manufacturer.”

It works a little differently on Apple, he said, describing it as a “stealthier” approach.

The separate (enterprise) space exists in the backend and is not as visible.

That means that rather than creating parallel applications for personal use and work, “The same application can create a personal profile with a regular Apple ID and a work profile with a Managed Apple ID.”

Pavithran seems reasonably confident Apple will continue to extend the enterprise support it builds into its system. “As Apple makes its APIs more available to third-party vendors, the resulting synergy will surely help secure the enterprise workings of the future,” he said.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2022 Softwaretoolapps, Inc.

How Apple is updating mobile device management


As expected, Apple at WWDC announced a series of significant changes to how Macs, iPads, iPhones, and Apple TVs are managed in business and education environments. These changes largely break into two groups: those that affect overall device management and those that apply to declarative management (a new type of device management Apple introduced last year in iOS 15).

It’s important to look at each group separately to best understand the changes.

How did Apple change overall device management?

Apple Configurator

Apple Configurator for iPhone got a significant expansion. It’s long been a manual method of enrolling iPhones and iPads in management rather than using automated or self-enrollment tools. The tool originally shipped as a Mac app that could configure devices, but it had one major downside: devices had to be connected via USB to the Mac running the app. This had obvious implications in terms of the time and manpower in anything other than a small environment.

Last year, Apple introduced a version of Configurator for iPhone that reversed the workflow of the original, meaning an iPhone version of the app could be used wirelessly to enroll Macs into management. It was primary used to enroll Macs that had been purchased outside of Apple’s enterprise/education channel into Apple Business Manager (Apple products purchased through the channel can be auto-enrolled with zero-touch configuration).

The iPhone incarnation is incredibly simple. During the setup process, you point an iPhone camera at an animation on the Mac’s screen (much like pairing an Apple Watch) and that triggers the enrollment process.

The big change this year is that Apple expanded the use of Apple Configurator for iPhone to support iPad and iPhone enrollment using the same process — removing the requirement that devices be attached to a Mac. This greatly reduces the time and effort needed to enroll these devices. There’s one caveat: devices that require cellular activation or have been activation locked will need that activation to be completed manually before Configurator can be used.

Copyright © 2022 IDG Communications, Inc.

12 handy hidden tricks for Google Calendar on Android


Google Calendar is a core part of the Android productivity package — but if all you’re using is what you see on the app’s surface, you’re missing out on some pretty powerful possibilities.

Yes, oh yes: Just like so many of our modern digital tools, there’s more to Google Calendar than meets the eye. And while the majority of the service’s advanced options revolve around the Calendar website, the Calendar Android app has its share of handy out-of-sight options that are specific to the mobile experience. From time-saving shortcuts to efficiency-boosting options, they’re all things that have the potential to make your life easier in small but significant ways.

Find time in your agenda to check out these 12 hidden Google Calendar features on Android. Trust me: You’ll be glad you did.

1. The event creation quick-peek

Tell me if you can relate to this: You head into the Calendar app on your phone to create a new event. You open the screen to add the event in — then you suddenly find yourself facing a foggy mental blank.

What else did you have going on that day? Did you need to schedule the event for 2:00 p.m., or would 3:00 be better? When was that podiatrist appointment, again?

I’ve certainly been there (well, not to the podiatrist, specifically, but in the general event brain fog situation). And the Android Calendar app doesn’t do much to help offer any broader calendar context while you’re in the midst of adding in a new event.

Copyright © 2022 IDG Communications, Inc.

Apple offers devs two useful enterprise security tools


Two sessions I attended at last week’s Worldwide Developer Conference (WWDC) — the Managed Device Attestation and Secure Endpoint sessions — highlight the company’s commitment to delivering increased capabilities for security tools. While both were naturally oriented more to developers of device management and security solutions than to end users or IT admins, some of the additional capabilities developers will be able to build into enterprise tools are noteworthy.

Managed Device Attestation

Let’s start with Managed Device Attestation, a new capability that helps ensure servers and services (on-premise or in the cloud) only respond to legitimate requests for access to resources.

The use of cloud services and the deployment of mobile devices both grew in tandem (and exponentially) during the past 10 years, which changed the enterprise security ballpark significantly. A decade or so ago, having strong security at the network perimeter coupled with VPN and similar secure remote access tools was the primary way of securing a network — and all enterprise information.

Security today, though, is much more complex. Many resources live outside the corporate network entirely, and that means trust evaluation has to occur across a broad range of local, remote, and cloud services. This typically encompasses multiple providers and each needs to be able to establish that the users and devices connecting to them are legitimate; that goes well beyond simple authentication and authorization.

Today, services rely on user identity, device identity, location, connectivity, date and time, and device management state to determine whether requests for access are valid. Services can use any or all of these criteria, and most — including MDM solutions — can use these criteria when granting or denying access.

Depending on the sensitivity of the data, simple user authentication may be enough for a given security posture or it may be prudent to rely on all of these criteria before granting access, particularly for sensitive or administrative systems.

Copyright © 2022 IDG Communications, Inc.

How Apple improved enterprise deployments at WWDC


Apple remains focused on the needs of enterprise IT. With this in mind, it made several interesting changes at WWDC 2022. Here’s a rundown of the improvements Apple announced we’ve identified so far.

Apple announced a raft of developer technologies

Apple ushered in a range of enterprise-focused improvements during the developer sessions held at the event.

Declarative Device Management

Introduced in 2021, declarative device management works to make devices more autonomous and proactive, while allowing servers to be lightweight and reactive. It is now also available for Macs.

Managed device attestation

A new security feature that uses the Secure Enclave to provide strong assurances about a client device, such as its identity and software version.

Apple Configurator

Apple Configurator for iPhone was introduced in 2021. It lets admins add Macs purchased outside of the normal channel to their organization using Apple School Manager (ASM) or Apple Business Manager (ABM). When running Setup Assistant on the Mac, admins just need to hold an iPhone running Configurator over the animation. The Mac will then connect to the internet and add itself to your organization. At WWDC 2022, Apple extended Configurator for iPhone so that it can now also add iPhones and iPads.

Google Workspace

In keeping with the move toward password-less access, Apple wants to build systems tough enough that users only need to sign in once and then for that identity to be held across everything else. With that goal in mind, the company confirmed that for Federated Authentication, Apple Business Manager now integrates with Google Workspace as an Identity Provider.

Sign in with Apple

The company said this feature can now be be used at work and school with Managed Apple IDs. There are additional security features baked in, so admins can allow all apps or selected apps to use the sign in tool.

OAuth2 support

This is quite an important change. Apple used a token-based authorization system in iOS/iPad OS 15 to allow MDM servers to verify user identity. This changes in iOS/iPad OS 16 with the addition of support for OAuth 2 as another authorization mechanism. This means MDM servers will be able to support additional identity provision systems providers also improves security, and adds another new feature that is described below.

Enrollment Single Sign-on, or Enrollment SSO

This is a faster system that enables employees to enroll their personal devices into your organization’s MDM system. The system requires users to enter their email address to download an enrollment single-sign-on app. The user then signs in once and the app handles the rest of the process. The system does require IT and MDM vendors to take certain steps before it is supported, including MDM server configuration to ensure the correct JSON document is shared.

Platform Single Sign-On (Platform SSO)

macOS Ventura gains this new feature, which lets users sign in once on login to automatically sign into apps and websites. The feature, which uses a range of technologies — including third-party SSO extensions, its own Kerberos extension, FileVault, OAuth, OpenID and so on — means you may never need to remember another website password, or go through the process of entering it, again, at no compromise to your security.

Automated device enrollment

Apple made an important change to automated device enrollment, one that I imagine will make it much harder to setup a lost or stolen managed device for sale. The company says ASM/ABM-registered Macs must have an internet connection to be setup once erased or restored.

Accessory protection

To protect against close-access attacks, a new MDM setting lets administrators require a user password before using new Thunderbolt or USB accessories with M-series Apple notebooks. 

Web content filtering

Admins will be able to apply Web content filters and DNS proxies on managed iPhones and iPads running iOS 16 and iPadOS 16.

Making it easier to swap eSIMs

You will be able to transfer eSims between iPhones using Bluetooth. To do so, just move your older iPhone close to your new one and follow the Set Up Cellular command dialog. Apple also put protections in place to ensure users don’t accidentally delete their existing eSIM, as doing so requires a new one be provisioned.

Shared iPad improvement

This slight improvement may make a big difference. A new command lets admins autosuggest the domain name of your company when a user begins to enter a Managed Apple ID. This is going to save a lot of time for shared iPads, particularly when handling complex URLs, as it means spelling becomes less of a problem.

Accessibility in iOS and iPadOS 16

Apple has added tools to let MDM systems manage popular accessibility settings including Text Size, VoiceOver, Zoom, Touch Accommodations, Bold Text, Reduce Motion, Increase Contrast, and Reduce Transparency. Users can modify these settings, but it does means devices can be made more accessible from the start.

Apple also made some keynote announcements

Apple also made several announcements that should benefit enterprise and business users during its WWDC keynote:

Continuity Camera

This lets you use your iPhone as a webcam and adds a Desktop view to let you share video from above your keyboard.

Mail and messages improvements

The welcome (and long-awaited) introduction of improvements to Mail search will help everyone. Scheduled emails, the capacity to delete sent emails and the ability to set reminders to return to unactioned emails will all make a big difference to workflow. This is Apple playing catch-up, as features like these have been available to other email platforms using tools such as Boomerang.

Metal 3

Some interesting enhancements within Metal 3 include the capacity to create more photo realistic environments and to take further advantage of graphics memory to drive applications.

Spotlight search

This means you can get valuable web results at a platform level. This doesn’t completely replace traditional search engines, but it’s a desideratum of what’s to come.

Live text

The ability to pull text (in actionable format) out of images and video will make a huge difference to users and opens interesting possibilities for developers, particularly at businesses working with international audiences.

Rapid Security Response

Rapid Security Response will make a solid difference to hybrid and remote enterprises as it means Apple can directly install security updates into Macs, iPhones, and iPads. This should help accelerate installation of software updates across businesses that until now relied on employee discretion around updating. It also means MDM systems don’t need to wait on full updates.


These are important, as they usher in a completely passcode-free future. The move should vastly reduce business and personal vulnerability to phishing.

Have you come across additional enterprise enhancements announced at WWDC? Please drop me a line and let me know.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Copyright © 2022 Softwaretoolapps, Inc.

Jamf CIO: Apple will be the No. 1 enterprise endpoint by 2030


I spoke with Jamf CIO Linh Lam on a recent UK visit to mark the company’s 20th anniversary. The 2020 Bay Area CIO of the Year Finalist joined Jamf in 2021 – and thinks Apple will be the top enterprise endpoint by 2030 as its current momentum accelerates.

The changing landscape of enterprise IT

“The way the demand is growing and the expectations of younger generations joining the workforce, Apple devices will be the number one endpoint by 2030,” she told me.

That’s not an outlier analysis. Spurred by Apple’s move to adopt its own rapidly improving silicon, Gartner analyst Mikako Kitagawa recently predicted Apple will seize 10.7% of the PC market in 2026 as Windows share slips. In the enterprise, where Apple adoption has been particularly rapid, BYOD, the impact of mobility, and the renaissance of flexible and hybrid working are accelerating the trend.

Managing this fast-changing technology and cultural landscape has forced CIOs to focus on fresh challenges. For example, when during the pandemic employees brought work home with them, they brought their technology home, too.

“It blended with their home technology,” said Lam. But it wasn’t just the worker’s tech, or their domestic tech. “I have two children at home doing third and first grade for nearly two years together and they bought their own tech home as well,” Lam said.

While providing the tech was the first challenge, CIOs soon saw the security threat implicit in distributed endpoints outside of traditional permiter controls. “So, as all of these devices are connecting into our network, how do we make sure that they are not introducing more risks?” Lim said.

Copyright © 2022 IDG Communications, Inc.

Hospitals, health care sector reel from COVID-19 damage

The global coronavirus pandemic has created a huge need for health care in the U.S., but it also is delivering a devastating financial blow to that sector. COVID-19 worries have kept patients away from doctors' offices and forced the postponement and cancell…