Friday Notebook, May 3: Apple MDM in the news; Mosyle Auth; SmartDeploy

Also: Dell, VMware, and Microsoft partnership; Blue Cedar; Citrix Cloud; Workspace ONE AirLift; Citrix offers Equifax due to PII data in breach.

This is our weekly log of desktop virtualization, enterprise mobility, and end user computing news.

Our blog posts

Jack: Dell Technologies World: Dell, VMware, and Microsoft announce Azure VMware Solutions, and much more. Also: VMware Cloud on Dell EMC; Dell elevates EUC; Workspace ONE plans to support Windows Virtual Desktop; and Microsoft and VMware will work together to support SCCM and Workspace ONE co-existence.

Jack: Blue Cedar launches BlackBerry Accelerator for automatic MAM SDK integration. Mobile app management SDKs and app wrapping are a large total addressable market in the enterprise. The BlackBerry Accelerator joins other tech for automatic SDK integration.

Jo Harder: The trouble with troubleshooting in Citrix Cloud. While much has been written about deploying Citrix Cloud, Jo Harder delves into how troubleshooting differs between on-prem and cloud deployments.

Jon Towles: Can VMware ‘AirLift’ me into modern management? Jon Towles gives an overview of VMware AirLift and how it works with Workspace ONE and Microsoft SCCM.

Industry news

Mosyle has announced Mosyle Auth and Single Sign-On, which cover several identity management tasks. One interesting component is Mosyle Auth for Mac Login Screen Window, which can set up Mac user accounts, and federate them with cloud and on-premises identity providers. We haven’t looked at the underlying plumbing yet, but on first glance, this does appear to be similar to Jamf Connect (formerly NoMAD). These tools fill a very important need in the Mac management wold, so I’m glad to see another option out there.

SmartDeploy announced something called “Hybrid VDI Using Box and Dropbox Deployment.” Last week, I had a call with founder and CEO Aaron Suzuki, and SmartDeploy is definitely something that’s interesting and that we should dig deeper in. Basically, the idea is to bring layering concepts pioneered in the VDI space over to physical laptops, so if you were a fan of products like Mirage, you should check this out. SmartDeploy’s initial products focused on image and driver deployments, and they’re at 3,000 customers already. With this announcement, they’re bringing their capabilities up to the app and user data layers. They’re also announcing the ability to distribute everything through Box, Dropbox, OneDrive, and Google drive.

Citrix’s data breach may have contained personal information of employees, so they’re offering those affect a free year of credit monitoring from Equifax. (Via The Register, which links to documents submitted to the California DOJ.) Also in the letter, Citrix said they believe the attackers were only in the their network for five months, from October 13, 2018 to March 8, 2019, not years, as alleged by Resecurity.

Here’s what’s new for Citrix Workspace in April.

More notes and reads

Ojas Rege is shifting to an advisory role at MobileIron. I don’t think there’s anybody else that’s been so consistently and visibly tied to the development of the EMM industry—I mean, when you think EMM, one of the first people you think of is Ojas. He’s always been generous about sharing knowledge (in fact, he was one of the reviewers of my EMM book back in 2019), and he’s truly been a thought leader.

Steven Sinofsky on the history of Clippy.

Apple MDM in the news

Apple MDM is in the news. First, the New York Times ran a story about parental control apps that were booted from the store unceremoniously.

But Apple pointed out that these apps were using MDM, and MDM for personal usage is just a road they don’t want to go down—there’s too much potential for bad things to happen.

MDM for personal usage could also mean spying on adult family members and others, as pointed out by Benedict Evans. So, evidently Apple has decided that MDM for personal use shouldn’t exist. I can certainly understand that decision.

Now, there’s always going to be some back and forth about how nicely Apple communicated the changes, and there’s always going to be some discomfort with the closed app store model. I definitely agree that there are plenty of times where Apple could be more open.

However, there are a few more things to look at.

One of the affected vendors, OurPact, posted a rebuttal to Apple, in which they cite what appear to be conflicting statements about MDM. I think their statement has some problems.

First, there are really two versions of iOS MDM: There’s conventional MDM, which has limited rights and that users can always remove; and then there’s MDM in supervised mode, which really is more powerful and sticky, and thus more of a privacy concern. Then, on top of that, some of the capabilities management products often use actually come from an agent app, not via the MDM protocol.

Second, like any technology, MDM can be abused in the wrong hands. There have been concerns about hackers using social engineering to get users to install configuration profiles or enroll devices in MDM, which could then be used for malicious purposes. That’s why there are more manual steps in MDM enrollment since iOS 12.2.

Third, OurPact also makes some false equivalencies between school-operated MDM on devices used by students, and MDM for parental control. These are just completely different situations.

So, of course, statements made by Apple or others could appear to conflict if they’re all lumped together without any context based in the technical capabilities. MDM is not exactly a household topic.

If you’ve been reading the blog for a while, you know that I believe Apple’s approach to BYOD and MDM could stand some improvement.

Usually there’s a method to Apple’s madness, even if sometimes it’s not apparent, sometimes it makes life difficult for developers, and conflicts occasionally boil over into the news.

Apple’s Worldwide Developer Conference is just a month away. These days, they livestream all of the sessions to the general public, with no need for a developer account. We’ll be following along to see what happens.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.