Apple just got serious about the enterprise: Azure Active Directory integration and super secret APFS volumes

Richard Speed for The Register:

Amid the hoo-ha surrounding Apple’s WWDC announcements were some nuggets aimed at encouraging enterprises to get snuggly with the fruity firm’s devices.

What will get admins into a tizzy is the arrival of Microsoft Azure Active Directory integration in the (northern hemisphere) autumn, meaning Apple IDs will be dynamically created when needed, thanks to the joy of federated authentication… Federated authentication with Microsoft Azure Active Directory arrived in Apple School Manager a few months ago. Now Cupertino is turning its gaze to the enterprise realm.

With an eye on the Bring Your Own Device (BYOD) sector, Apple is bringing data separation to iOS in the form of User Enrollment… The key thing here is that the Managed Apple ID co-exists with the user’s own personal Apple ID – the two don’t interact, and the user can get to personal and work data without worrying that their own data might get wiped.

Under the hood, an entirely separate APFS volume is created for managed accounts, apps and data on the iThing, cryptographically separated from the user’s own business.

Per-app VPN functionality keeps user and enterprise data split while connected to other networks. And, of course, un-enrolling the device from MDM will destroy that extra volume.

MacDailyNews Take: Smart businesses keep their employees happy and their data secure by deploying Apple devices and solutions.

If your company hands out Android phones and is shackled to Windows, it’s time to find a better company. Certainly in the U.S., you’re in the catbird seat, as it’s a worker’s market!

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]


    1. Interesting, sure.

      But it’s also straightforward today to just have separate hardware and Apple accounts. Best way to firewall them is to never put them together in the first place.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.