Important information about ZENworks & iOS 13

Important information about ZENworks & iOS 13

As most of you know, iOS 13 is about to be released in some time. During our testing of beta version of iOS 13, we have seen a change in behavior which I want to share with you. 
 
In iOS 13 Apple has placed some additional restrictions on certificates which are used for establishing secure communication. These restrictions are documented here
 
Impact on managing iOS devices with ZENworks 
 
For ZENworks, the impact of this change means that if the server certificate of MDM server doesn't meets this criterion, the communication between server and iOS device would break and would result in following
 
  1. Already enrolled devices - As and when iOS devices upgrade to iOS 13, they would stop trusting the server and thus would stop communicating with server. The policies and applications would still be there on device, but it won't be possible to manage or communicate with device.
  2. New device enrollments -  Any iOS device running iOS 13 would fail to enroll.

How to find out if you are impacted -

  • Navigate to ZCC of MDM server and retrieve the certificate presented (from the browser navigation bar). You can inspect the certificate details and make sure it meets the criterion.
What to do if you are impacted -
 
If you are impacted, then only way to fix the issue would require re-minting of certificate of the MDM server.
In case, you are using an externally issued certificate (not by inbuilt ZENworks CA), you would need to get a new certificate issued which meets the guidelines and deploy it.
 
However, in case you are using Internal ZENworks certificate for the MDM server, our current re-minting workflow won't generate the certificate meeting the required criterion. To fix re-minting workflow, we are currently working on a fix. We expect this fix to be available soon (before release of iOS 13). We are planning to make this fix available as an FTF for latest version of ZENworks - ZENworks 17.4.
If you are running an older version, are impacted and are unable to move to 17.4, please send across an email to zen@microfocus.com . 
 
In the meantime if you are impacted, you can take some steps to lessen the impact. A setting called 'OS Update' is available for iOS in Mobile Device Control Policy. Using this setting, it is possible to delay the visibility of OS update on devices by upto 90 days. However, this setting is only applicable for Supervised devices. 
 
Once we have the fix ready, I'll update this post with relevant details.

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
2 of 2
Last update:
‎2019-09-05 11:28
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.