Operating System
|
EESA
|
EESA Device Owner
|
MDM iOS
|
MDM iOS ABM
|
Android 5.x+
|
✔
|
|
|
|
Android 6.x+
|
✔
|
|
|
|
Android 7.x+
|
✔
|
✔
|
|
|
Android 8.x+
|
✔
|
✔
|
|
|
Android 9.0
|
✔
|
✔
|
|
|
Android 10.0
|
✔
|
✔
|
|
|
Android 11
|
✔
|
✔
|
|
|
Android 12
|
✔
|
✔
|
|
|
Android 13
|
✔
|
✔
|
|
|
|
|
|
|
|
iOS 9.x+
|
|
|
✔
|
✔*
|
iOS 10.x+
|
|
|
✔
|
✔*
|
iOS 11.x+
|
|
|
✔
|
✔*
|
iOS 12.0.x
|
|
|
✔
|
✔*
|
iOS 13.x+
|
|
|
✔
|
✔
|
iOS 14.x+
|
|
|
✔
|
✔
|
iOS 15
|
|
|
✔
|
✔
|
iOS 16
|
|
|
✔
|
✔
|
|
|
|
|
|
iPadOS 13.x+
|
|
|
✔
|
✔
|
iPadOS 14.x+
|
|
|
✔
|
✔
|
iPadOS 15
|
|
|
✔
|
✔
|
* iOS DEP is only available in selected countries.
|
|
We recommend that you update the OS of your mobile device to the latest version to keep receiving important security patches.
|
Requirements for iOS 10.3 and later:
Since the release of iOS 10.3, a CA that is installed as part of the enrollment profile might not be trusted automatically. To resolve this issue, follow the steps below:
a)Use a certificate issued by certificate issuer trusted by Apple.
b)Install certificate trust manually before enrollment. This means that you will need to install the root CA manually on the mobile device before enrollment and enable full trust for the installed certificate. |
Requirements for iOS 12:
Please review the requirements for iOS 10.3 and later.
•The connection must use TLS 1.2 or greater.
•The connection must use AES-128 or AES-256 symmetric cipher. The negotiated TLS connection cipher suite must support perfect forward secrecy (PFS) through Elliptic Curved Diffie-Hellman Ephemeral (ECDHE) key e✔change, and must be one of the following:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
•Be signed with RSA key with a length of at least 2048 bits. The certificate's hashing algorithm must be SHA-2 with a digest length, (sometimes called a "fingerprint") of at least 256 (that is, SHA-256 or greater). You can generate a certificate with these requirements in ESET PROTECT with Advanced Security turned on.
•Certificates must contain the entire certificate chain including the root CA. The Root CA included in the certificate is used to establish trust with devices and is installed as part of the MDM enrollment profile. |
Requirements for iOS 13:
•Management of iOS 13 mobile devices require to meet new Apple communication certificate (MDM HTTPS) requirements. Certificates issued before July 1, 2019, must meet those criteria too.
•HTTPS certificate signed by ESMC CA does not meet these requirements.
|
|
It is highly recommended not to upgrade your mobile devices to iOS 13 before you meet the Apple communication certificate requirements. Such action will lead to your devices stop connecting to ESET PROTECT MDM.
|
•If you've already upgraded without the proper certificate and your devices stopped connecting to ESET PROTECT MDM, you need to first, change your current HTTPS certificate used for communication with iOS devices to the certificate that meets the Apple communication certificate (MDM HTTPS) requirements and after that, re-enroll your iOS devices.
•If you've not upgraded to iOS 13, ensure that your current MDM HTTPS certificate used for communication with iOS devices meets the Apple communication certificate (MDM HTTPS) requirements. If yes, you can continue to upgrade your iOS devices to iOS 13. If it does not meet the requirements, change the current MDM HTTPS certificate to the HTTPS certificate that meets the Apple communication certificate (MDM HTTPS) requirements and then proceeds to upgrade your iOS devices to iOS 13. |