Update: November 13, 2017 – Added in macOS Company Portal information. Note, if you’ve already tested and everything works with the iOS Company Portal app in TestFlight (currently version 2.9.1), the macOS Company Portal will also work once this change takes place.
Update: November 1, 2017 – Still no updated timeline from Apple on when this change will be enforced. We recently uploaded a new version (2.9.1) of the iOS Company Portal app into TestFlight, because the previous version (2.7.1) hit the 90-day expiration set by Apple.
Update: August 15, 2017 – Still no updated timeline from Apple on when this change will be enforced. If you validated that the ATS-enforcing Company Portal app in TestFlight works in your environment and tested with Apple’s nscurl tool, then no action is needed until Apple makes this change.
We recently uploaded a new version (2.7.1) of the iOS Company Portal app into TestFlight, because the previous version (2.5.1) hit the 90 day expiration set by Apple.
Update: May 10, 2017 - We added a few additional links for more information.
Update: May 3, 2017 – We heard from several of you that you’d like us to wait to release the new version of the Company Portal app until Apple releases their Application Transport Security (ATS) change. Apple has not yet provided a date for the change, but when Apple enforces it, the iOS and macOS Company Portals will have to release app updates to enforce it as well. We are making an updated version of the iOS Company Portal with the change available through the Apple TestFlight program. If you would like to test a version of the iOS Company Portal that enforces the new ATS requirements, so you can test your compliance, email CompanyPortalBeta@microsoft.com with your first name, last name, email address, and company name.
Apple has announced that they will enforce specific requirements for Application Transport Security (ATS). ATS is used to enforce stricter security on all app communications over HTTPS.
This has an impact on Intune customers using the iOS Company Portal app and the macOS Company Portal app.
To ensure you comply with these new requirements, make sure that all your network connections configured for use within the iOS Company Portal app and the macOS Company Portal app meet Apple’s new requirements. Some places to check include ADFS configuration, proxy server configuration, and any custom links set in the Admin Console like the support website URL.
You can learn more from the resources below:
- Apple has documented the planned change here: Supporting App Transport Security
- Apple provides information about how Safari and WebKit do not support SHA-1 certificates for iOS 10.3+
- Apple has documentation on NSAppTransportSecurity
- Apple’s nscurl tool can be used for evaluating compliance with the new ATS requirements
- Microsoft Identity has guidance on how to ensure AD FS and WAP support ATS