What are the APNs changes?
APNs are push notifications platform by Apple that allows third-party application developers to send notifications to applications that are installed on Apple devices. So, these push notifications are key to sending MDM commands to a device. Initially, Apple released the first set of APNs in the year 2009, also known as binary APIs. Though these APNs were quite complex to the modern-day APIs, they were crucial for the speed of delivery. Six years later, in 2015, Apple released the second set of APIs, HTTP/2 API which is obviously more standard than the older APIs. Still, Apple continued to support and maintain the legacy binary APIs. But finally, in November 2019, Apple decided to stop the support for these legacy binary APIs.
Furthermore, in an announcement on October 9, 2020, Apple extended the deadline to update the (APNS) protocol from November 2020 to March 31, 2021. But what does it actually mean? It means this legacy binary protocol-based APNS from 2009 are deprecated and Apple will soon discontinue their support starting April 1, 2021. Instead, going forward, it will only support the modern, standard HTTP/2 APIs it released in 2015.
How Will This Affect SureMDM Customers?
Starting April 1, 2021, all customers using on-premise configurations of SureMDM must migrate to the HTTP/2 based APNS mechanism in order to continue using SureMDM to manage Apple devices.
These Apple devices include iOS, iPadOS, macOS, and WatchOS devices.
What is the Recommended Course of Action for Customers?
42Gears has already issued the latest updates for SureMDM SaaS licenses to support modern APNS. This will help prevent any service disruption.
All on-premise configuration customers must upgrade their systems to Windows Server 2016 or above. This upgrade holds a special significance because the changes require cipher suites that are present only in Windows Server 2016 and or above.
Procedure to Upgrade-
Customers who run SureMDM On-Premise version 6.31 or below on Windows Server 2016 or above can follow-
File Name: w16_below_6.31.zip
SHA1 : 610f7e8d439647d9c87358ac9b4833f16bf59503
SHA256 : 53350a2cf37d000703dc0875c924732b7a1e32b914e389fad94c824eec56c6c1
SHA3-512 : f3a66e3c1ab176c2ed0b39c27c35218dfdd15d7a47d490ae50b234b9a41a2dc2efc45a9f2d1a89ddac47338cd7773ebaad34a24801d93685c7a5fcdca3aaf44a
Customers who run SureMDM On-Premise version 6.37 or above on Windows Server 2016 or above can follow-
File Name: w16_above_6.37.zip
SHA1 : efd1b82815137622febf2431af7307cd24906b02
SHA256 : d6b8cb316dcf780b86142ec4506d7ccf9e464c8ba2e4978fd7fecc5f12ed75ed
SHA3-512 : 70f5984a61aa0eb524771a91ab906e110ea0e5376e3c34daddc033dde83768e0a538e73673e0b6eac860dc547f68731d7141e2bd56abfcaa186d4a5e7f379d6f
Customers who have Windows Server 2012 R2 can also upgrade their systems to Windows Server 2016 and follow the instructions mentioned above.
Note – As a customer, you don’t need to upgrade the SureMDM On-Premise version. For instance, if you’re using SureMDM On-Premise v6.31, which is quite old, this latest patch will still be relevant for that version. Everything other than the APNS mechanism will continue to work the way it did in the original release of SureMDM On-Premise v.6.31.
Recently Apple advisory issued an update, which mandates customers to install a new root certificate on servers that send APNS notifications. For this, customers using SureMDM on-premise servers need to download the contents from the URL below and run a PowerShell script.
This new root certificate must be installed on the servers before March 29, 2021, in order to avoid push notifications delivery failure. Please note that customers using Windows Server 2012 need to upgrade to Windows Server 2016 before installing the new root certificate.
Conclusion- How 42Gears Can Help?
The 42Gears team will share a help document to guide IT admins step by step to install the patch. In case you still have questions about this, please contact 42Gears Support for assistance.