When using a managed device (Active directory) behind, what security measures are recommended to take in order to secure sensitive data like stored passwords, directories or the keychain itself?
The way I need to join/setup this apple device is to boot from network and install company custom OS/software/tools, this will download/setup some certificates needed to get access but at the same time, wondering how much the private data becomes exposed, like the apple id, or data like 1password, etc.
My guess is that in this scenario is like giving root access away and there is pretty much nothing to do besides just using the device with no sensitive data/etc. or is there a semi-managed option not granting too many privileges?
Best Answer
When you have to install a custom-made OS and software, there's really nothing you can do. It is completely like giving away root access. Shy of actually doing a full reverse engineering of the whole platform (not really feasible), you have to consider the risk that there's a built-in backdoor or automatic leaking of data to HQ.
Therefore the best would be to treat it as a non-private computer and not store any sensitive data on it that you wish to keep private from the company.