Apple Push Notification Service (APNS) Changes Impacting SOTI MobiControl Customers
Apple currently provides two endpoints for the Apple Push Notification Service (APNS): the original APNS endpoint based on a binary TCP protocol (hereafter referred to as “legacy APNS”) and a newer APNS endpoint based on the HTTP/2 communication protocol (hereafter “modern APNS”).
On November 1st, 2020, Apple will discontinue the legacy APNS in favor of the modern APNS. All versions of SOTI MobiControl released to date have leveraged the legacy APNS. The discontinuation of the legacy APNS means that this change by Apple will impact all customers using SOTI MobiControl to manage their Apple devices.
As of November 1, 2020, customers will no longer be able to manage existing iOS & macOS devices or enroll new ones without upgrading their version of MobiControl.
SOTI will issue Maintenance Releases for SOTI MobiControl v14 and v15 in order to support the modern APNS and avoid any service disruption. SOTI MobiControl v15.2 and higher will support the modern APNS and will not be affected when they are released.
Recommended course of action for affected customers
- Customers running SOTI MobiControl 14.x or lower should upgrade to 14.5.1, which will be released in late May / early June, 2020.
- Customers running SOTI MobiControl 15.0.x or 15.1 should upgrade to 15.1.1, which will be released in late May / early June, 2020.
- Customers running SOTI MobiControl 15.2 or higher do not need to take any action.
New Minimum System Requirements
The modern APNS is based on the HTTP/2 protocol. Support for this protocol is available on Windows Server 2016 and higher. This means that MobiControl v14.5.1+ and v15.1.1+ will minimally require Windows Server 2016.
Customers running SOTI MobiControl on older versions of Windows Server will need to upgrade their servers to Windows Server 2016 or higher before upgrading their instance of SOTI MobiControl.
New Security Requirements
The modern APNS requires one the following modern TLS cipher suites to be enabled on the server hosting the SOTI MobiControl instance:
The best practices option in the IIS Crypto tool is the easiest way to enable the necessary TLS cipher suites. Furthermore, the list of TLS cipher suites enabled on the server can be retrieved using the Get-TlsCipherSuite PowerShell command.
New Runtime Libraries
To support modern APNS, SOTI MobiControl leverages modern Microsoft frameworks. Therefore, SOTI MobiControl v14.5.1+ and v15.1.1+ will require runtime libraries for .NET Core 3.1 or higher to be installed on the server.
New Firewall Rules
The host of the modern APNS is different than that of the legacy APNS. Customers using firewall rules to protect their network must add the following rule to allow SOTI MobiControl to communicate with the modern APNS:
If you have questions about this please contact SOTI Support for assistance.