Apple Security Services

Enterprise-Grade Security for Every Apple Device

Protecting Your Apple Fleet from Every Angle

Apple's built-in security -- Secure Enclave, hardware-verified boot, app sandboxing -- provides a strong foundation. Wallace and White builds on that foundation with centralized policy enforcement, compliance monitoring, and incident response across your entire Apple fleet through Mosyle MDM.

FileVault Disk Encryption

Data at rest is one of the most common attack vectors when a device is lost or stolen. FileVault 2 provides full-disk encryption using XTS-AES-128 encryption with a 256-bit key, making it virtually impossible for an unauthorized party to access the data on a Mac's internal storage.

Wallace and White enforces FileVault 2 encryption on every managed Mac through Mosyle MDM. Encryption is activated automatically during enrollment, and personal recovery keys are escrowed securely within the Mosyle console. This means that if an employee forgets their password or a device needs to be recovered, your IT team can retrieve the recovery key without physical access to the machine.

Our FileVault management includes:

  • Automatic enforcement -- FileVault is enabled as part of the device enrollment process, ensuring no Mac enters production without full-disk encryption
  • Recovery key escrow -- Personal recovery keys are stored securely in Mosyle, accessible only to authorized administrators
  • Key rotation -- Recovery keys can be rotated on demand or on a scheduled basis for additional security
  • Compliance verification -- Continuous monitoring confirms that FileVault remains enabled and that the escrowed key is current

Security Policy Enforcement via MDM

Consistent security policies are the backbone of any organizational security program. Without centralized enforcement, each device becomes its own security island, with settings that drift over time as users make changes. Mosyle MDM allows Wallace and White to define, deploy, and enforce security configurations across every Apple device in your fleet from a single management console.

We configure and enforce the following security policies:

  • Passcode and password complexity requirements -- Enforce minimum password length, character requirements, and expiration intervals on Mac, iPhone, and iPad. Prevent users from setting weak or commonly used passwords.
  • Screen lock timeouts -- Require devices to lock automatically after a defined period of inactivity. This prevents unauthorized access when a device is left unattended at a desk, in a conference room, or in a public space.
  • Firewall configuration -- Enable and configure the macOS application firewall to block unauthorized incoming connections. Stealth mode can be enabled to prevent the Mac from responding to probe requests.
  • Gatekeeper settings -- Restrict application installation to the App Store and identified developers only. This prevents users from installing unsigned or potentially malicious software from unknown sources.
  • System Integrity Protection (SIP) monitoring -- Continuously verify that SIP remains enabled on every Mac. SIP protects critical system files and processes from modification, even by the root user. If SIP is found to be disabled on any device, the system flags it immediately for investigation.
  • Automatic security updates -- Configure devices to download and install security patches automatically, or on a managed schedule that balances security with operational needs. Critical security updates can be pushed immediately across the fleet.

Endpoint Protection

While macOS and iOS have strong built-in defenses, modern threats require layered protection. Wallace and White deploys and manages endpoint protection solutions that add real-time threat detection and response capabilities to your Apple devices.

  • Real-time malware detection -- Continuous scanning identifies and quarantines known malware, adware, and potentially unwanted programs. Threats are neutralized before they can execute, and your IT team is notified immediately when a detection occurs.
  • Application whitelisting and blacklisting -- Define exactly which applications are permitted to run on managed devices. Block known-risky applications outright, and restrict installations to an approved software catalog. This eliminates shadow IT and reduces the attack surface.
  • USB and external storage restrictions -- Control or disable access to USB drives, external hard drives, and other removable media. This prevents data exfiltration through physical media and blocks a common malware delivery vector.
  • Network security -- Deploy managed Wi-Fi profiles to ensure devices connect only to trusted networks with proper authentication. Enforce VPN connections for remote workers so that all traffic is encrypted in transit, even on public networks.

Compliance Monitoring

Security is not a one-time configuration. It requires ongoing verification that every device in your fleet meets the standards you have set. Wallace and White provides continuous compliance monitoring that catches configuration drift, identifies non-compliant devices, and in many cases remediates issues automatically.

  • Continuous compliance checking -- Every managed device is evaluated against your security baseline on a recurring schedule. Checks cover encryption status, OS version, password policy adherence, installed software, and dozens of other security attributes.
  • Automated remediation -- When a device falls out of compliance, Mosyle can automatically re-apply the correct configuration profile, trigger a software update, or restrict access until the issue is resolved. This reduces the burden on your IT team and closes gaps faster than manual intervention.
  • Compliance reporting and dashboards -- Real-time dashboards provide a clear view of your fleet's security posture. Generate detailed compliance reports for auditors, leadership, or regulatory bodies on demand. Historical data shows trends over time so you can identify recurring issues.
  • Framework support -- Our compliance monitoring supports the requirements of widely adopted security frameworks including NIST, CIS Benchmarks, HIPAA, and SOC 2. Whether you are pursuing formal certification or simply want to align your security program with industry best practices, we map your Apple device policies to the controls that matter.

Remote Security Actions

When a device is lost, stolen, or compromised, every minute counts. Wallace and White provides immediate remote security actions through Mosyle MDM, giving your organization the ability to respond to security incidents without waiting for physical access to the device.

  • Remote lock -- Instantly lock any managed Mac, iPhone, or iPad with a custom PIN code. The device becomes unusable until the correct code is entered, buying time to investigate and recover the device.
  • Remote wipe -- Erase all data from a device remotely when recovery is not possible. A full wipe returns the device to factory settings, ensuring that no organizational data remains on a lost or stolen device.
  • Lost Mode (iPhone and iPad) -- Activate Lost Mode on any managed iPhone or iPad to lock the device, display a custom message with contact information on the lock screen, and track the device's location on a map in real time. Lost Mode works even if the user has disabled location services.
  • Activation Lock management -- Activation Lock prevents anyone from reactivating a device without the original Apple Account credentials, which is valuable for theft deterrence. However, it can also create problems when devices need to be reassigned or reprovisioned. Wallace and White manages Activation Lock centrally through Mosyle, allowing your team to bypass it when necessary for legitimate device lifecycle operations.

Ready to Secure Your Apple Fleet?

Contact Wallace and White to discuss how our Apple security services can protect your organization's data, enforce compliance, and give your team the tools to respond to threats in real time.

Contact Us