2020 is the year of many firsts. Apple’s 2020 Apple Worldwide Developers Conference was held fully online for the first time ever with zero in-person attendance between 22 Jun 2020 and 26 Jun 2020. Like every year, Apple announced several updates to their line of products, software, and technologies at the WWDC 2020. From launching the new OS versions iOS 14, iPad OS 14, and the much-awaited macOS Big Sur OS update designed for ARM-processors that are set to arrive coupled with the future macs, there were a number of interesting updates to Apple devices and software on the consumer side as well as the enterprise side.
In this article, let us glance through some of the major updates that will impact Apple device management in 2020 and beyond.
macOS: Mac becomes the ‘Big Sur’ Mac
Silicon Chips by Apple for Universal App Development
Currently, the macOS desktops and laptops are powered with Intel chips. In the WWDC 2020, Tim Cook announced the development of Apple Silicon Chips that will pave way for Universal App development- which means that now, developers can create apps that can be made uniformly available across iPhones, iPads, and Mac devices. Enterprises making use of Apple devices can now create cross-platform applications that will work across iOS, iPadOS, and macOS!
Simplified supervision for user-approved MDM
Apple currently has a fairly straightforward enrollment process for enterprise devices using Apple Business Manager using Apple DEP. For macOS devices running on Big Sur and are not supervised using the DEP (because they are perhaps BYOD or not purchased via Apple or its authorized reseller), the supervision is quick and easy. Once the device user approves the MDM, the device is automatically assigned as supervised and admins can have enhanced control over the device operations and apps. Admins can push users and profiles, also configuring additional restrictions on the devices.
Easy setup and enrollment
The auto-advance mode enables users to set up the devices quickly by powering the device and connecting it to the ethernet cable to skip setup steps and directly start logging in to the device.
To simplify the enrollment, users simply can boot the device, connect to the internet and select language to get started.
The managed Apps concept was practically missing in macOS management for all this while but not anymore. With Big Sur, the MDM will be able to remove or uninstall applications from the devices or auto-remove them when the device is removed from management- a key security feature for the enterprise devices. The experts anticipate the ability to convert unmanaged apps to managed using an MDM in the coming updates for the DEP devices.
Software and OS update management
A critical feature for enterprise devices, finally IT admins will be able to defer as well as enforce OS and other software updates for 90 days. IT admins can also remove the software update catalog from the device and disable the flag command for major updates.
Enhanced management and security
On Big Sur devices, the Lights Out Management for Mac Pro feature will enable the IT admins to push the new Lights Out Management payload from the MDM to start up, reboot, or shut down the mas devices remotely.
For enabling rapid content access across the entire network, the content caching feature will help in speeding up the downloads of apps, books, and other content files across the enterprise network. This will come especially handy for setting up wiped devices. For supervised mac devices, Bootstrap Tokens can be pushed via the MDM to grant a SecureToken without creating any specialized workflows.
Apple has also added the capability to prevent Accidental Profile Installation from downloaded profiles and silent profile installation from the command line.
New changes to the network setup now prevent standard users from accessing network settings. IT admins get full control over network connections whereas users can only check connection status, turn Wi-Fi power on or off or change the Wi-Fi access point.
To prevent the misuse of the serial numbers of the devices that were made up of unique twelve-character strings of numbers and letters that displayed information about device built date and location along with identification code, now the devices will have a randomized 10-digit serial number.
iOS: Simplicity to admins, delight to users
True zero-touch setup
On iOS and iPads OS 14, users will be able to skip the setup steps and all panes after device update and restart, thanks to the new profile payload which is also known as the ‘Setup Assistant’. The device setup will now completely be zero-touch.
Non-removable managed apps
Currently, for managed devices, the entire home screen is locked and the users cannot move the apps on the device. To improve the employee experience, now IT admins can mark non-removable apps that can’t be moved on the screen while other apps that users add can be grouped and placed on the home screen on user demand. The non-removable app will not be uninstalled and any attempt from the user end will display an alert suggesting that “This app cannot be deleted because it is required by your administrator.”
Security enhancements with per-account VPN
Currently, Apple supports full VPN, split VPN, and per-app VPN. With the new enhancements, Apple has added the per-account VPN capability where IT admins can create VPN configurations for accounts- email, Exchange in email, contacts, etc. any traffic from these accounts will be channeled through the targeted VPN. The personal user accounts and non-managed apps accessed with it however will not be routed through VPN.
Improved device management and security
Apple strives hard to make device management delightful and easy for IT admins and has launched several small changes that significantly reduce the IT efforts in device management. Here are some of the major updates to enhance device management and security:
- To ensure the accurate time zone is set up on the devices to ensure the apps that require appropriate timestamps to work, IT admins can now set time zones for devices remotely.
- For devices set up using the Apple Configurator 2, the location support for apps and books enables the location-wise distribution of resources for enterprises.
- IT admins can control the notification preview when the device is locked to enhance the security of the data. Data flow between unmanaged to managed apps is restricted with new restrictions on opening with the ‘My Shortcuts’ tab.
- To ensure network security, when a device connects to any Wi-Fi network, every time a random MAC address will be used instead of the original device MAC address available from iOS 14 and above.
iPad sharing for enterprises and schools
Earlier, supervised iPads worked on a single Apple ID making device sharing for frontline workforce or students in a classroom cumbersome. Now, iPads can be shared by signing in with the Managed Apple IDs created by Apple Business Manager. Also, the devices set up using Office 365 AD or any other single sign-on can be accessed using the same ID. A dynamic number of caches users can be added to the shared iPads and a certain amount of storage will be assigned to each user. IT admins can remotely delete users of the shared iPads.
For iPads kiosks, a temporary session will be made available that will enable users to sign in without needing a managed Apple ID. Once the user signs on, the data associated with the session will be permanently deleted.
Apple Business Manager/ School Manager
Account data from Microsoft Azure AD can now be imported into Apple Business Manager and Apple School Manager using SCIM (System for Cross-domain Identity Management). This will ease out the user-wise role assignment into ABM and ASM.
Like all Apple announcements, this one is also exciting and is set to improve Apple device management. Apple’s flagship design and consistency are going to be practically visible for device management in the coming months. There couldn’t be a better time to get started with Apple device management!