What’s New with Apple Device Management: Apple WWDC 2020 Updates

    Share On

    2020 is the year of many firsts. Apple’s 2020 Apple Worldwide Developers Conference was held fully online for the first time ever with zero in-person attendance between 22 Jun 2020 and 26 Jun 2020. Like every year, Apple announced several updates to their line of products, software, and technologies at the WWDC 2020. From launching the new OS versions iOS 14, iPad OS 14, and the much-awaited macOS Big Sur OS update designed for ARM-processors that are set to arrive coupled with the future macs, there were a number of interesting updates to Apple devices and software on the consumer side as well as the enterprise side.

    Updates to Apple Device Management 2020
    Apple WWDC 2020 Updates

    In this article, let us glance through some of the major updates that will impact Apple device management in 2020 and beyond.

    macOS: Mac becomes the ‘Big Sur’ Mac

    Silicon Chips by Apple for Universal App Development

    Currently, the macOS desktops and laptops are powered with Intel chips. In the WWDC 2020, Tim Cook announced the development of Apple Silicon Chips that will pave way for Universal App development- which means that now, developers can create apps that can be made uniformly available across iPhones, iPads, and Mac devices. Enterprises making use of Apple devices can now create cross-platform applications that will work across iOS, iPadOS, and macOS!

    Simplified supervision for user-approved MDM

    Apple currently has a fairly straightforward enrollment process for enterprise devices using Apple Business Manager using Apple DEP. For macOS devices running on Big Sur and are not supervised using the DEP (because they are perhaps BYOD or not purchased via Apple or its authorized reseller), the supervision is quick and easy. Once the device user approves the MDM, the device is automatically assigned as supervised and admins can have enhanced control over the device operations and apps. Admins can push users and profiles, also configuring additional restrictions on the devices.

    Easy setup and enrollment

    The auto-advance mode enables users to set up the devices quickly by powering the device and connecting it to the ethernet cable to skip setup steps and directly start logging in to the device.

    To simplify the enrollment, users simply can boot the device, connect to the internet and select language to get started.

    Photo by Ales Nesetril on Unsplash

    App Management

    The managed Apps concept was practically missing in macOS management for all this while but not anymore. With Big Sur, the MDM will be able to remove or uninstall applications from the devices or auto-remove them when the device is removed from management- a key security feature for the enterprise devices. The experts anticipate the ability to convert unmanaged apps to managed using an MDM in the coming updates for the DEP devices.

    Software and OS update management

    A critical feature for enterprise devices, finally IT admins will be able to defer as well as enforce OS and other software updates for 90 days. IT admins can also remove the software update catalog from the device and disable the flag command for major updates.

    Enhanced management and security

    On Big Sur devices, the Lights Out Management for Mac Pro feature will enable the IT admins to push the new Lights Out Management payload from the MDM to start up, reboot, or shut down the mas devices remotely.

    For enabling rapid content access across the entire network, the content caching feature will help in speeding up the downloads of apps, books, and other content files across the enterprise network. This will come especially handy for setting up wiped devices. For supervised mac devices, Bootstrap Tokens can be pushed via the MDM to grant a SecureToken without creating any specialized workflows.

    Apple has also added the capability to prevent Accidental Profile Installation from downloaded profiles and silent profile installation from the command line.

    New changes to the network setup now prevent standard users from accessing network settings. IT admins get full control over network connections whereas users can only check connection status, turn Wi-Fi power on or off or change the Wi-Fi access point.

    To prevent the misuse of the serial numbers of the devices that were made up of unique twelve-character strings of numbers and letters that displayed information about device built date and location along with identification code, now the devices will have a randomized 10-digit serial number.

    iOS: Simplicity to admins, delight to users

    True zero-touch setup

    On iOS and iPads OS 14, users will be able to skip the setup steps and all panes after device update and restart, thanks to the new profile payload which is also known as the ‘Setup Assistant’. The device setup will now completely be zero-touch.

    Non-removable managed apps

    Currently, for managed devices, the entire home screen is locked and the users cannot move the apps on the device. To improve the employee experience, now IT admins can mark non-removable apps that can’t be moved on the screen while other apps that users add can be grouped and placed on the home screen on user demand. The non-removable app will not be uninstalled and any attempt from the user end will display an alert suggesting that “This app cannot be deleted because it is required by your administrator.”

    Photo by Daniel Romero on Unsplash

    Security enhancements with per-account VPN

    Currently, Apple supports full VPN, split VPN, and per-app VPN. With the new enhancements, Apple has added the per-account VPN capability where IT admins can create VPN configurations for accounts- email, Exchange in email, contacts, etc. any traffic from these accounts will be channeled through the targeted VPN. The personal user accounts and non-managed apps accessed with it however will not be routed through VPN.

    Improved device management and security

    Apple strives hard to make device management delightful and easy for IT admins and has launched several small changes that significantly reduce the IT efforts in device management. Here are some of the major updates to enhance device management and security:

    • To ensure the accurate time zone is set up on the devices to ensure the apps that require appropriate timestamps to work, IT admins can now set time zones for devices remotely.
    • For devices set up using the Apple Configurator 2, the location support for apps and books enables the location-wise distribution of resources for enterprises.
    • IT admins can control the notification preview when the device is locked to enhance the security of the data. Data flow between unmanaged to managed apps is restricted with new restrictions on opening with the ‘My Shortcuts’ tab.
    • To ensure network security, when a device connects to any Wi-Fi network, every time a random MAC address will be used instead of the original device MAC address available from iOS 14 and above.

    iPad sharing for enterprises and schools

    Earlier, supervised iPads worked on a single Apple ID making device sharing for frontline workforce or students in a classroom cumbersome. Now, iPads can be shared by signing in with the Managed Apple IDs created by Apple Business Manager. Also, the devices set up using Office 365 AD or any other single sign-on can be accessed using the same ID. A dynamic number of caches users can be added to the shared iPads and a certain amount of storage will be assigned to each user. IT admins can remotely delete users of the shared iPads.

    Photo by Francois Hoang on Unsplash

    For iPads kiosks, a temporary session will be made available that will enable users to sign in without needing a managed Apple ID. Once the user signs on, the data associated with the session will be permanently deleted.

    Apple Business Manager/ School Manager

    Account data from Microsoft Azure AD can now be imported into Apple Business Manager and Apple School Manager using SCIM (System for Cross-domain Identity Management). This will ease out the user-wise role assignment into ABM and ASM.

    Closing lines…

    Like all Apple announcements, this one is also exciting and is set to improve Apple device management. Apple’s flagship design and consistency are going to be practically visible for device management in the coming months. There couldn’t be a better time to get started with Apple device management!

    Renuka Shahane
    Renuka Shahane
    Renuka Shahane is an avid reader who loves writing about technology. She is an engineering graduate with 10+ years of experience in content creation, content strategy and PR for web-based startups.

    Latest Articles

    What is macOS Patch Management: A Comprehensive Guide

    Many of us might be tempted to think that the powerful macOS devices that are usually high on security aren’t vulnerable. Well, there’s room...

    Understanding Unattended Remote Access for Windows

    Whether your organization is fully back on-site, hybrid, fully remote, or on-site but globally dispersed, the ability to manage devices remotely is not just...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications. This feature is designed to...

    Latest From Author

    Remote Device Management: Definition, Benefits, and Features

    Even with the pandemic a thing of the past, the shift from conventional work from the office to a flexible remote/hybrid model could still...

    Benefits of Samsung Knox on Android Devices Managed by MDM

    In a world obsessed with privacy and security, the primary concern while driving enterprise mobility at any organization is to upkeep the privacy of...

    Maximizing Operational Excellence in Manufacturing with MDM

    Manufacturing is a dynamic industry that requires businesses to be agile and responsive to changing market conditions. Like many other industries, manufacturing is increasingly...

    More from the blog

    Understanding Unattended Remote Access for Windows

    Whether your organization is fully back on-site, hybrid, fully remote, or on-site but globally dispersed, the ability to manage...

    Introducing Staggered Deployment for Android

    We're excited to unveil a new feature to simplify app deployment: Staggered Deployment for Android Enterprise and Recommended Applications....

    Introducing Maker-Checker: Enhancing Decision Making on Scalefusion

    In a world where human and technological imperfections coexist, having an extra pair of eyes never hurts, especially when...