What’s New with Apple Device Management: Apple WWDC 2020 Updates

2020 is the year of many firsts. Apple’s 2020 Apple Worldwide Developers Conference was held fully online for the first time ever with zero in-person attendance between 22 Jun 2020 and 26 Jun 2020. Like every year, Apple announced several of the updates to their line of products, software and technologies at the WWDC 2020. From launching the new OS versions iOS 14, iPad OS 14 and the much-awaited macOS Big Sur OS update designed for ARM-processors that are set to arrive coupled with the future macs, there were a number of interesting updates to Apple devices and software on the consumer side as well as the enterprise side.

Updates to Apple Device Management 2020
Apple WWDC 2020 Updates

In this article, let us glance through some of the major updates that will impact Apple device management in 2020 and beyond.

macOS: Mac becomes the ‘Big Sur’ Mac

Silicon Chips by Apple for Universal App Development

Currently, the macOS desktops and laptops are powered with Intel chips. In the WWDC 2020, Tim Cook announced the development of Apple Silicon Chips that will pave way for Universal App development- which means that now, developers can create apps that can be made uniformly available across iPhones, iPads and Mac devices. Enterprises making use of Apple devices can now create cross-platform applications that will work across iOS, iPadOS and macOS!

Simplified supervision for user-approved MDM

Apple currently has a fairly straightforward enrollment process for enterprise devices using Apple Business Manager using Apple DEP. For macOS devices running on Big Sur and are not supervised using the DEP (because they are perhaps BYOD or not purchased via Apple or its authorized reseller), the supervision is quick and easy. Once the device user approves the MDM, the device is automatically assigned as supervised and admins can have enhanced control over the device operations and apps. Admins can push users and profiles, also configuring additional restrictions on the devices.

Easy setup and enrollment

The auto-advance mode enables users to set up the devices quickly by powering the device and connecting it to the ethernet cable to skip setup steps and directly start logging in the device.

To simplify the enrollment, users simply can boot the device, connect the internet and select language to get started.

Photo by Ales Nesetril on Unsplash

App Management

The managed Apps concept was practically missing in macOS management for all this while but not anymore. With Big Sur, the MDM will be able to remove or uninstall applications from the devices or auto-remove them when the device is removed from management- a key security feature for the enterprise devices. The experts anticipate the ability to convert unmanaged apps to managed using an MDM in the coming updates for the DEP devices.

Software and OS update management

A critical feature for enterprise devices, finally IT admins will be able to defer as well as enforce OS and other software updates for 90 days. IT admins can also remove the software update catalog from the device and disable flag command for major updates.

Enhanced management and security

On Big Sur devices, the Lights Out Management for Mac Pro feature will enable the IT admins to push the new Lights Out Management payload from the MDM to start up, reboot or shut down the mas devices remotely.

For enabling rapid content access across the entire network, the content caching feature will help in speeding up the downloads of apps, books and other content files across the enterprise network. This will come especially handy for setting up wiped devices. For supervised mac devices, Bootstrap Tokens can be pushed via the MDM to grant a SecureToken without creating any specialized workflows.

Apple has also added capability to prevent Accidental Profile Installation from downloaded profiles and silent profile installation from the command line.

New changes to the network setup now prevent standard users from accessing network settings. IT admins get full control over network connections whereas users can only check connection status, turn Wi-Fi power on or off or change the Wi-Fi access point.

To prevent the misuse of the serial numbers of the devices that were made up of unique twelve-character strings of numbers and letters that displayed information about device built date and location along with identification code, now the devices will have a randomized 10-digit serial number.

iOS: Simplicity to admins, delight to users

True zero-touch setup

On iOS and iPads OS 14, users will be able to skip the setup steps and all panes after device update and restart, thanks to the new profile payload which is also known as the ‘Setup Assistant’. The device setup will now completely be zero-touch.

Non-removable managed apps

Currently, for managed devices, the entire home screen is locked and the users cannot move the apps on the device. To improve the employee experience, now IT admins can mark non-removable apps that can’t be moved on the screen while other apps that users add can be grouped and placed on the home screen on user demand. The non-removable app will not be uninstalled and any attempt from the user end will display an alert suggesting that “This app cannot be deleted because it is required by your administrator.”

Photo by Daniel Romero on Unsplash

Security enhancements with per-account VPN

Currently, Apple supports full VPN, split VPN and per-app VPN. With the new enhancements, Apple has added the per-account VPN capability where IT admins can create VPN configurations for accounts- email, Exchange in email, contacts, etc. any traffic from these accounts will be channeled through the targeted VPN. The personal user accounts and non-managed apps accessed with it however will not be routed through VPN.

Improved device management and security

Apple strives hard to make device management delightful and easy for IT admins and has launched several small changes that significantly reduce the IT efforts in device management. Here are some of the major updates to enhance device management and security:

  • To ensure the accurate time zone is set up on the devices to ensure the apps that require appropriate timestamps to work, IT admins can now set time zones for devices remotely.
  • For devices set up using the Apple Configurator 2, the location support for apps and books enables the location-wise distribution of resources for enterprises.
  • IT admins can control the notification preview when the device is locked to enhance the security of the data. Data flow between unmanaged to managed apps is restricted with new restrictions on opening with the ‘My Shortcuts’ tab.
  • To ensure network security, when a device connects to any Wi-Fi network, every time a random MAC address will be used instead of the original device MAC address available from iOS 14 and above.

iPad sharing for enterprises and schools

Earlier, supervised iPads worked on a single Apple ID making device sharing for frontline workforce or students in a classroom cumbersome. Now, iPads can be shared by signing in with the Managed Apple IDs created by Apple Business Manager. Also, the devices set up using Office 365 AD or any other single sign-on can be accessed using the same ID. A dynamic number of caches users can be added to the shared iPads and a certain amount of storage will be assigned to each user. IT admins can remotely delete users of the shared iPads.

Photo by Francois Hoang on Unsplash

For iPads kiosks, a temporary session will be made available that will enable users to sign in without needing a managed Apple ID. Once the user signs on, the data associated with the session will be permanently deleted.

Apple Business Manager/ School Manager

Account data from Microsoft Azure AD can now be imported into Apple Business Manager and Apple School Manager using SCIM (System for Cross-domain Identity Management). This will ease out the user-wise role assignment into ABM and ASM.

Closing lines…

Like all Apple announcements, this one is also exciting and is set to improve Apple device management. Apple’s flagship design and consistency are going to be practically visible for device management in the coming months. There couldn’t be a better time to get started with Apple device management!

Share

Follow Us

Thousands of businesses rely upon Scalefusion for managing their mobile device, desktops & laptops and other endpoints

Renuka Shahane is a Sr. Content Writer at Scalefusion. An engineering graduate, an Apple junkie and an avid reader, she has a 5+ years of experience in content creation, content strategy and PR for technology and web based startups.

Share

Follow Us



Subscribe to our newsletter

Exciting Products.
Cutting-Edge Technology.
Powerful Insights.
Delivered Straight to Your Inbox!

No spam, no BS, unsubscribe at any time.

Thousands of businesses rely upon Scalefusion for managing their mobile device, desktops & laptops and other endpoints