Another edition of the annual Apple Worldwide Developers Conference (WWDC) has come and gone. SOTI experts were listening in and taking notes. Here are the highlights.
What’s New in Apple Device Management
Deployment Enhancements
-
Zero-Touch Deployment SupportADE: Automated Device Enrollment is now accessible for Apple Vision Pro, expanding its utility across more devices.
- WebAuthn Support: WebAuthn allows web applications to perform secure authentication without passwords and via public key cryptography. This capability is now available on macOS.
- Updated Setup Assistant Skip Keys: macOS includes a new “Welcome to Mac Screen” at the end of Setup Assistant. Existing Skip Keys for iOS and iPadOS can be used to skip this new Mac screen for smoother device deployments.
Apple Business Manager Upgrades
-
Additional Devices Support:Apple Business Manager now automatically adds Apple Vision Pro and Apple Watch to your organization at the time of purchase.
- Activation Lock Flexibility: If a device is lost or stolen, turning on Activation Lock automatically locks the device, preventing unauthorized use. This feature can now be turned off for devices that have already been added to your organization.
Identity Management Improvements
- Managed Apple Accounts: Organizations can capture their domain name, allowing them to restrict new Apple Accounts created in their domain to be exclusively Managed Apple Accounts, enhancing security and management.
- Conversion Option: This capability occurs after an organization captures their domain in Apple Business Manager. Users with existing personal Apple Accounts with email addresses associated with the captured domain will be prompted to change their email address (keeping it a personal Apple Account) or convert it to a Managed Apple Account.
What This Means: More Streamlined and Secure Business Operations
Devices are only productive once they reach the hands of the user. Apple has taken steps to shorten deployment times and minimize how many people must touch a device prior to activation. Once those devices are in use, Apple’s security enhancements keep them protected. These security measures are ideal for highly regulated or sensitive industries.
Platform Updates
iOS, iPadOS and macOS
- Enhanced Software Update Settings: Managed devices with iOS and iPadOS 18 and macOS 15 or later now boast software update settings configuration. This includes the ability to customize notification behavior and streamline the management of beta updates.
- Safari Browser Extension Management: Admins can manage Safari extensions across iOS, iPadOS and macOS. This includes defining allowed extensions, toggling extension status and configuring website access based on domains and sub-domains.
Apple Vision Pro
- Expanded Configurations for Apple Vision Pro: New configurations, Enterprise Mobility Management (EMM) commands and restrictions offer enhanced control over Apple Vision Pro devices.
Mac Management
- Executable File Support: Service configuration files now support .exe files within the same zip archive format in a tamper-resistant location.
- launchd Configuration: launchd is used on Mac to manage system and user services. Background task services configurations now support the installation of launchd configuration files.
- Disk Management Configuration: Admins can prevent external and network drives from storing data with new disk management configurations.
iPhone and iPad Management
- Cellular Improvements: Enhancements include eSIM preservation, preventing eSIM transfers via EMM restrictions, setup via link or QR code, 5G network slicing, and support for multiple private networks.
- App Lock and Hide: Users can lock/unlock and hide apps with Face ID, Touch ID or a passcode. IT can manage this feature by requiring managed apps to be locked or by preventing managed apps from being locked.
- Stolen Device Protection: Improved security measures prevent delays in activating stolen device protection for newly set up devices. This will not cause a security delay for the first three hours after Stolen Device Protection is enabled if devices are newly set up without familiar locations.
- In-House App Trust: Trusting in-house apps now requires a restart to acknowledge new team identities. In-house apps deployed via EMM will not require a reboot.
- iPhone Mirroring: Users can mirror an iPhone’s screen to a Mac and access smartphone capabilities such as making calls or working within apps. iPhone remains locked while this feature is active. This feature can be restricted if necessary, via EMM.
What This Means: Security First, Second and Third
It’s estimated that 560,000 new pieces of malware are detected daily. As the number and complexity of threats grow, Apple continues to counteract with powerful new security measures. For admins and organizations, an unsecured device will eventually become an unproductive device because of an attack. The best way to stop a cyber-attack – and to maintain productivity – is to prevent it from happening in the first place.
In Conclusion…
As technology evolves, so does the landscape of device management. Organizations must take advantage of this evolution without sacrificing operations or security.
These updates represent a significant leap forward in device management capabilities. The combination of enhanced security and streamlined deployment processes gives organizations greater control over their Apple device ecosystem.
Discover Apple Management with SOTI MobiControl
SOTI MobiControl gives organizations what they’re looking for: visibility and control over their business-critical Apple devices. Always know what they’re doing, how they’re performing and what security or compliance risks they’re facing.
Want to learn more about SOTI MobiControl? Here’s how you can start: