WWDC: What’s New for Enterprise Admins and Device Management?

apple silicon, new mac and new vision pro This week’s hardware stars are WWDC 2023However, IT professionals should be aware of new features that make their jobs easier and allow them to manage their devices more effectively. Here’s a quick rundown of the significant changes we’ve seen so far.

But think about this first.and use is growing rapidly Cupertino understands the top concerns of mass adoption of Apple devices, including administration, management, and security for their products across the enterprise.

With that in mind, it’s no surprise to find the company chasing the market at WWDC. Even with the introduction of MDM for Apple Watch This reflects the trend of some companies using these devices in interesting new ways, such as: How it’s done at Volvo.

Managed Apple IDs

Updates to Continuity, Apple Wallet, and iCloud Keychain make them even more versatile this year. Admins also get additional controls to prompt users to sign in to required apps and services. Managed Apple IDs can also be used in many situations, such as when enrolling a device to separate personal and work data.

federated identity

Apple School Manager (ASM) and Apple Business Manager (ABM) Already supports federated identity systems Okta, Azure, OAuth, Workspace, etc. This year, we’re adding support for OpenID Connect, making the job much easier for businesses looking to integrate multiple platforms around a single identity authentication service.

iCloud Keychain

Another useful improvement to Managed Identity is the addition of support for iCloud Keychain. This will allow IT departments to automatically deploy passcodes and passkeys to managed devices, which should be a good step towards a passwordless enterprise. This builds on the ability for groups of users to add and edit passwords and passkeys, also announced at WWDC 2023, so everyone in the group stays up-to-date.

Declarative device management

Apple put in a lot of effort Declarative device management this year. Improvements discussed at the show include new ways to deploy apps and certificates, and macOS also allows you to manage a common service configuration file.

software update

In a move that has been welcomed by many, IT admins can now enforce software updates by a specific deadline while increasing user transparency.

Another improvement means that admins can use MDM to manage multiple versions of applications and install them on Macs.

Automated Device Enrollment on Mac

Many organizations want to ensure that certain security configurations are in place even before Macs are enrolled and users log in for the first time. You may need to enable FileVault and run a specific OS version on your Mac. Apple announced the following improvements at his WWDC:

On macOS 14, you can request MDM to enable FileVault during the setup assistant. Recovery keys can be shared with end users during setup or managed by an MDM system.

MDM can require devices to be on a specific operating system version in order to enroll. This means that the company’s services cannot be accessed until the user renews. It works using JSON to tell the MDM what OS the device is running. If a newer version is required, the user will be guided through the update process.

Make sure your Mac is enrolled

Currently, when a user tries to set up a non-networked Mac, MDM enrollment is skipped and the user is prompted to enroll the machine. (This is partly because the setup relies on his JSON calls to the authentication and MDM servers.)

Apple changed this. First, the Setup He Assistant takes up the entire screen and gives users choices when setting up their Mac. Either register the Mac immediately or “not register now” which gives him an 8 hour grace period until registration is required.

This ensures that Macs are MDM-enrolled and data cannot easily flow outside the managed device boundary.

User authentication and single sign-on (SSO)

macOS Ventura allows users to authenticate once with their organization’s identity provider account and gain access to all approved services. macOS Sonoma extends this with useful tools to allow the user to sign in with her ID credentials or smart card to create/authenticate an account, repair or re-authorize her local account registration and on-demand creation. to

Manage passwords and system preferences

Apple made some changes here. One of them is stronger password compliance controls. In other words, weak passwords are flagged and users who continue to use weak passwords are notified and advised to change their passwords. Another change introduces new restrictions to prevent managed device users from changing Apple ID logins and Internet accounts, or adding local user accounts.

Managed device attestation

Apple introduced Managed Device Authentication for iOS in 2022. The idea is that once this system is put in place, only legitimate devices can access enterprise resources. This protection is now available on Mac as well. Apple has also expanded the system to monitor more system elements (such as device ID and OS version), adding a layer of security to systems protected by Managed Device Attestation.

back to service

Many businesses and schools experience relatively rapid growth in device usage. An iPad can go through multiple users in a month or a week. Removing old data from the device is relatively easy, but setup had to be done manually. Return to Service automates some of these steps, so the device is not only wiped, but also reset, enrolled in MDM, connected to Wi-Fi, and the next person can access the device. is ready to use as soon as you get your hands on it.

5G network slicing and private networks

More and more companies are adopting private 5G and LTE networks. They support the kinds of service levels and latencies required by next-generation enterprise technologies, or provide network connectivity over wider areas than Wi-Fi supports.

iPad already supports private LTE and 5G networks, including MDM-based eSIM deployments. Now that capacity is coming to the iPhone as well, with support for private standalone 5G networks. Apple support is very important. The company has also figured out how to make such networks more power efficient. SIM-based support is enabled only when needed thanks to geolocation. Apple also introduced 5G network slicing support. It is an emerging technology designed to efficiently manage the emerging demand for connected services and devices.

relay

Apple also introduced relays, a new way to provide secure access to corporate network resources. Natively supported by Apple devices, these are secure proxies that, according to the company, offer a better user experience and are easier to manage than traditional VPN services. It can also be configured using MDM.

apple configurator

Apple Configurator for iPhone is a tool widely used by IT departments to add devices to ASM or ABM. The change is that the user can now assign her device to her MDM server from within her Configurator. They have three options for him. do not assign. Assign to default her MDM server. Or assign it to her MDM server of your choice belonging to the company. When a user signs in with their Managed Apple ID, they see a list of users and her MDM servers available for that device.

A shortcut to IT is born

Apple has created a batch of shortcuts for Apple Configurator. These include shortcuts to update, restore, erase, and prepare your iPhone and iPad. At WWDC, Apple demonstrated one of these uses using a series of shortcuts to set up and provision an iPad. Apple is urging his MDM developers to integrate with these shortcuts, so it’s clear they intend to automate the setup and management process as much as possible.

please follow me Mastodonor join Appleholic’s Bar & Grill and apple discussion MeWe’s group.