Apple WWDC 2021
Apple’s Worldwide Developers Conference is a week of amazing sessions that define the coming year, announce new features, and preview technologies that will be at the core of managing Apple’s platforms inside your organization. Apple announced its latest versions of operating systems – iOS 15, iPadOS 15, watchOS 8, tvOS 15 and macOS Monterey, all of which have exciting new features shared across platforms that will make the Apple ecosystem even better. Apple hosted this conference virtually for the second year in a row due to the global pandemic.
Key announcements for iOS 15 consist of consumer and enterprise features such as major updates to FaceTime, new Focus features to reduce distraction, enhanced on-device intelligence to discover information, and more ways to explore the world using Maps, Weather, and Wallet.
One of the key enterprise features is declarative device management which is a new paradigm where the management will allow MDM servers to describe the right configuration to the device and let the device handle the implementation/execution. As previously mentioned in a post about Apple WWDC, we firmly believe that declarative device management will have a major impact on the future of device management. Keep reading to learn more about the new capabilities included in declarative device management.
User Driven User Enrollment
First, a new version of User Enrollment was announced. Before the user can request their enrollment profile, they require authentication against the organization’s MDM service, or against organization IdP, and only then will they be allowed to download their MDM Enrollment profile. This is called user driven user enrollment.
Another simple yet important feature is the Required App on unsupervised devices. Admins can push one managed app onto an unsupervised device and can be sure that the app cannot be removed. This is installed as part of the initial MDM profile and the consent to install apps is included during the profile installation. This feature is useful for installing an app that is critical for the business functions such as Mobile Threat Defense, a VPN app, or any other enterprise application. This will enhance BYOD security even further and make it easier for admins to manage BYOD devices.
Managed Pasteboard is a new feature that controls if paste is affected with managed open-in rules. If restrictions are imposed, then the user will see a notification letting them know that pasting is not allowed. This feature helps corporate data and contents better secured by preventing from unauthorized copy and paste.
Apple also announced new features for macOS Monterey and a few of them are exclusive to Apple Silicon and T2 chip devices.
InstallLater for Software Update
In previous releases, admins were given just a few options to help keep devices up to date where admins can issue a blanket delay on updates for a period to allow for testing. In case a user does not install updates then admins can use the MDM command to InstallASAP. In macOS Monterey, there are some changes where the admin is allowed to set a number of deferrals that a user can use to push back their own update, and then also enforce an update after a given number of deferrals. InstallLater makes the machine update at night, silently and automatically, while users are away from work devices providing convenience with no interruption, leading to an even better user experience. IT admins are also given the flexibility to push updates onto managed Mac devices with this enhancement.
Device Lock Command
Device lock command on Macs has been enhanced with Apple silicon. Admins can now send six-digit pin codes, lock screen messages (optional) and phone numbers (optional) to the device. This will cause the device to reboot and present a user with information provided bringing feature parity across all Mac models. With remote lock in place, the user is unable to use their device until the pin is provided. Once the pin is entered, the device will reboot with all data intact and will be ready for login.
Erase Device Command
In MacOS Monterey, the erase all contents from settings for the Apple silicon and T2 chip devices will be available for quick return to service. This feature will be available via MDM as well. Sending the Erase Device Command will erase all user data and reboot back to the setup assistant making the device ready for the next user in minutes. That allows IT admins to save time refreshing a used device for a new user by eliminating a very time-consuming set up task. On devices with Apple silicon, this will also reset any security settings that have been modified in recovery. For Enterprises, the allowEraseContentAndSettings restriction will be available.
Removable System Extension
Apple added a few kernel extension enhancements along with a new feature called Removable System Extension where the feature will allow the app to deactivate its own system extension. This feature does not require an admin password to remove the system extension. This mainly is used in deployments where the Mac has no AdminUser.
Overall, Apple has brought a lot of important management and security features across iOS, iPadOS, watchOS and macOS while bringing a balance between privacy, user agency and administrative control which makes a great device management solution. We will continue to find new ways to integrate these new features into our UEM platform.
This post was first first published on Ivanti Blog website by Aruna Kureti. You can view it by clicking here