In Minnesota, spring is officially here. The snow is melting, more people are coming out of hibernation, baseball is set to return, and of course, Apple is releasing another significant upgrade to their operating systems.
Spring releases are not new for Apple. Two years ago, they launched a major change for education with Apple School Manager and iOS 9.3. That release enabled Shared iPad, Managed Apple IDs, and a brand new Classroom management app. This has served as a foundation for Apple’s education efforts.
Apple continued this trend last year as well, when they introduced mobile device management (MDM) for Apple TV. This enabled the popular device to be manageable in both education and corporate settings. Organizations can take advantage of zero-touch deployments, apply AirPlay security settings, and even deploy in-house apps to Apple TV devices. This opened up the ability to truly manage the Apple ecosystem in the classroom and in meeting rooms.
This year, Apple continues to provide value to the MDM framework by adding new controls for software updates, new methods for managing security on Macs, and new tools for businesses to manage their devices. Jamf is right alongside Apple by providing day zero compatibility for Apple's spring release of macOS 10.13.4, iOS 11.3, and tvOS 11.3. These new versions of Apple's operating systems include new management capabilities that will be supported in this release. Let’s explore what’s new:
Managed Software Updates
Demand to be able to block iOS updates has grown. IT admins want to test new releases before rolling them out to all their devices. Apple has chosen not to add this ability up until this new release. This is a great compromise by Apple that balances the desire for security with the needs of IT admins looking to control their upgrades.
With Jamf and new versions of macOS and iOS, IT can now defer Apple software updates for up to 90 days, providing ample time to test workflows and provide excellent support for their internal users. Delivered via a restrictions configuration profile, this feature will require devices be upgraded to iOS 11.3 and be supervised. Jamf customers can take advantage of the software update command to bring them up to 11.3 before deploying this new restriction.
User-Approved MDM support for Mac
Today, there are several different ways to enroll a Mac: zero-touch via Apple’s Device Enrollment Program (DEP) or Apple School Manager; user-initiated enrollments; or traditional imaging workflows. They all resulted in the same end state of management. This is changing with the new version of macOS.
The 10.13.4 release of macOS introduces a new level of management capabilities for Mac, known as “User-Approved MDM." As the name suggests, this implies the user has willingly enrolled their Mac into management. New security-sensitive MDM controls now require User-Approved MDM. This is similar to how supervision works on iOS, but is not actually called supervision for the Mac. Existing Macs enrolled prior to 10.13.4 in MDM will automatically be considered "User Approved." Any DEP enrollments are also "User Approved."
Automatically create User-Approved MDM enrollments through the new enrollment workflow in Jamf. This allows IT to remotely manage security-sensitive settings like User-Approved Secure Kernel Extension Loading. New profiles, like Approved Kernel Extensions, require a macOS enrollment to be User Approved.
Apple TV enhancements
Apple continues to make Apple TV a more manageable device with this spring release. IT can now restrict apps and media content based on age ratings and update an app while a device is in Single App Mode. Apple TV is now a more powerful platform for digital signage and conference rooms because IT is able to more easily push app updates directly to devices with minimal downtime.
Apple Business Manager support
Finally, Apple will soon be coming out with Apple Business Manager as a way for businesses to manage the deployments and content for their devices. This is similar to Apple School Manager, but for, you guessed it, businesses. Because of the work Jamf has done to integrate with Apple School Manager in the past, you will be able to take advantage of Apple’s next generation platform which consolidates DEP and the Volume Purchase Program (apps and books) into a single web portal for IT. This program is still in beta from Apple, and Jamf will offer initial compatibility.
These are just a few of the great new features coming in Apple’s Spring Release, that you can leverage immediately due to the day-zero support offered with Jamf. For full details on what’s new, check out the release notes.