Skip to main content

MDM updates from WWDC 2018

Apple’s Worldwide Developer’s Conference (WWDC) has been a wild ride this week. Consumers are excited for all the new features in iOS 12, tvOS 12 and macOS Mojave, and will (if the past is an indication of the future) adopt the new operating systems as soon as they are available in the fall. But, what’s changed from a management perspective? Apple provided a great overview session on what’s new in managing Apple devices on Thursday. You can watch the video here. But to save you 40 minutes, we put together a recap of the mobile device management (MDM) features coming to the new Apple operating systems.

Hello, Apple Business Manager
The first major announcement is the launch of Apple Business Manager. Similar to Apple School Manager, IT administrators at commercial organizations now have the ability to manage device deployment, purchase apps and books in volume, and manage roles for their organization within one portal. Apple Business Manager is an upgrade and combination of the Device Enrollment Program (DEP) and Volume Purchase Program (VPP). Organizations can upgrade to Apple Business Manager by following the instructions from Apple.

It should be noted that Managed Apple IDs within Apple Business Manager are not for employees, but only for administrators to log into the web portal. This is different form Apple School Manager, where students use Managed Apple IDs for Shared iPad.

Jamf Pro 10.3 provided support for Apple Business Manager beta, thanks to the similar nature to Apple School Manager. With its US launch this week, Jamf Pro admins will be able to accomplish zero-touch device enrollment and volume distribution of apps and books using Apple Business Manager. Apple will expand the new consolidated portal to 31 new countries this summer. See this page to determine the availability for your country.

Setup Assistant panes
Zero-touch enrollment via Apple School Manager and Apple Business Manager allow organizations to skip Setup Assistant screens during enrollment, helping users to the Home screen as fast as possible. There are new panes that will be skippable in iOS 12 and macOS Mojave, including setups for iMessage, FaceTime, Screen Time and Software Update.

Additionally, Apple will be simplifying the setup experience for macOS Mojave and align it more with the intuitive iOS setup experience.

iOS 12
The new mobile operating system for iPad and iPhone will allow consumers to get more out of their devices. New AR apps, photo sharing and Siri shortcuts will certainly drive user adoption. Additionally, there are new MDM controls that will enhance the ability for IT admins to craft how iOS devices behave on their network.

The password AutoFill and proximity sharing features are a great way to share passwords to friends and family. However, security-sensitive organizations might not want their secure Wi-Fi passwords shared. New MDM controls will be able to disable this feature. This restriction will also work on macOS Mojave since password requests work across both operating systems via continuity.

Additional new controls that IT admins will have at their fingertips include the ability to manage USB restricted mode, force automatic settings for date and time, controls for how notifications are handled, and substantial improvements to Managed Open In.

Jamf Pro admins will be able to control when to deploy iOS 12 after it launches by taking advantage of the Managed Software Updates feature that was introduced this spring; supported in Jamf Pro 10.3 or higher.

tvOS 12
Apple TV management was introduced in the spring of 2017, and Jamf Pro has supported it since the beginning. Apple TV can be set up automatically using Apple School Manager or Apple Business Manager. Through these portals, restrictions can be put in place to hide apps and arrange the Home screen, apply AirPlay security settings, and whitelist TV Remote app on iOS devices for pairing (ensuring the right TV Remote is always accessing the right iOS device). This allows Apple TV to be deployed at scale within schools, boardrooms, hospitals and hotels.

tvOS 12 will enhance Apple TV management by bring volume purchasing and deployment (formerly known as VPP) of App Store apps to devices. This is a major win for organizations looking to take advantage of the great apps in the App Store. Additionally, IT admins will be able to remotely install software updates to ensure the Apple TV devices are always running the latest version of tvOS.

macOS Mojave
The 15th release of OS X / macOS will include awesome new features for end users, like dark mode and the ability to keep desktops clean via stacks. There will also be new features for IT admins, starting with how to deploy macOS. While zero-touch deployment via Apple School Manager or Apple Business Manager is great, sometimes you need to re-install the operating system. A new “startosinstall” command was added in 10.13.4 and will continue on with Mojave. Admins can use this command along with the “ --installpackage” and “--eraseintall” flags to erase the startup disk and install packages. This can be your easy button to reinstall macOS!

User Approved MDM enrollments will continue to be an important part of macOS Mojave, as it will be required for future security sensitive settings. Today, it’s required to manage kernel extension permissions and is fully supported in Jamf Pro 10.3 and higher.

Finally, new controls coming in Mojave will include enhanced Smart Card settings, OAuth support for Exchange accounts, and all the password sharing restrictions discussed in the iOS 12 section.

Summer of beta testing
We look forward to testing the new Apple betas with Jamf Pro, and will be working hard to once again provide day-zero support for these new operating systems when they ship. Join the Apple beta program and stay tuned to the Jamf Pro beta program to learn more about Jamf’s ongoing support.

Have a fun time testing Apple’s new operating systems!

Any questions about what’s new or how to prepare now for your fall upgrades?