WWDC always holds an incredible amount of information for administrators and this year was no exception. From the keynote on Monday through deep-dive sessions and hands-on labs throughout the week, Apple delivered an immense amount of information about upcoming changes to operating systems, key services like Apple Business Manager, and specific workflows.
Here are some of the most impactful capabilities announced this week.
Apple Configurator for iPhone
Enrolling newly purchased Apple devices from Apple into Apple Business Manager and Apple School Manager streamlines any Apple deployment. But many organizations purchase devices outside of Apple and often use Apple Configurator to enroll iPhone, iPad and Apple TV devices into Apple Business Manager or Apple School Manager. Now there’s a solution for Mac.
Later this year Apple is bringing Apple Configurator to the iOS App Store. This will allow IT admins to add an organizationally-owned Mac to Apple Business Manager or Apple School manager over-the-air, regardless of how those devices were purchased. All it takes is a simple scan during the macOS Setup Assistant when the Mac will display a pairing option on the screen for an admin to scan with the camera on their iPhone. No cables required!
This will expand enrollment capabilities to every Mac under your umbrella, no matter where they were purchased. It also accelerates the time required to enroll devices, which is especially helpful for organizations that have to enroll mass quantities of devices, like K-12 schools who will benefit from a new faster, more efficient enrollment workflow.
macOS Software Updates and Deferrals
Operating system (OS) upgrades are a milestone every year for IT. Whether managing a corporate fleet or a classroom of Apple devices, making OS upgrades work for your organization’s unique needs is key.
Apple is making OS upgrades a more customizable process, giving power to IT to make intelligent and dynamic decisions about how and when to upgrade their devices.
Admins could previously defer OS upgrades for up to 90 days on iOS, iPadOS, and tvOS devices. Apple is bringing this to macOS computers and adding the ability to specify different deferral and upgrade windows depending on the OS release type: major or minor. This will be essential for enterprise IT teams who prefer to schedule upgrades for a specific time period to allow for testing or other preparation activities.
Best of all, critical security releases from Apple can still be installed right away, ensuring your organization is best protected against threats and vulnerabilities in real-time.
Erase all content and settings for Mac
Completely wiping a device is sometimes the best way to ensure that sensitive personal and corporate information is completely removed from a computer, or to prepare it for reprovisioning.
Apple is giving local administrators the ability to perform an Erase All Content and Settings action, similar to actions already available on iOS, iPadOS, and tvOS. When used, this action will erase all user data and additional volumes onboard. Macs equipped with Apple silicon will also reset security settings to their default state: Full Security.
Administrators will be able to restrict this action if desired. This brings Mac into parity with other Apple operating systems, as Jamf admins can already restrict this feature on iOS and iPadOS. Admins will also be able to use the EraseDevice command to erase all content and settings.
This capability will be essential for schools that are re-provisioning devices for students at the end of a semester or commercial organizations looking to repurpose devices for new employees.
Apple’s popularity in the enterprise is often driven from the ground up: employees own and enjoy Apple devices outside the workplace and want to be empowered to use them at work, too.
Apple unveiled a modern bring your own device (BYOD) workflow with User Enrollment in 2019. This year Apple is taking it to another level by enhancing User Enrollment with better corporate data protection and user privacy.
When a user with a Managed Apple ID joins a corporate network on their personal device later this year, the user can be granted access to a shared corporate iCloud Drive. If the user is also signed in with a personal Apple ID they will have access to both a personal and professional iCloud Drive. This will help protect corporate data by keeping it firmly within the managed iCloud Drive space instead of on an iCloud instance tied to a user’s personal Apple ID.
Companies that offer BYOD (especially those that rely on contractor workers) take note. User Enrollment will improve and secure the way BYOD and short-term employees access company resources.
Apple continues to differentiate itself from other technology vendors by placing a unique focus on user privacy. WWDC saw a number of updates that will better protect users - and their data - while also ensuring that the organization is protected, like:
- Hide My Email: Users have the option of creating a randomly generated email address to use with outside services and sign-up forms. This will give users greater control over who knows their actual email address and help cut down on spam.
- Private Relay: A remote-first world meant that employees were logging in from outside the corporate perimeter. Private Relay automatically routes internet traffic through two proxy networks, preserving security and privacy even when employees browse from an untrusted or public network outside the office.
Security and IT teams are often tasked with finding the right balance of security and privacy, and these new features put user privacy at the forefront, enabling privacy protection regardless of where devices are being used.
The remote-first world of the past year revealed new opportunities to effectively leverage Apple devices for work and education. Whether a user was logging in to a team meeting from their home office or helping their child join a class from an iPad, the past twelve months proved that effectively using Apple can be the key to success at work and in the classroom.
At WWDC Apple announced a number of significant changes that will have an immediate positive impact on work teams and classrooms, including:
- Group FaceTime: Collaborative video calls were perhaps the most ubiquitous technology of the last year. An updated grid view of participants, the ability to pre-schedule FaceTime calls, and sharable web links all help supercharge productivity when using FaceTime.
- Spatial Audio: An innovative way to shrink the distance between call participants, Spatial Audio distributes voices in different directions, depending on where their face is located on a FaceTime call. This will make for more natural body language during calls.
- Voice Isolation: FaceTime will leverage machine learning to help cut down on unwanted background noise during calls. For users with mild hearing challenges, this can be a game-changer and makes for a more inclusive call experience.
Recovery Lock for Mac
To better protect the integrity of Mac, IT admins can set a password that must be entered before a computer can be restarted into the recovery OS.
This is an important change, especially from the perspective of information security professionals. Setting a recovery password prevents users from modifying security settings or erasing the Mac without IT knowledge and approval. This password can only be removed via MDM, unenrolling in MDM, or if the Mac is erased.
Setting a recovery password will help prevent unintentional data loss or damage, and is also a good defense against malicious action should a company-owned Mac be lost or stolen.
Universal Control for Mac
Building on the success of Project Sidecar - an announcement from WWDC 2019 that lets you use an iPad as a desktop extension for a Mac - Universal Control lets you use a single mouse across a side-by-side Mac and iPad.
Rather than using the iPad as a simple desktop extension, Universal Control preserves the unique experience of both the Mac and iPad while enabling a single mouse and keyboard input across both devices.
This is a valuable change for users who prefer to leverage multiple Apple devices in their day-to-day work. It also makes it easier for organizations to justify a device choice program by extending the value of Mac and iPad in new ways.
Declarative device management
Apple gave a look at the future of MDM with declarative device management, an update that empowers individual devices to take autonomous action. This early version of new management technology enhances workflows for iOS and iPadOS that are managed by Apple’s privacy-focused User Enrollment for BYO programs.
With declarative device management, a managed device can asynchronously apply settings and report the status back to an MDM vendor without the need for constant polling. This evolution has the potential to reduce IT overhead, minimize the resources needed from an MDM platform, and make the device behavior more tailored to an employee’s status in real-time.
This is an exciting change for MDM and an early look at where Apple intends to take it in the future.
Temporary Session on Shared iPad
When the one-to-one deployment is not an option, having Shared iPad carts on hand can mean all the difference for equitable access to Apple technology.
IT admins will be able to restrict the ability to log in on a Shared iPad with an Apple ID. When this is in place, a user will only see the option to use a Temporary Session at log in. After logging out, all user and device data are wiped, ensuring that user privacy is protected while data security remains intact.
For schools or organizations with frontline workers, this new capability makes Shared iPad from Apple an even more compelling option for shared-use environments.
WWDC is always a must-see event for IT and security teams and this year was no exception. From enrollment upgrades to a continued emphasis on privacy, Apple is leading the way in supporting enterprise and education work, wherever it takes place.
If you have questions or ideas about all the news from WWDC, join the discussion on Jamf Nation, the world’s largest community of Apple IT administrators.