From major upgrades to their operating systems to new management capabilities and more, this year’s Apple Worldwide Developer Conference gave admins and end users alike a lot to talk about over the next couple of months as we head into OS upgrades season.
After a long wait filled with speculation and expectations, Apple announced a historic change as they intend to shift away from Intel-made processors and bring the effort in-house.
With this change, Apple is taking its focus on the end user to a new level with a significant step in hardware performance. It is no small effort for the Apple team to make this change, but they seem confident they can design and manufacture chips that deliver a better customer experience.
We also heard a timeline for roll out: two years. The transition begins this fall with the introduction of the first Apple silicon-powered Macs. Take advantage of the coming months to read up on Apple silicon and to start the dialog internally around how your organization plans to purchase and support this hardware. Your stakeholders are your greatest allies and you will need to be in alignment as hardware refresh plans are made.
Finally, a quick note about apps. The transition to Apple silicon will create some work for app developers. Apple is equipping developers with new emulation software - Rosetta 2 - to help ease the transition but this is worth keeping an eye on, especially for teams that have critical dependencies on third-party apps. Jamf’s history of helping customers with this transition goes back to 2006 when the PowerPC transitioned to Intel chips, and we’re prepared to do the same with this transition. Stay tuned for more details.
Takeaway: Keep an eye on this transition and make sure you account for it in your hardware refresh strategy. We expect Apple will release more information as we get closer to the launch of the first Apple silicon-powered Mac this fall.
macOS had perhaps the biggest week with the unveiling of Big Sur and a major leap forward to version 11, leaving behind the “OS X” branding that it has carried since 2001.
Beyond the name change, macOS Big Sur delivers a number of significant changes. End users will love the addition of Control Center, bringing the Mac experience in line with iOS and iPadOS. Notifications Center is also getting a polish, again making for an improved user experience.
Delivering on our commitment, Jamf will help you prepare for and deploy macOS Big Sur the same day that Apple makes it available.
iOS 14, iPadOS 14 and tvOS 14 were also announced and include a number of new and improved experiences, from Messages to app management and more.
Takeaway: OS upgrade season is back! If you are a seasoned pro, this year should be just like any other. If this is your first time through, check out our Apple OS Upgrades Guide for help putting together a successful OS upgrade strategy ahead of releases this fall.
In addition to new operating systems, we saw brand new MDM commands this week, too. The ability to set specific Managed Apps on iOS and iPadOS as “non-removable” provides you with a better way to ensure consistency across your devices. Admins will love the ability to target important corporate apps while end users will enjoy the freedom to remove apps at will as long as they are not required by IT.
Also, the ability to set a default time zone for new devices is a great addition, especially with so many people working and learning remotely.
Auto Advance for Mac
Speaking of setup, Mac is getting a helpful feature that allows admins to automatically advance through the setup process, bringing users to the login screen faster than ever while ensuring that the device is provisioned and managed according to your organization’s needs. This is great for admins who oversee lab environments where the setup screens add little value or for teams that want the fastest device setup process possible.
Jamf also plans to support auto advance in lockstep with Apple. So, whether you want your users to go through a custom enrollment or through a simple setup, Jamf will support you.
Takeaway: Add setup screens or automatically skip them all: the choice is yours on macOS Big Sur.
UAMDM now grants Supervision
Supervision is a bit like a superpower for IT admins and is an incredibly useful tool to have on hand for day-to-day management of Apple devices. Intended to give greater control over corporate- or institutionally-owned iPhones and iPads, Supervision unlocks configuration options and can restrict settings beyond what is usually available via MDM.
Beginning this fall, User Approved MDM (UAMDM) will grant Supervised status on Mac. There are a number of ways to enroll a Mac via User Approved MDM, meaning that Supervision is about to be a lot more accessible for admins looking to leverage more advanced management functionality.
Lights Out Management for Mac Pro
This feature allows you to designate a Mac Mini as a “LOM Controller” to remotely start/shut down/reboot rack-mounted Mac Pros. This is a great feature-add for large Mac Pro environments.
Takeaway: Lights Out Management helps you better manage large Mac Pro deployments.
Kext is (nearly) gone
Though kernel extensions (kexts) are used by many organizations and still allowed in macOS Big Sur, Apple has expressed that they are deprecated. Kexts first became a bit more cumbersome to enable in macOS Catalina and Big Sur will take it a step further. You can still use kexts if absolutely necessary but the computer will need to boot into Recovery mode and the user will need to set the security level to “Reduced” first.
Additionally, unlike with regular applications, a kext not built for Apple silicon will not be automatically rebuilt by Rosetta 2. Apple silicon-powered Macs will require purpose-built kexts.
See how Jamf embraced System Extensions in line with Apple’s recommendations, and we can help you make the transition as well.
Takeaway: Even though it is still a thing in Big Sur, kext is pretty much gone. Make sure you are moving away from kext ASAP in favor of System Extensions.
Security & Privacy Updates
Apple has made security and privacy core elements of its corporate ethos for decades but in recent years it has risen to a new level of visibility. Later this year, you will see a number of changes to hardware and software that support that push.
First, hardware serial numbers are changing to better protect end user privacy by making where and when a device was manufactured anonymous.
Second, new technology like automatic Wi-Fi MAC address randomization will help protect users on the go as they connect to Wi-Fi hotspots outside the office or home. DNS settings can also be encrypted via a new payload and VPN can be configured on a per-account basis, both helping protect a user’s privacy while on the corporate network or out and about.
Jamf will be prepared to handle both of these changes as soon as Apple enables them.
In Catalina, macOS implemented a number of protections to the operating system itself including moving the system files to a dedicated read-only boot volume. With Big Sur, Apple takes it a step further by cryptographically signing the boot volume.
A core tenant for privacy is that users are in control how they are monitored and tracked. With Big Sur, macOS introduces extensive insights into how a user is being tracked and a central place for users to decide as to what level of tracking any application may enable.
Takeaway: For more on how to fortify your security posture, check out our latest white paper, Filling the Gap: macOS Security.
WWDC is one of the most exciting times of year for the Apple community. Jamf’s global engineering organization is already hard at work getting ready to support many of Apple’s WWDC announcements later this year.