WWDC25: key takeaways for commercial organizations

Apple’s Worldwide Developers Conference (WWDC) showcases exciting features coming later this year. For commercial organizations, this often means changes and improvements to their mobile device management (MDM) and security strategies. This year’s announcements are impactful, bringing new controls, deeper identity integration, and simplified workflows that reduce friction for IT teams.

“At Apple, we believe that great products should empower people. And that includes people in the workplace and the classroom.”
— Graham McLuhan, Device Management at Apple

This dedication shows up in their latest rounds of planned updates. Whether you're managing Macs, iPads, iPhones, Apple Watches or Apple Vision Pro devices, Apple is giving IT teams more power to configure, secure, and support their fleet, all while improving the end-user experience. In this blog, we’ll highlight those that are most impactful to commercial organizations.

Device Management

Safari Management

Safari will use new declarative configurations to manage bookmarks and the ability to set a default homepage. Declarative device management allows managed devices to proactively and autonomously apply management settings and report state changes to the MDM server asynchronously. This means the device communicates with the MDM server less, improving device performance and management updates.

These new configurations — available on devices with iOS 26, iPadOS 26, macOS 26 and visionOS 26 — will help organizations to further customize the browsing experience. When the new configurations release, organizations can:

• Configure bookmarks for Safari so users can easily access organization resources and websites.
• Have more flexibility to customize the browsing experience by defining what users see when opening a new window or tab in Safari.

Browser behavior is often one of the most visible and high-touch experiences for users. By allowing IT teams to declaratively manage bookmarks and homepage settings, Apple is giving organizations more tools to guide employees toward secure, sanctioned web resources. These controls will be especially valuable in regulated industries or environments with strict data access policies, where consistent web access behavior can support compliance efforts.

App preservation for Return to Service

Return to Service eliminates the need to manually guide an erased device through certain Setup Assistant screens that could previously not be skipped, including the screens for setting the language and region, and, critically, connecting to Wi-Fi. On iOS, iPadOS and visionOS 26, Return to Service will preserve the data of Managed Apps but remove all user data. This will help speed up the transition between users, especially helpful for retail and healthcare workers.

Along with preserving Managed App data, organizations can also fully remove any user workflow for reenrollment of the device.

Software updates

Later this year, Apple will bring declarative software device management to the Apple Vision Pro and Apple TV, meaning every Apple device can use declarations to send update commands to devices.

Apple Intelligence payloads for visionOS

Depending on an organization’s internal policies or security requirements, they may want to restrict user access to Apple Intelligence features. Since its availability with macOS 15, iOS 18 or iPadOS 18, organizations can enable or disable Apple Intelligence via their MDM solution. Those same capabilities will now be expanded to Apple Vision Pro with visionOS 26.

With Apple Intelligence rolling out across macOS, iOS, iPadOS—and now visionOS—IT leaders will need a plan for managing access to powerful AI features. While MDM controls provide technical enforcement, organizations can also benefit from a policy and governance strategy. This is an area where Jamf can help bridge device management with broader security and compliance goals.

App Management

Declarative app management

Organizations can get more control over app management to define installation and update behavior on a per-app basis. This is available for devices running iOS, iPadOS or visionOS 26. Organizations can now:

• Enforce, disable and set automatic updates of App Store apps to follow user preferences

• Install App Store apps with, and pin them to, a specific version, allowing for a more controlled release management process
• Provide additional transparency about installed apps within existing status reports, now also containing update progress
• Organizations can restrict app downloads over cellular networks (iOS and iPadOS only)

Declarative app management on Mac

Declarative device management will be able to be used with macOS 26 to deploy App Store apps, Custom Apps and packages (.pkg files). Organizations can:

• Install an app or package as required or optional
• Configure automatic updates of App Store apps and install a specific version
• Use status reports with a device management service to receive automatic notifications about the status of an app and whether it deployed successfully
• Install apps with Declarative Device Management using the ManagedAppDistribution framework — now available on macOS

Apple continues to double down on Declarative Device Management (DDM), expanding it across macOS, visionOS and Apple TV. This evolution shifts MDM from reactive to proactive, putting more intelligence and autonomy directly on the device. For Jamf customers, this means faster updates, less server overhead and more scalable device operations. And organizations can begin preparing for this shift today.

Identity integrations

Platform Single Sign-On

Apple has announced a major evolution of Platform Single Sign-On (PSSO) in macOS Tahoe 26 with a new feature called “Simplified Setup for Platform SSO.” Prior to this year’s improvements, PSSO could only be set up and configured by the user after they have successfully created a local account on their Mac.

Simplified setup for PSSO flips that process on its head: customers can now set up Platform SSO as the very first required step of the Setup Manager experience on a device enrolling into MDM with Automatic Device Enrollment (ADE). This experience is fully integrated into macOS and requires MDM—making Jamf an essential part of the workflow for organizations looking to modernize their identity setup.

Apple Services

Apple just made MDM migration easier.

Apple announced an update to Apple Business Manager and Apple School Manager that allows organizations to migrate Apple devices to a new MDM without requiring a full device wipe. This change removes one of the last technical barriers to consolidating and modernizing device management at scale.

Historically, switching MDMs meant risk: device downtime, manual steps, or reenrollment workarounds. Now, that friction is gone.

What’s new

• Devices can be reenrolled into a new MDM without a full erase
• Admins can enforce reenrollment with configurable deadlines
• iPhone and iPad apps and data can be preserved during migration

This update is especially valuable for enterprises that are:

• Moving from legacy or on-premises MDM tools to modern cloud platforms
• Consolidating tools across business units or geographies
• Looking to standardize on a single Apple-first management and security solution
• Transitioning from point tools to an integrated platform that delivers compliance, control, and a better user experience

Limit device sign-in to only Managed Apple Accounts

Organizations can now set specific requirements for which Apple Account — personal or a Managed Apple Account — can access organizationally owned devices. Companies can require Managed Apple Accounts for access to organization-owned devices and resources.

Apple Business Manager APIs

Apple Business Manager administrators can create API accounts that apps can use to access data or perform device management tasks, like integrating with asset systems.

Apple continues to raise the bar for what enterprise IT can expect from a modern device platform. Secure by design, identity-aware, and easier to manage at scale. Whether you're supporting knowledge workers, frontline employees, or shared device fleets, this year’s WWDC announcements offer new ways to simplify, secure, and scale your Apple environment.

At Jamf, we’re already working to bring these innovations into your hands, through beta testing, smart implementation guidance, and a platform that helps you go beyond basic management and security.

If you’d like help planning your strategy around these updates, get in touch with our team.