One of my favorite sessions from Apple’s Worldwide Developer Conference is the “What’s new with device management session”. It’s usually towards the end of the week, but it’s one that IT managers should always pay attention to. We aren’t getting the earth-shattering changes we did in years past, but that’s simply because a lot of the low hanging fruit has been picked. There are some notable changes coming in the fall updates, though. So here’s what’s new with device management in iOS 13, iPadOS 13, tvOS 13, and macOS Catalina.
About Making The Grade: Every Saturday, Bradley Chambers publishes a new article about Apple in education. He has been managing Apple devices in an education environment since 2009. Through his experience deploying and managing 100s of Macs and 100s of iPads, Bradley will highlight ways in which Apple’s products work at scale, stories from the trenches of IT management, and ways Apple could improve its products for students. BYOD users don’t want
How Desktop Class Browsing Affects Device Management in iPadOS 13
If your MDM solution requires the UserAgent in Safari being marked as “iPad” for enrollment, then you’ll want to make sure your vendor updates this as the iPad will start sending back “Mac” in iPadOS 13. This change is so that the iPad can take advantage of Desktop Class Browsing. If you’ll remember, I wrote back in 2018 that Mobile Safari was holding the iPad back, so it’s great to see this change.
Dual iCloud Accounts and Device Management in iOS 13
Again, something I wrote about last year was the need for dual iCloud accounts for BYOD and enterprise deployments. This fall, we will finally get that option. Apple made the case that IT departments don’t want even the option to see people’s personal data, but they need the ability to control enterprise data. For end-users, they want to be able to use personal information without worrying about IT departments seeing their personal email and notes.
This fall, Apple will introduce better support for separate iCloud accounts on iOS. Corporate installed apps (known as managed apps) will be controlled by IT, and unmanaged apps will be controlled by the end-user. Apps can either be unmanaged or managed (not both, with the excepting being Mail and Notes). With Notes, if it is created in a managed Apple ID, it’ll be under IT control. If it’s created in a personal iCloud account, it’ll be under control of the employee. I am looking forward to learning more about this, and it’s a huge change for device management under iOS 13 and iPadOS 13.
Apple Deployment Programs Ending in Favor of Apple School Manager and Apple Business Manager
As we reported in early May, Apple business and education customers using the Device Enrollment Program (DEP) or Volume Purchase Program (VPP) will need to upgrade to a new program no later than the end of November. This announcement was reinforced at WWDC. Both Apple School Manager and Apple Business Manager are fully supported on the shipping version of iOS on iPad.
Federated Authentication with Microsoft Azure Directory is coming to Apple Business Manager
As I reported on back in March, K–12 schools can sync ABM with Azure Active Directory
One of the key challenges for K–12 schools with Apple products is the management and deployment of an identification infrastructure. While Google has its solution with G-Suite, companies like Clever are also making a play to become a school’s centralized identity solution.
From all of the technical notes I’m reading on federated authentication, Apple has been working on this for some time. They’ve got solutions for dealing with conflicts as well as adding more than one Azure AD domain.
This fall, Federated Authentication is coming to ABM.
Custom Apps are Coming to Apple School Manager
Earlier this year custom apps, formerly known as B2B apps, have expanded to allow organizations to distribute to their own employees as well as other companies. This fall, custom apps are coming to Apple School Manager as well.
New Features in Apple School Manager and Apple Classroom for macOS, iOS, and tvOS
Teachers can now return students’ devices to the Home screen through Apple Classroom. On the tvOS side, IT managers get access to managed software updates, force automatic date and time, and content caching for screen savers. On macOS, Activation Lock can now be used in Catalina by MDM servers.
Wrap-up on Device Management in iOS 13, iPadOS 13, and macOS Catalina
“If this year’s WWDC taught us anything, it is that there has never been a better time to support Apple at scale. macOS Catalina and the brand new iPadOS are a duo unlike anything else in the market. With new security functionality like Activation Lock and the Read-Only System Volume, the Mac is hands down the best device for security-conscious organizations. iPadOS is perfectly positioned to power an altogether unique experience for users that want mobile productivity and multi-app support on the go. Jamf is excited to see Apple’s commitment to user privacy, organizational security and cross-platform support continue.” – Garrett Denney, product manager at Jamf
There are a lot of little changes coming to device management this fall, and I couldn’t be more excited. The trend I see coming here is parity across macOS, iOS, and tvOS as well. IT departments want to be able to manage all of their devices across one interface, and we’re finally there. The only thing left is watchOS.