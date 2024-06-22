Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

WWDC has come and gone, and we now focus on a summer of unstable beta device usage as we prepare for Apple’s latest iOS, macOS, tvOS, watchOS, and visionOS updates. Of course, with new major versions of Apple’s software come the latest updates to Apple device management. If you manage Apple devices at work, here’s a rundown of what to expect this fall.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.

Changes to Activation Lock

In my opinion, one of the biggest enhancements this year comes to Apple’s Activation Lock. Activation Lock is one of Apple’s major theft deterrents for devices, ensuring that when a device is marked as lost—whether through Find My, iCloud.com, or by an IT administrator via device management—a password or key is required before it can be used again.

However, problems arise when a device is returned without disabling Activation Lock or if MDM fails to remove it. Even if the device has been erased, it can’t be activated, leaving the IT unable to use it or sell it until the lock is lifted.

Previously, lifting this lock required assistance from Apple Support and proof of purchase of the devices. With the fall updates Apple Business Manager (or Apple School Manager), IT admins can turn off Activation Lock for organization-owned Mac, iPhone, iPad, Apple Watch, and Apple Vision Pro devices.

The best part is that Apple Business Manager can remove user- and device-based locks. On the Mac, this functionality extends even if Activation Lock was enabled by a user using a personal Apple Account before the computer was enrolled into MDM.

Vision Pro gains zero-touch deployment

Apple is continuing its focus on making the Apple Vision Pro IT-friendly. This fall, Apple Vision Pro will be able to enroll automatically in MDM via Automated Device Enrollment through Apple Business Manager (or Apple School Manager), just like Mac, iPhone, iPad, and Apple TV. visionOS 2.0 will also bring many of the MDM functionality that are already available on iOS and iPadOS.

Platform SSO enhancements

Apple announced that macOS 15 will expand the Platform Single Sign-On functionality to require Identity Provider authentication across FileVault, the Lock Screen, and the login window. This enhancement includes new policy options for configuring Touch ID or Apple Watch to unlock the screen, ensuring a streamlined user experience while having strong security standards.

Managed Apple Accounts

Apple has introduced a new domain capture and account transfer feature to help organizations manage accounts using their domain emails – now called Managed Apple Accounts. If an end-user has created a personal Apple ID with their organization’s email (e.g., @school.edu or @business.com), Apple offers a path for users to retain their personal Apple ID while enabling the organization to capture the email for use as a Managed Apple Account.

Another significant change on the horizon, thanks to Declarative Device Management, is improved management of beta testing programs for new Apple operating systems. Previously, admins had required extensive manual intervention to enroll users in these programs. DDM aims to streamline this process, allowing IT teams to remotely enroll devices into different beta programs, implement phased rollouts, control the versions of beta software installed on supervised devices, and gain better visibility into what’s installed on their managed devices. Additionally, devices can be added to a beta program using an organization token, eliminating the need for users to sign in with an Apple ID of any sort.

Managing local network drives and external hard drives

In macOS 15, an important restriction has been reintroduced for managing local network drives and external hard drives. IT admins can now control whether these drives can connect to their devices and limit them to read-only access.

Safari extension management

Safari extensions have been around for a number of years, but IT admins are now gaining control over how they work on managed devices. You’ll be able to control which extensions are allowed, whether they’re always on, and which websites they can work on. End users will be informed if their IT team has turned on extensions.

iPadOS and the Calculator app

While this only likely affects education customers, the calculator app from iOS is finally coming to the iPad with iPadOS 18 with some great features like Math Notes, which allows you to write or type out equations on a screen and where problems are instantly solved. For IT admins, they can manage the use of Math Notes on their devices.

Wrap up

Overall, it’s a year of solid additions from Apple for IT teams. There are a lot of new additions that will continue to make Apple one of the best partners for IT admins when selecting devices that are easy to manage, but also secure and easy to use.

