Weekly highlight:
What’s new in Apple platform deployment Deployment and mobile device management (MDM) introduce new features for iPhone, iPad, Mac, and Apple TV devices. These updates, detailed below, include the following operating systems:
You can participate in testing these features using beta versions of the operating systems by signing up for AppleSeed for IT. For more information see the AppleSeed for IT website. For additional details about the features below, see the What’s New for Education and Enterprise WWDC23 documentation on the AppleSeed for IT website. For more information, see the WWDC23 video What’s new in managing Apple devices. Account-driven Device EnrollmentAccount-driven Device Enrollment will make it easier for users to enroll their organization-owned iPhone, iPad, and Mac devices into management using their work account. The resulting enrollment is similar to profile-based Device Enrollment, but separates work and personal content. In macOS, it also enables supervision. watchOS managementApple Watch can be enrolled and managed by MDM when paired to a supervised iPhone, allowing organizations to create solutions that improve productivity, support wellness, and provide additional safety to their employees. Enrollment requires a declarative configuration on the iPhone and enables the use of configuration profiles, app management, MDM commands, and declarations. Setup Assistant enforcementsTo help ensure their requirements are met before a device is put into production, organizations using Automated Device Enrollment can require devices to have a minimum operating system version prior enrollment. On macOS, they can also enforce FileVault in Setup Assistant and require a user to enroll the Mac into management when registered in Apple School Manager or Apple Business Manager. Managed Apple ID updatesAdditional iCloud and Continuity services are enabled for Managed Apple IDs. This includes support for iCloud Keychain and Apple Wallet. New access management controls allow organizations to restrict access to specific services and define which management state a device should be in when a user signs in with their Managed Apple ID. Passkeys at workWith the addition of iCloud Keychain and access management to Managed Apple IDs, organizations can securely deploy and enable password-less authentication for their internal services with passkeys. Custom identity provider support for federationTo allow even more organizations to automatically create Managed Apple IDs, integration is supported with public and in-house identity providers supporting OpenID Connect, SCIM, and the OpenID Shared Signals and Events Framework. Platform single sign-in (SSO) updates for macOSWith additions to platform SSO, developers can extend their SSO extension to create local user accounts on a shared Mac using credentials from an organizational’s Identity Provider (IdP). In addition, permissions and group membership of those users can be managed with MDM. This also extends to users managed by the IdP who don’t have a local account for use at authorization prompts. Declarative device management updatesSoftware update management is added to declarative device management and provides new options for when and how an update should be enforced, including increased transparency to the user. New declarations also enable management of service configuration files for third-party—and the built-in system services on macOS— To make the transition even easier and more seamless, an MDM solution can migrate an already deployed configuration profile into a declarative legacy configuration without the need for redeployment and potential user disruption. Managed Device Attestation for macOSManaged Device Attestation is available on macOS and provides strong assurances about the security posture and properties of a device. 802.1X for Ethernet on iPhone, iPad, and Apple TViPhone, iPad, and Apple TV support the configuration of 802.1X for Ethernet to connect to restricted networks that require authentication. Private 5G and LTE networksiOS 17 and iPadOS 17 now support Private 5G and LTE networks. Administrators can automatically activate private SIMs when an iPhone enters a geofence and allows administrators to prioritize Cellular over Wi-Fi for these networks. 5G Network Slicing5G Network Slicing allows mobile network operators to customize traffic through a 5G Standalone network with specific quality of service requirements for network latency, throughput, and packet loss. In addition, managed apps can be assigned to a 5G network slice provided by supporting carriers. This can be used to provide specific quality of service parameters to the app when using one of the following models:
Network relays in iOS, iPadOS, macOS, and tvOSA new built-in relay can be used to secure traffic using an HTTP/3 or HTTP/2 tunnel as an alternative to VPN. The configuration is domain-based and can be applied to managed apps, domains, or the entire device.
WWDC 2023 sessions to watch
You can participate in testing these features using beta versions of the operating systems by signing up for AppleSeed for IT. For more information see the AppleSeed for IT website. For additional details about the features below, see the What’s New for Education and Enterprise WWDC23 documentation on the AppleSeed for IT website. For more information, see the WWDC23 video What’s new in managing Apple devices. Press release articles:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Comments
Post a Comment