From doubling down on privacy to tighter integration with the ecosystem, Apple announced major updates across its product line-up in its landmark WWDC 2024. Although debuting Apple Intelligence and introduction of Genmojis have rightfully made the headlines, today we’ll bring you up to speed on Apple’s announcements on device management and what it has in store for Apple admins.
Declarative device management takes center stage
Apple stepped up its MDM capabilities when it introduced declarative device management (DDM) in 2022. Ever since, declarative management has grown in popularity, becoming a feature at the WWDC 2023. DDM basically means that MDM servers no longer have to continuously sync with managed devices to apply the desired settings such as installing an app or configuring a policy. Any Apple device can autonomously manage policy enforcements and report its real-time status to the MDM server without constant polling. It is a welcome change to admins who previously lacked real-time visibility and faced scalability issues, especially when it came to managing larger enterprises. This year, Apple announced several capabilities through DDM, making their devices more autonomous and proactive.
Update management receives granular control
Apple announced improvements in software update management, promising to deliver software updates, commands and queries for iOS 18, iPadOS 18, and macOS completely through declarative device management instead of MDM profiles. Devices can act autonomously–like retrying updates in case of failure due to insufficient storage, low battery, and post the real-time information back to the MDM server. On paper, Apple claims that this update management is more secure, reliable and transparent.
Apple OS beta updates can be managed with MDM
Managing Apple’s beta updates would become less cumbersome, again thanks to DDM. Previously, technicians were required to sign in to the test devices to utilize Apple’s beta updates. With the latest advancement, IT admins should be able to use an MDM tool to remotely enroll the test devices into beta programs without requiring a mandatory Apple ID sign-in. This would also enable automating beta enrollment where an update can be applied to a test device during the first boot up.
Customize and manage extensions
Organizations might require end users to enable or disable particular extensions to secure and streamline the browser experience. Starting from macOS Sequoia and iOS/PadOS 18, admins can manage Safari extensions, from allow-listing and controlling extension behavior (always on/off) to configuring access to webpages. Could this motivate organizations to consider Safari as an enterprise browser over the more popular Chrome? We’ll have to wait and watch.
Improved service configurations
Last year, Apple introduced capabilities for MDMs to automate configurations for Mac services like SSH and Apache. This year, Apple admins are able to install scripts, executables, and remote configurations for launchd files in macOS Sequoia machines. The configuration is installed in a secure path and will be tamper-proof by design. This enables admins to provision essential services such as anti-virus software with the necessary launch configurations that cannot be altered or tampered with.
Lock and hide apps
Apple devices, starting from iOS/iPadOS 18, now allow users to hide and lock apps from their home screen and app drawers respectively. It’s only a matter of time until admins can seamlessly control the hiding and locking of apps on managed devices apart from leveraging enterprise APIs.
Hassle-free Activation lock
You can now turn off Activation lock from Apple Business Manager (ABM) without having to reach out to Apple Support. Previously when devices were (even accidentally) locked out with activation lock, admins had to contact apple support which was painstaking and time-consuming rendering many devices unusable for a significant amount of time. Not any more.
Manage multiple Apple IDs
Apple admins can streamline provisioning of Managed Apple IDs used by employees to ensure Apple IDs created under the company domain are managed by default. Apple also provides options for users to transfer any personal Apple IDs created with a company domain email address and move them to the scope of supervised devices.
Other noteworthy takeaways
-
You can enroll Vision Pro and Watch devices automatically in MDM via ABM.
-
Enhancements in Platform SSO.
-
Dedicated app for passwords.
-
Apple Virtual Machines gets iCloud integration and the Erase All Content and Settings feature.
-
Admins can configure 5G private cellular networks (up to 5 eSIMs) which are increasingly gaining popularity.
Our favorite updates
-
The end of proofreading tools? Apple Intelligence can now proofread, summarize, and rewrite your content.
-
Make your pictures pop with custom emojis and an object remover.
-
It figures. iPadOS gets a native calculator app.
-
Go native with productivity boosts. macOS 18 requires no third-party split-screen apps.
-
You’ve got cash stashed with Apple’s new Tap to Cash.
About ManageEngine Endpoint Central
Endpoint Central is a Unified Endpoint Management solution that manages and secures today’s digital workplace across diverse device types and OSs. It offers end-to-end device life cycle management, consolidated with security capabilities like attack surface management, threat detection and response, and compliance. Robust remote troubleshooting, self-service capabilities, and proactive analytics help reduce downtime and improve the overall end-user experience. Available both on-premises and as a SaaS solution, Endpoint Central is used by more than 25,000 enterprises globally, fitting perfectly into their existing IT infrastructures and enabling interoperability.
