The September Apple Event is one of the most important events for any IT admin because it is preceded by the Apple Worldwide Developers Conference. It witnesses the release of new hardware like the iPhone and, more importantly for enterprises, the release of the latest versions of its operating systems—iOS 15, iPadOS 15, and tvOS 15 were announced. iOS and iPadOS updates rolled out on September 20, while the new macOS will roll out later this year.
The latest OSs offer significant improvements to security and management features. Let’s take a detailed look at what’s new, what these changes mean to your organization, and if your organization is update-ready.
What’s new in the Apple ecosystem?
Apple is trying to reimagine the way device management is performed by introducing declarative device management (DDM) in all its platforms. While iOS and iPadOS have a number of new features and upgrades, tvOS does not have any significant changes in terms of device management.
Declarative device management
In the current agent-server model, devices obtain instructions from the server to perform any action. With the introduction of DDM, devices become proactive. DDM improves scalability and makes device management faster and more efficient, because devices start taking remedial actions and report statuses to the server. This type of management is new and does not replace the current model, but instead complements it. We are closely observing how these updates affect the management of devices and what capabilities will be enhanced in future updates.
Updates to iOS and iPadOS
Restrict sharing data through copy and paste
The latest versions of iOS and iPadOS offer a highly requested feature. Admins can now choose if data can be transferred between managed and unmanaged apps using the clipboard. This complements the present set of restrictions like control over data sharing through AirDrop.
Restrict iCloud Private Relay
iCloud Private Relay is a new VPN-like feature that Apple released for it’s iCloud Plus subscribers for enhanced tracking protection. It masks IP address and Safari browsing activity of users. Since this feature may help in bypassing the web filtering set up by organizations to block unsafe websites, Apple is also providing a feature to restrict iCloud Private Relay on supervised devices.
Guest User mode in shared iPads
This is an upgrade to the shared iPad feature released last year. Shared iPads now allow temporary sessions to be hosted on the device, eliminating the need for managed Apple IDs to use such devices. This is particularly helpful for frontline workers and shift workers who may not have a managed Apple ID. The Safari browsing history, app data and any configuration changes made are removed when the session is terminated. When deployed in kiosks, this mode also has a helpful feature that logs out users automatically when left idle for a predefined time.
Security and privacy updates
A couple of new restrictions have been introduced to enhance the security and privacy of corporate data. These include preventing unpaired computers from booting iPhones or iPads in recovery mode and enforcing on-device translation and dictation. The former helps in preventing unauthorized reset of devices while the latter ensures that translation and dictation data are processed on the device and are not sent to Apple servers.
User Enrollment for BYOD
Apple had introduced User Enrollment for BYOD for better personal data privacy while using devices for work in it’s previous updates. The enrollment process has now been simplified: users just have to sign-in using corporate credentials to complete the enrollment.
The device management app can also be automatically installed as part of the enrollment process and prevented from being removed by the user. This is useful to ensure IT policy compliance on personal devices. Apple has also introduced containerization of corporate data on iCloud drive. Enterprises can now use Apple’s native cloud storage to save work files and content.
How to prepare your IT ecosystem for a mass update
While it is important to keep your network updated, it is recommended to proceed with caution since app or network compatibility may take a hit. Ensure that you follow these steps for a smooth upgrade:
Test deployment and functionality on all hardware: It is always recommended to try upgrading at least one device of each type to check for deployment errors. If the deployment works fine, then check if the devices are working as intended.
Test apps: Some apps may not be compatible with newer OS versions, especially legacy apps or custom apps built by the organization. It is recommended to collect a list of such apps and check for compatibility.
Plan deployment: Create a plan to upgrade devices in stages, and ensure that IT admins are available during the time of deployment for each stage. Note that iOS and iPadOS devices can skip OS updates for a certain period of time and this should also be taken into account while creating a plan.
Do ManageEngine’s endpoint management solutions support these updates?
ManageEngine is providing day-zero support for iOS 15, iPadOS 15, and tvOS 15. This means that the on-premises and cloud versions of ManageEngine’s endpoint management solutions can be used to manage updated devices hassle-free. New features that will be supported are: restrict sharing data through copy and paste, restrict iCloud Private Relay, apply security and privacy updates, allow Guest Users access on shared iPads. Support for these features is available in the on-premises version starting from build number 10.1.2109.1. Existing customers can update their build by contacting support. Support will soon be available in the cloud version as well.
ManageEngine can help ease management of endpoints—admins can automate endpoint-management-related tasks including onboarding, app management, content management, security management, OS update management and reporting from a unified console.
Manage your entire fleet of Apple devices with a free, 30-day trial!