Apple is rolling out a number of major device management updates as part of its Mac, iPhone and iPad operating systems this fall, aimed at saving time for IT administrators while enhancing security for sensitive data.
The updates in macOS Monterey, iOS 15 and iPadOS 15 are also targeted at assisting with specific use cases in certain customer verticals and improving user experience.
Among the key updates is a redesigned mobile device management protocol that aims to offer a big boost to performance and scalability for MDM.
The updates are arriving as Apple continues its push to win over more business customers, including by partnering with enterprise mobility solution providers such as Stratix.
Apple products from the iPhone to the iPad to the Mac have all been finding higher interest recently among Stratix’s customers, driving greater demand for services, according to Tony Glinski, director of Apple business at the Peachtree Corners, Ga.-based solution provider. “Apple is a growth engine for us—no doubt,” Glinski said in a recent interview with CRN US.
Apple has said that macOS Monterey, iOS 15 and iPadOS 15 will debut in the coming months.
Erase all content and settings
With macOS Monterey, Apple will be expanding its Erase All Content and Settings feature from the iPhone and iPad to the Mac. The feature provides the ability to return a Mac to factory state in just minutes—providing a major time savings for IT teams. The feature can also be utilized remotely.
Potential uses of the feature for businesses include in cases where an employee leaves and there is a desire to reallocate his or her Mac to another employee. In one scenario, when an employee is done with a Mac, an IT administrator can remotely hit a command to erase all content and settings—and the employee can then actually ship the device to the next employee who needs it, eliminating the need for IT to handle a device at all.
The Erase All Content and Settings feature will be available for devices running macOS Monterey with Apple silicon or an Apple T2 security chip.
Apple configurator for iPhone
While Macs purchased from a reseller will automatically enter into a customer’s Apple Business Manager account, there are cases where a company might need to obtain Macs in a different way—such as from a retail store to meet an unexpected sudden need. For those situations, Apple is launching a way to easily enroll those Macs manually with the new Apple Configurator for iPhone app.
The app allows an administrator to use an iPhone to scan an image in the Mac Setup Assistant on the newly purchased device (pictured above). The macOS device is then added to Apple Business Manager—enabling automatic enrollment of the device into an MDM system.
In iOS 15 and iPadOS 15, Apple is adding a new feature for controlling what can be copied between the work segment of a device and the personal segment of a device. The feature, Managed Pasteboard, restricts this pasting of content in accordance with rules set up by the organisation.
If a user tries to copy and paste something confidential and restricted, the action will be blocked and a message will appear that says “paste not allowed” (as well as a mention of the organisation’s name to help explain why the pasting has been blocked).
The Managed Pasteboard feature will not be turned on by default for organisations, meaning that IT administrators will have to intentionally deploy it if desired.
User enrollment updates
Back in iOS 13.1, Apple launched its User Enrollment offering to allow corporate workers to easily keep their personal data and business data separate on their iPhone. It allows users to have two separate IDs on a single device, which are walled off from each other—and the organisation can only manage the side of the device that’s under the user’s corporate identity.
Apple is now adding two new features for User Enrollment, the first of which is an improved experience for enrolling into MDM. With the update, users simply have to go into settings and sign in with their work password. This means that a new profile doesn’t need to be installed and verified.
The second new feature is support for a separate iCloud Drive account, with the user’s Managed Apple ID now able to access an instance of iCloud Drive that belongs to the organisation. This means, for instance, that in the Files app, users can have a personal iCloud Drive backed by their personal Apple ID and a work iCloud Drive instance backed by their work Apple ID.
Apple is also launching a major enhancement to its protocol for device management, with its new Declarative Management update in iOS 15 and iPadOS 15. Declarative Management rearchitects the MDM protocol to improve performance and scalability.
Instead of delivering one command that a device needs to execute at a time, Declarative Management allows a “declaration” to be pushed down—for instance, telling a device to install a certain number of apps and configure certain accounts and settings. With this approach, the device is able to execute all of these commands itself without having to check back into the MDM server each time. That will lead to greater performance improvement for MDM vendors and a reduction in server load.
Looking ahead, Apple also sees the opportunity to build additional features on the new protocol. One potential capability is called “activations,” which could instruct a device to automatically carry out a certain process when a user installs a certain app, for instance. While not available in iOS 15, features such as this could be built on top of the new protocol in the future.
Deferring software updates
To help ensure that users aren’t interrupted in the middle of work, Apple has launched a capability for deferring software updates in iOS 11.3 or later, macOS 10.13 and iPadOS 13.1 or later. With this capability, IT administrators can allow users to defer a device update for up to a certain amount of time—for instance, for one or two weeks. That way, IT can be assured that the update will be installed but workers have the option to defer it until a convenient time.
Improvements to shared iPad
Apple has also debuted a new feature, available in iPadOS 14.5 or later, aimed at businesses such as retail and health care that use iPads that are shared by customers/patients or staff.
organisations now have the option for shared iPads to solely run temporary sessions. In the past, temporary sessions were an option, but some organisations have requested the ability to exclusively run temporary sessions on shared iPads. This means that when this capability is configured, employees never have to log in to the device, and will only see the Temporary Session option on the sign-in screen.