The features Apple announced at WWDC this year – including iOS 13, new iPadOS 13 (what?!), macOS Catalina, watchOS 6, and others – encompass some of the biggest changes we’ve seen in managing Apple devices in many years. Of course, there will be additional details shared as Apple gets closer to releasing these updates, but below is a quick rundown of what we learned from WWDC.
Apple is adding many new features to better support iOS and macOS in the enterprise. For example, a new data separation enrollment method called “User Enrollment” is aimed squarely at BYOD scenarios. It enables organizations to maintain user privacy, while also ensuring protection of corporate data. Employees can enroll their iOS or macOS devices using a Managed Apple ID, which can be created in Apple Business Manager (ABM) or learned by ABM through an integration to Azure AD. When employees enroll with User Enrollment, they begin by browsing to a web page and entering their Managed Apple ID and password, after which a new Apple File System (APFS) is created locally on the device and dedicated entirely to business data. At the same time, a business-only iCloud account is also created. Admins can apply a limited set of restrictions to the managed work volume, and won’t be able to view personal apps or wipe the entire device. The key takeaway here is that User Enrollment allows an enterprise to manage only work data, while at the same time reassuring employees that their personal data remains confidential and private.
Managed Apple IDs for Business, first introduced to the enterprise last year, become more versatile with iOS 13. Now, Apple ID’s can provide access to new services with a business-only iCloud account, such as iCloud Drive and iCloud Notes. And, if your company wants to take advantage of the new User Enrollment feature, creating a Managed Apple ID is a prerequisite. Finally, Managed Apple IDs will all be granted automatic access to Appleseed for IT, giving those users the ability to access new software even before public betas begin, among other things.
With iOS 13, admins will be able to provide a whole new end-user experience when company-owned devices enroll using Automated Device Enrollment with ABM. Organizations can customize and brand a web page that will be displayed to employees as they are onboarded, and can easily display Terms of Service or Privacy Policies too. In addition, Device Enrollment with ABM will allow iOS 13 and macOS Catalina devices to authenticate using modern authentication through an Identity Provider (IdP), and will even support Multi-Factor Authentication (MFA).
And finally, it’s worth pointing out that iOS 13 will offer new restrictions that admins will be able to leverage for added security and manageability. I think you will find them to be self-explanatory.
- Allow Wi-Fi Power Modification (supervised)
- Allow Find My Friends (supervised)
- Allow Find My Device (supervised)
- Allow Device Sleep (tvOS)
- Allow Continuous Path Keyboard (supervised)
The iPad will have its own operating system, iPadOS. Will the MDM primitives (existing MDM commands) change with the new operating system? It doesn’t look that way, but I expect we’ll learn more between now and September. What we can say is that there are a few features that will be appealing to enterprise users, and at the same time perhaps a bit concerning to the admins that support them. Several new storage expansion options will be made available, including external USB and SD Cards, which some admins might want to disable due to concerns over potential data loss. In addition, the Apple Files app will now enable browsing beyond local storage and popular cloud storage services. As iPadOS gains access to data stored on SMB file servers, users will be able to take advantage of lower cost and more scalable storage options.
Another thing we learned about iPadOS is that it will allow users to extend their desktop workspace. For example, users will be able to have one app open on their Mac screen, and another app open on their iPad screen. So, they will be able to edit a presentation on their Mac, and at the same time view it in full screen on their iPad in slideshow mode to see how it will appear to their audience. I expect this feature will be very popular for enterprise users and consumers alike.
We’ve already discussed how iPadOS 13 will allow you to extend your Mac desktop, but how about extending your iPad apps to macOS? Undeniably, the biggest news for macOS is that the promise of Project Catalyst (formerly known as Marzipan) has finally been delivered, and iPad apps will now run on macOS. Also important to mention is that macOS Catalina system files will now run in a dedicated, read-only system volume that is completely separate from all other data. Why is this important? Because now nothing can overwrite your critical operating system files, which in turn provides extra peace of mind. And, for employees that bring their own computers to work, Apple is also planning on extending User Enrollment to macOS, so that work data will be completely separate from personal data, and will even reside on a separate APFS volume. Finally, don’t try to back up your iOS device to iTunes; starting with macOS 13, iTunes is no more (at least for macOS), and you’ll be using the Finder app (or iCloud) to back up and restore your devices.
Since we’re talking about peace of mind, let me tell you about another really interesting macOS Catalina feature called find offline devices. How would you like to be able to locate a missing Mac even when it’s not connected to Wi-Fi? Now you can do just that! This is made possible by using crowd-sourced location. When you flag your device as ‘missing,’ and another Apple user’s Mac is nearby, it can detect your Mac’s bluetooth signal and report its location to you. And to top it off, it’s completely anonymous and encrypted end-to-end. Everyone’s privacy is protected. I think this is perhaps my favorite new feature shared during the keynote! We’re not sure if this capability will be extended to UEM developers, but we do know that with macOS Catalina, Macs can now be supervised for the first time. And MobileIron will be able to manage Activation Lock, so that company-owned devices that have been wiped can be recovered by IT without the need for an employee to enter a personal Apple ID.
Another macOS 13 feature that will come in handy is the ability to restore from a snapshot. For example, if you have a third-party software that you find to be incompatible with an update you’ve just installed, you can easily restore to a snapshot taken before the installation. In doing so, your macOS and your apps will perform just as they did prior to the update. This enables you to remain productive, and leave the troubleshooting until a more convenient time.
Also worth mentioning is that Apple’s new Endpoint Security helps organizations to create their own endpoint security software. How? Endpoint Security clients monitor system events and potentially malicious activity. Clients registered with Endpoint Security can authorize pending events, or receive notifications of events that have already occurred, such as process executions, mounting file systems, forking processes, and raising signals. Enterprises will be able to develop their own system extension with Endpoint Security and package it in an app that uses the SystemExtensions framework to install and upgrade the driver on the user’s Mac.
New Apple watchOS 6 will support standalone Apps and access to the Apple App Store. However, it seems like Apple Watch is still not going completely iPhone-free, and the wait will continue for MDM controls on the Apple Watch. As a security feature, MobileIron can restrict pairing between an Apple Watch and an iPhone today. Looking ahead, as Apple Watch becomes more of an autonomous device without the need to connect to an iPhone, perhaps we can expect Apple to unveil more controls aimed specifically at watchOS one day.
Well, there you have it. Thanks for making time to read thru our summary of some of the new capabilities introduced during WWDC 2019. We hope you found this brief recap to be helpful. We’ll also be providing additional “deeper dive”analysis as we get closer to Apple’s official launch date. Also, be sure to check out the iOS 13 analysis podcast hosted by our very own Russ Mohr, Jack Madden from BrianMadden.com and Aaron Freimark, CEO of our ecosystem partner, Ground Control. Always entertaining!
New features available with iOS 13,
Apple Configurator 2.10 Beta Release Notes
New features available with iPadOS
New features available with macOS Catalina
What's New for Enterprise and Education 2019
watchOS 6 preview