WWDC 2021

20 juni 2021

This year’s Apple’s Word Wide Developer Conference (WWDC) is again completely virtual. During WWDC Apple traditionally announces the new versions of their different operating systems. This year iOS 15, iPadOS 15, macOS Montery and watchOS 8 are some of the new versions. With this post we like to give you a quick overview of the different new features that are important for Enterprises.

All sessions are available online, an overview is available here. We will discuss the new feature following the most important sessions for Enterprises. First of the KeyNote session is the traditional kick off, started by Tim Cook and hosted by Craig Federighi. This session together with the Platform State of the Union is were the most important new features are announced. After this we will discuss the following sessions: Meet declarative device managementWhat’s new in managing Apple devicesManage devices with Apple ConfiguratorDiscover account-driven User EnrollmentImprove MDM assignment of Apps and Books, and Deploy macOS Big Sur in your organization.

KeyNote and Platform State of the Union
The KeyNote and Platform State of the Union were packed with new announcements. Big new improvements for FaceTime with the option to create FaceTime session links and share it (Android and Windows can join the call using a browser). With the Shareplay feature in FaceTime it is now possible to share your device screen (could be useful for remote support). Another new nifty feature is Live Text. With Live Text it is possible to convert writing into editable text using the camera. You are for example able to make pictures of a whiteboard and copy the text in an e-mail. For Privacy Apple is introducing a new possibility for the Apple Mail App called Mail Privacy Protection, when it is enabled your IP address and location are hidden and not attainable with techniques like Trackin Pixels. Also Safari will hide your ip address and makes it more difficult to track you between sites. In Settings you can find the App Privacy Report, here you can find an overview of all your apps and privacy related behaviors, like accessing location or photos etc. In the Privacy section Apple announced privacy features that will be available for paying iCloud subscribers (from now on called iCloud+). With services like Private Relay which direct all traffic from you device through Apple Relay servers that will hide you Identity (even from Apple) and Hide my Email to create random email addresses you can use (for example for subscribing to a newsletter) that forwards traffic to your real email address.

What is new in Managing Apple devices
Apple announced a lot of new additions to iOS and iPadOS 15 this year. A great feature in iOS15 on Non-Supervised devices is that you can make one single app now required. Think about the MDM client app. This app will be installed on the device without user intervention. And installing the configurations and policy’s that are set via MDM. The VPN and device Management has been combined under the settings menu. You can also find the installed MDM Profile there.The copy/paste restriction between managed and unmanaged device is introduced, this will elevate the security between work and personal apps.  

MacOS Big Sur in your Organization
New additions have been brought to MacOS Big Sur. Very important announcement has been made to bring the Management of a mac via a MDM solution to a new dimension. Long awaited application removal and retire (re option has been brought to mac when the mac must be released from the MDM Management). Also, App configuration will be available for mac. The option to convert an unmanaged app to managed. And while we are talking about apps; With mac Silicon processor, an iOS app can now be distributed to a mac. There is no need to make changes to an iOS App to be mac ready.
Device Enrollment: While downloading the MDM profile manually, the MDM profile will be downloaded to the system preference (Same as iOS) and the user will be notified that a profile has been downloaded and ready for installation. Enrolling a device by downloading the profile manually can register the mac as a supervised device. When the downloaded profile is not installed, it takes approximately about 8 minutes, and the downloaded profile will be automatically deleted from the system preferences. You will be able to defer updates for a max of 90 days, you can set an amount of time that the user can cancel the update. After that the update will be force installed on the device, even if the mac is in use.

Apps and Books
Also, for Apps and Books (VPP) new features has been presented. You can now be notified (by Mail) about any change in adding apps, licenses, assignment type and purchase transfer and refunds in your organization.The synchronization process has been improved for license synchronization. The synchronization process is now much faster with thanks to the Asynchronous processing. Asynchronous processing enables various workflow processes to run at the same time.

Apple Configurator app
Apple has announced that there will be an Apple Configurator app for the iPhone by fall 2021 chased by an official authorized store. You can pre-configure the app on the iPhone with your MDM information. All you have to do after that is start the Mac (Out of the Box) and scan that Mac with the iPhone app. The WIFI connection will be shared which the iPhone is using and the automatic enrollment to your MDM will start.
After that you can login to the ABM and open the just added mac ‘Edit device management’ and change the management from configurator to your MDM. If the MDM profile is retired/deleted within 30 days, the mac will be released from your organization. This is available with the new MacOS Monterey Apple silicon or T2.

Declarative Device Management
As many of you know, MDM’s current model of management is that devices get configurations from the MDM solution. After that device and MDM are sharing info back and forth to get to the point they need. The challenge here is that the more devices you manage, the more devices and MDM need to communicate.  In order to improve this communication flow, Apple has given us a new mode called, Declarative device management.
Declarative will make the device do a lot more instead the MDM server. For example: Create an asset (containing your user’s information), create a configuration set, with a passcode, exchange config, certificate and a WiFi config. The device uses the asset to fill the configuration where possible, in this case the Exchange config, but this could also be used for example in a Certificate config.
Next to the above, the way the device is giving feedback over the actions it has performed to the MDM, is via the Status Channel. This is different from MDM asking for the feedback as it is now. Example here is that a MDM can subscribe to fetch the OS version. Upon upgrading the OS, the device knows it must tell the MDM server that a new version has been installed.

Account-driven User Enrollment
With iOS 15 around the corner, we see that Apple is trying to make it as easy as possible for the user and companies. Where User Enrollment (UE) first was initiated by the admin (that needed to enable UE), the user still had to download the client which is different per UEM solution.
With account-driven User Enrollment the option to enroll your device is available by default in the device settings. When going to this setting, an option will be available called “Sign in to Work or School Account”, and after going through this enrollment flow, your device is almost managed the same way as a “device enrollment”. The benefit however with User Enrollment is that the device is seen as a user-owned device and treated like that as well.  An admin for example, will not have the option to wipe a device, or see what applications have been installed, other than the applications provided/distributed via UEM.

So not only is Apple taking care of user owned device privacy, but also they’ve created a friendly way of enrolling the device.