Up next in our post WWDC instalments, we’ll take you on a deep dive with recently announced features for macOS 13 (Ventura), iOS 16 and iPadOS16. Here’s what’s new in Device Management.
Managed Software Updates
Apple has made several improvements to managing software updates in macOS Ventura via MDM command.
In previous Operating Systems, when a computer is on Power Nap mode or asleep, all OS update commands would return a “NotNow” response and won’t run commands until the computer is awake. Now in macOS Ventura, when a computer is on Power Nap mode or asleep, it will respond to the ScheduleOSUpdate, OSUpdateStatus and AvailableOSUpdate commands. Being able to run the OS update commands while in Power Nap mode or asleep saves users time because the machine can now run the update overnight whilst not in use. Thus, improving the user experience.
The ScheduleOSUpdate now has a new key called “Priority” which can be set as a High or Low string value. If a high priority is set, it will mimic a user request in the Software Update System Preferences Pane. Note that the Priority key is only supported for minor OS updates.
In macOS 12.3, Apple has added more log visibility and reporting to the OSUpdateStatus Command such as how many deferrals remain to update (DeferralsRemain), how many max deferrals the user can defer the software update notification (MaxDeferrals), next scheduled date for installation attempt (NextScheduledInstall) and the exact dates and times of user notifications. (PastNotifications).
Rapid Security Response allows the machine to automatically receive and install any critical security updates or fixes. It does not require modifying the firmware meaning the user doesn’t need to reboot their machine to receive the security update. User devices will get security updates without any downtime whilst being protected from any Common Vulnerabilities and Exposures (CVE).
For more information on Rapid Security Response, please look out for our next blog post on WWDC Security Updates.
Apple Configurator for iPhone Changes
Apple Configurator for iPhone was first introduced last year in WWDC21. It allows admins to add any Apple Silicon or T2 Macs into your organisation in Apple Business Manager (ABM) or Apple School Manager (ASM) so it can enrol into your organisation’s MDM via Automated Device Enrolment.
In WWDC22, Apple extended Configurator for iPhone so that it can now also add iPhonesand iPads. The process to add iPhones and iPads with Apple Configurator works the same as adding a macOS device. When the iPhone or iPad is in Setup assistant, the admin just needs to hold an iPhone running Apple Configurator over the animation. The iPhone or iPad will then connect to the internet and add itself to your organization.
Adding your iPhone or iPad into your organisation with Apple Configurator for iPhone is a great new alternative to add devices into your ABM or ASM as it doesn’t require you to connect the device via USB to a Mac with Apple configurator for Mac.
In previous Operating Systems, a Mac device would skip automatic enrolment during activation if it was not connected to the internet during Setup Assistant (usually without knowledge by the user). This would prevent the device from being managed and break zero-touch deployment workflows, causing headaches for users and IT Support teams. With macOS Ventura, T2 or Apple Silicon Mac devices in your organisation’s ABM or ASM will require an internet connection for Setup Assistant after erasing or restoring, ensuring that devices are correctly managed via Automated Device Enrolment (ADE).
Sign In with Apple Support with Managed Apple IDs
Apple first introduced “Sign in with Apple” at WWDC19. This allows user to sign into websites or apps using their Apple ID instead of using an email address to create an account. In this year’s WWDC, Apple extended their support to Managed Apple IDs.
IT Administrators can manage what apps and websites the user can use the “Sign in with Apple” feature and provide access restrictions based on users, groups, or roles within an organization in ABM or ASM.
This will allow users a simpler way to sign into their business or education apps and websites with their Managed Apple IDs, without creating a user account.
Shared iPad Management Updates
Shared iPads has added a new command called ManagedAppleIDDefaultDomains. Once set up and a user starts to type in their Managed Apple ID, the new command allows the shared iPad to auto suggest your company’s domain name using the QuickType keyboard. This will save the user a lot of time and avoid them from misspelling their Apple ID domain when signing into the shared iPad.
Migration Assistant Changes
Migration Assistant is an app where the user can copy files, apps, and settings from an old Mac to their new Mac. In the past Migration Assistant posed issues for users when migrating Macs into their business environment as it would break the enrolment and lose connection to the MDM server.
Apple has announced changes to Migration Assistant that allow for lossless MDM connection as well as the need for no hard drive back up meaning users can easily transfer their files, apps, and settings within Migration Assistant.
With zero touch deployment, users can set up their machines anywhere without any assistance from the IT Administrator – and in a rapidly changing modern workplace, this is key.
Without a doubt, every year Apple continues to improve the MDM framework with new features to ensure that IT admins and users have a better experience when setting up and managing their devices. It is an exciting time to be part of all that’s new from Apple.
Aaron Alquillera, Senior Systems Engineer, Mac Centre.
For more information or to enquire about a demo. Contact us today.