1. Plattform SSO directly in the Setup Assistant

Platform SSO will be available directly in the Setup Assistant in the future. Administrators can now store SSO mechanisms (IdP-based) during the initial setup.

  • Admins can now use the Platform SSO API to automatically create local accounts on shared Macs using credentials from the identity provider (e.g. Azure AD, Okta, Ping, etc.).
  • Rights and group memberships can be controlled via UEM.
  • NEW: Authenticated Guest Mode: Employees can log in as guests with their company login details (e.g. AD/IdP). After logging out, everything is removed locally.
  • Multi-user-enabled Macs can now be used easily and securely for the first time (which used to be rather tricky).
  • Return-to-service optimization: Devices can be restored and reprovisioned more quickly → ideal for shared device management.

What does that mean in practice?

  • Improved shared device use cases through secure single-user accounts (e.g. in logistics companies, hospitals, schools, banks)
  • Single sign-on from the first login → better user experience, fewer tickets
  • Central control of access data → facilitates device onboarding and offboarding, less administrative overhead

2. Apple Business / School Manager Updates

  • Private Apple IDs/accounts on company devices can be identified and blocked if necessary. This allows administrators to enforce the use of company accounts only on company devices.
  • Device inventory provides new fields: Activation Lock status, storage, cellular information, and new APIs for external reporting and process automation.

What does this mean in practice?

  • A powerful update that brings ABM significantly closer to the reality of business.

3. Device Management Updates

Software update control:

Apple continues to make it clear: DDM is the future. Declarative Device Management allows devices to respond independently to status changes:

  • UEM-based control is completely replaced by the DDM model.
  • Update deferral and deadlines become granularly controllable.
  • Update control → clear rules for update deferrals and deadlines.
  • Improved control of app updates (version pinning, mobile restrictions).
  • Identities & Certificates → more flexible deployment (ACME, SCEP, PKCS#12)

What does that mean for administrators?

  • Less dependence on the UEM server.
  • Response times become shorter and management smarter.
  • Centralized control becomes more granular → greater security + user experience.

4. Device Enrollment:

  • Automated Device Enrollment now supports Apple Vision Pro.
  • Discovery URL via MDM available → Account-driven enrollment now easier.
  • The enrollment process starts directly from Settings (iPhone/iPad) or System Settings (Mac).
  • Enrollment SSO reduces annoying multiple logins – the entire enrollment process is much smoother and more convenient.
  • Particularly exciting: You can clearly separate work and personal content. On the Mac, supervision is activated – giving IT full control.
  • Apple Intelligence Controls: More control options for security and privacy.

What does that mean for administrators?

  • Less friction in the enrollment process.
  • Greater security and clear separation of private and professional use.
  • Now also significantly more usable for COPE (Corporate Owned, Personally Enabled) scenarios.

Conclusion: Apple moves fast – and so do we 🚀

WWDC 2025 showed that Apple is making further progress in device management. Admins benefit from better APIs, greater transparency, and granular control options.

However, whenever hybrid fleets need to be managed, things get complex. That’s where we come in. We have an overview of Apple, Android, and Windows devices: we know all the tools and updates – and provide comprehensive, independent advice.

Contact us now

Lachende Mitarbeiter beim Device Management