Every year there is always plenty of buzz surrounding the operating system updates, new features, and products Apple will present at the Worldwide Developers Conference (WWDC). While users are most excited about new hardware and features, IT departments are more focused on changes that impact device management. And there were quite a few such changes again in 2023 that will contribute to greater security and a better user experience, and help reduce the burden on IT in many areas.
Our blog presents the most important trends from WWDC 2023.
Declarative Device Management is developing into the device management method of the future.
As early as 2021, Declarative Device Management was announced as a new method of managing devices that was supposed to be much faster and more reliable than traditional device management.
The method involves enabling devices to respond to changes in state in real time and apply configurations according to a corresponding logic – without having to wait to hear back from the server.
Despite its tremendous potential, very few customers actually use Declarative Device Management – a key reason also being that not all UEM providers support it. But all this is changing now: More and more UEM providers are implementing Declarative Device Management in their solutions and making the advantages available to enterprises.
We welcome this development: After all, as Declarative Device Management continues to evolve, it not only maps more of the features conventional management offers. It also delivers more options that present considerable added value for IT administrators. For instance, Apple has announced that IT teams will be able to control when and how to force an update in the future.
New options for Managed Apple IDs will enable many new use cases.
Thanks to new updates, it will be possible to implement significantly more use cases with the help of Managed Apple IDs in the future than ever before. Among other things, this is due to two key changes:
- Going forward, iCloud support will also apply to apps such as Continuity, Keychain, and Wallet. Employees who are logged in on different devices with a Managed Apple ID can then access their passwords or similar information across multiple devices and seamlessly continue their work processes. This improves the user experience, and the implementation can be handled effectively thanks to new management options. Administrators can control access to specific services and enable passwordless authentication for internal services.
- The introduction of account-based device enrollment means that employees can enroll their enterprise device in the UEM system using the Managed Apple ID without having to manually download and install a profile. They can launch the process via Settings on the iPhone and iPad, and via System Settings on the Mac. The method works in a similar way to profile-based device enrollment, but it clearly separates professional and personal data.
It will be easier for people to share Macs and iPads.
In some cases, offering different users the ability to share a single device can be an advantage – e.g., in shift operations. This is only now becoming a viable option on Mac devices and has been greatly improved on iPads:
- The option to share a Mac was not readily available until now because there was no native API that UEM providers could use. In macOS 14, it will soon be possible to create local accounts on a shared Mac that can use an Identity Provider’s credentials – thanks to an SSO API platform extension. User permissions and group memberships can be managed via a UEM system – provided the system supports bootstrap tokens.
- iPadOS 17 optimizes the “Shared iPad” feature, which has already allowed iPad sharing for some time. iPads that are “supervised” can be instructed to use the language and local system settings in the login process for all new users, making initial logins much easier and ensuring devices are ready to use much faster. It is also possible to delay a device’s readiness for use until all relevant settings and applications have reached the device.
“Return to Service” feature will reduce the strain on IT teams.
If a device is repaired or transferred to a new user, there will now be an alternative to simply deleting company data and completely wiping the device. It’s called “Return to Service”, and it reduces the strain on IT teams while also ensuring security. The function deletes all security-relevant data from the device, while settings like Wi-Fi, the language, or region remain on the device. Depending on the configurations that are set up, this may also be possible with an eSIM.
iOS and iPadOS users will enjoy greater security and privacy.
In the future, companies using automatic device enrollment will be able to use the UEM system to define which minimum operating system version must be installed on a device. If a device does not meet the specifications, employees will need to update the version before proceeding with the setup.
However, administrators will have less influence on personal devices. Restrictions such as Allow Auto Unlock, Allow In App Purchases or Safari Allow Popups can now only be distributed to supervised devices.
Apple Watches can be managed – albeit with a few challenges at first.
Apple is introducing some management features for Apple Watches with its new watchOS 10 that will enable a number of beneficial use cases. Administrators can configure accounts, manage apps, create passcode requests, or set restrictions for Siri, apps, and screenshots, for instance. Examples include using the watch for scanning in the warehouse via NFC or for opening doors in the office via a certificate.
However, implementation is not yet ideal, because in certain constellations administrators are given options that are not in the interest of users. This is partly because Apple Watches still cannot be managed independently, and many watches are personal devices connected to a managed corporate iPhone. In these cases, if a company uses Declarative Device Management and an employee receives a new managed iPhone, their personal Apple Watch will also require supervision. However, this would allow IT departments to lock or reset the watch via the UEM system, and even retire the Apple Watch if the corresponding iPhone is retired. If consent for supervision is not granted, no connection will be established between the Apple Watch and the iPhone.
Despite these limitations, Apple has now created a framework for managing Apple Watches that opens up a wide array of new options. IT teams need to find ways to work around current challenges that may potentially be resolved via other means in the future.
Apple is creating entirely new possibilities for spatial computing with Apple Vision Pro.
In the hardware sector, the Apple Vision Pro, which Apple is using to enter the world of spatial computing, is making headlines this year: The glasses connect digital content with the real world and enable users to interact with each other in a whole new way and work via a three-dimensional surface. Continuity support allows a window to be dragged from the Mac into the room, for example, so that content is always in view.
As a result, Apple Vision Pro is already creating a number of new options, with even more certain to follow over the next few years, and can provide greater efficiency, accuracy, speed, and more effective, location-independent collaboration. It is also likely that there will be several new management options for this technology going forward.
In short, this year also holds plenty of exciting developments for businesses.
Discover more about them in our white paper or feel free to contact us. After all, arming yourself with information in advance truly pays off.