Back in June, Apple announced the release of iOS13, the latest version of iOS. Are you ready for Apple’s series of OS updates coming this fall? Citrix Endpoint Management (CEM) will be, with Day 0 support for the latest for iOS, macOS, tvOS, and iPadOS. CEM engineering has been extensively testing on beta versions of iOS 13 to ensure that when customers upgrade to the latest Apple OS, administrators can be confident that CEM will be ready.

Key Points to Remember

  • Since June, Apple has released six developer betas.
  • We encourage our customers to download the betas and report identifiable bugs to Apple.
  • Make sure you get the latest updates of Citrix Endpoint Management before going live with the newest versions of Apple OSes (clients and on-prem server versions).

New Feature Support

In addition to Day 0 support, Citrix’s engineering team is working around the clock to provide support for some of the new features announced by Apple:

  • New enterprise features for iOS, macOS, and tvOS
  • iPadOS (an OS exclusive for iPads!)
  • Changes to MDM and User Enrollment

Here are some details on each:

User Enrollment

User Enrollment was, by far, the most exciting news to come out of Apple’s announcements. You can never say that Apple doesn’t take enterprise use cases seriously.

Until now, there were two ways to manage devices — device enrollment and automated device enrollment. When a user brings their own device to work, they don’t want admins to manage the entire device. And admins don’t want to control their users’ entire devices either. User Enrollment is Apple’s response to the BYOD trend.

With User Enrollment, admins will be able to:

  • Configure accounts
  • Configure per-app VPN
  • Install apps
  • Require a simple passcode (numeric only)
  • Enforce a reduced number of restrictions
  • Issue an MDM command or query gathering information about apps provided by the MDM solution
  • Unenroll the device (this deletes all organizational apps and data)

User Enrollment will not enable admins to:

  • Obtain any persistent device identities such as Serial Number, UDID, or Exchange ActiveSync ID (it uses a unique value to identify the device)
  • Require complex alphanumeric passcodes
  • Clear the device passcode
  • Enforce certain restrictions
  • Take over management of an app that a user installed themselves
  • Gather information about apps downloaded with the user’s personal Apple ID
  • Remotely wipe the entire device
  • Access any cellular features
  • Collect logs on the device
  • Add any supervised restrictions to the user’s device

During enrollment, a managed Apple File System (APFS) new cryptographic key is created, enabling cryptographic separation between personal and work data. From the user’s point of view, an essential part of User Enrollment is what the admin does not have access to. Admins cannot see personal content (photos, email, messages, etc.), wipe the device, see personal apps installed, unlock the device, or restrict app content rating, among other things.

With this great feature coming, CEM will provide several options to its users during enrollment. Users and administrators will have the option to enroll devices based on the desired use case. Options include:

  • Full device management
  • User Enrollment (Apple’s recently announced feature)
  • App management only

Here is a video of User Enrollment (Apple’s recently announced feature). Note how the user will have separate profiles for their work and personal data.

User enrollment leverages Managed Apple IDs, which enable organizations to create Apple IDs on behalf of their users. Managed Apple IDs are required for user enrollments and define the user’s work identity on the device. According to Bob Whitman, Senior Device Management Engineer at Apple, “This is not a multi-user system, is a multi-persona system — the same user wearing different hats”.

Managed Apple IDs enable admins to install and manage work-related apps and accounts. Personal apps and accounts are managed under the user’s personal Apple ID; work apps and accounts are under their Managed Apple ID. This allows for all device administrators to remove and manage only corporate-related content

With managed IDs, third-party apps can be managed or unmanaged while several system applications such as Notes are account-aware so they can coexist with both managed and unmanaged accounts.

iOS 13

Besides many performance improvements and the addition of User Enrollment, iOS 13 brings a lot of improvements to existing configuration profiles, including new restrictions related to eSIM, exchange, contacts, VPN, and other network-related restrictions. There are also features users will enjoy that are less enterprise-centric, like a refreshed Photos app and support for dark mode (which was previously only available on Mac OS).

Other General Apple MDM updates

  • Restriction deprecations: Apple is deprecating many restrictions that were available on the standard MDM mode.
  • New restrictions: There are some new supervised restrictions for iOS, such as to allow hotspot modification, “Find my devices”, “Find my friends” and Wi-Fi modification.
  • Automated Device Enrollment (formerly called DEP)
  • Certificate transparency (a security enhancement)
  • Custom apps for Apple School Manager and Apple Business Manager (coming this fall)

Final Thoughts

In closing, Apple is bringing a lot to the table for their customers with iOS 13 and its various other announcements, and Citrix Endpoint Management will be releasing support for all these great features in the near term. Administrators should be aware of the new enrollment process and how it will affect their new users. Citrix will make more announcements around these features as we approach their release. Stay tuned!

For Citrix Investors: This release contains forward-looking statements which are made pursuant to the safe harbor provisions of Section 27A of the Securities Act of 1933 and of Section 21E of the Securities Exchange Act of 1934. The forward-looking statements in this release do not constitute guarantees of future performance. Those statements involve a number of factors that could cause actual results to differ materially, including risks associated with the impact of the global economy and uncertainty in the IT spending environment, revenue growth and recognition of revenue, products and services, their development and distribution, product demand and pipeline, economic and competitive factors, the Company’s key strategic relationships, acquisition and related integration risks as well as other risks detailed in the Company’s filings with the Securities and Exchange Commission. Citrix assumes no obligation to update any forward-looking information contained in this press release or with respect to the announcements described herein. The development, release and timing of any features or functionality described for our products remains at our sole discretion and is subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.