Throughout my career as a software developer and product manager, I have attended many major events, product launches, developer conferences. But I’ve definitely never attended an event in the middle of a pandemic. I was looking forward to attending what would have been my first Apple event, the online Worldwide Developers Conference 2020.

Last year, with the announcement of user enrollment and other features, Apple showed they were taking iOS enterprise seriously. This year, they showed they’re taking macOS management very seriously, and I’m excited about the impact these new features will have on Citrix Endpoint Management.

Apple also revealed a major update on the hardware front by announcing its transition to Arm-based processors with its line of Apple silicon chips starting in late 2020. Having worked at Arm previously, I know how great they can be with power efficiency on portable devices (MacBook line).

What’s New with macOS Device Management

With the introduction of Big Sur, Apple is bringing valuable features to the table for macOS device management, including:

Zero-touch deployment (Automated Device Enrollment)

  • Enrollment customization: Organizations can brand, customize the consent text, and provide a better authentication experience by supporting multiple identity providers such as Azure Active Directory, Okta, and Ping.
  • Setup Assistant: After the user account is created (just like with iOS and iPadOS), administrators can customize the setup process by selecting which steps to show or hide.
  • Auto Advance for Mac: All the end user needs to do is connect the Mac to power and ethernet. All the setup screens are skipped, and the only thing left for the user to do is to login.

Lights Out Management for Mac Pro

This enables admins to deploy a Mac Pro at scale. Using Lights Out Management (LOM), administrators can start-up, shut down, and reboot a Mac Pro remotely, even if they are unresponsive.

Supervision of User-Approved MDM

Any Mac enrolled on user-approved MDM will not be considered supervised. Supervision for user-approved MDM includes:

  • Control Activation Lock bypass
  • Use of Bootstrap token
  • Query list and delete local users
  • Replace or remove profiles and install supervised restrictions using MDM
  • Schedule software updates

Apple is also enabling macOS with some policies that we’re already familiar with from iOS/iPadOS, including:

Managed Software Update, which supports:

  • Forced software update
  • Deferral of major OS updates for 90 days
  • Deferral of non-OS updates
  • Removal of the software update catalog
  • Removal of the Ignore Flag

Managed Mac Apps, which supports:

  • Removal of apps by MDM command and on unenrollment
  • iOS-style managed app configuration and feedback
  • Conversion of an unmanaged app to managed

Downloaded Profiles for Mac, which:

  • Includes workflows designed to prevent accidental profile installations
  • Enables users to manually install profiles
  • Enables users to ignore and not install the profile
  • Remains in the Profiles Preference Pane for eight minutes.

What’s New on iOS/iPadOS

Apple also rolled out a lot of great new features for iOS and iPadOS for deployment and device management, including:

Shared iPad – Earlier this year, Apple introduced Shared iPads for Business (Apple Business Manager). Before then, Shared iPad was offered only for Apple School Manager. Shared iPad for Business now supports sign in with managed Apple IDs created using Apple Business Manager; Azure Active Directory Federated ID; Single Sign-on extension; a dynamic number of cached users; the ability to delete all users at once; new queries for estimated resident users and quota size; and temporary sessions

Non-removable managed apps – Admins can now install apps and mark them as non-removable.

Managed Open in Support Shortcuts When the shortcut app triggers an action (using Siri or the app itself) that is not allowed by the device policy, the shortcut will not execute.

Notifications previews – Apple has introduced the following preview types for notifications:

  • Always: Previews will be shown when the device is locked and unlocked
  • When Unlocked: Previews will only be shown when the device is unlocked
  • Never: Previews will never be shown

These override the value at Settings>Notifications>Show Previews.

Setup assistant skip screens – Using setup assistant skip screens, admins can specify which screens to skip when enrolling in “Automated Device Enrollment” mode. Update completed skips the “Software Update Complete” pane, while restore completed skips the “Restore Completed” pane

Set timezone – This MDM command enables admins to choose a time zone for each device (does not depend on device location)

Security – The Per Account VPN feature lets admins associate individual accounts with VPN, while encrypted DNS enables admins to configure encrypted DNS without configuring a VPN.

New Restrictions – Apple introduced new restrictions including around allowing shared iPads, non-removable managed apps, and allowing app clips.

What’s new on Apple Business Manager/Apple School Manager

Custom Apps are also coming to Apple School Manager. This is a mechanism to distribute in-house apps privately. These apps are not visible on the app store, and they are distributed using volume purchases from Apple Business Manager and Apple School Manager.

Unfortunately, there wasn’t an in-person WWDC this year, but I was excited about what I saw during the online event. Apple is adding a lot for customers with iOS/iPadOS 14 and macOS 11, and Citrix Endpoint Management will provide support for these great features soon. Learn more about Citrix Endpoint Management and Apple, and stay tuned for updates on our upcoming releases.