Apple @ Work: What’s new with Apple system administration with iOS 17 and macOS Sonoma?

Apple @ Work is delivered to you by Kolide, the system belief resolution that ensures that if a tool isn’t safe, it may possibly’t entry your cloud apps.  When you’ve got Okta, Kolide might help you get your fleet to 100% compliance.  They’re Zero Belief for Okta. Be taught extra or request a demo as we speak.

Apple’s World Extensive Developer Convention for 2023 has come and gone as soon as once more, and now we flip our consideration to the summer season of beta testing, making ready coaching, and extra. I’ll be diving into many of those bulletins within the coming weeks, however I wish to run by the high-level updates that Apple IT directors must know for macOS Sonoma, tvOS 17, iOS 17, watchOS 10 (sure, Apple Watch is coming to MDM), and iPadOS 17.

About Apple @ Work: Bradley Chambers managed an enterprise IT community from 2009 to 2021. By way of his expertise deploying and managing firewalls, switches, a cellular system administration system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will spotlight methods wherein Apple IT managers deploy Apple gadgets, construct networks to assist them, practice customers, tales from the trenches of IT administration, and methods Apple might enhance its merchandise for IT departments.

Account-driven Machine Enrollment

Account-driven Machine Enrollment is a streamlined resolution that simplifies the method of enrolling company-owned iPhone, iPad, and Mac gadgets into administration by using customers’ work accounts. This revolutionary strategy ensures that the enrollment expertise maintains a transparent distinction between work and private content material. Moreover, in macOS, it grants the additional benefit of enabling system supervision. With Account-driven Machine Enrollment, the duty of managing gadgets turns into extra environment friendly and tailor-made to the wants of each customers and organizations.

watchOS positive factors system administration assist

When an Apple Watch is paired with a supervised iPhone, organizations achieve the power to enroll and handle it utilizing Cellular Machine Administration (MDM) options. This enlargement of the MDM protocol opens up many prospects for creating personalized options that improve productiveness, promote wellness at work, and bolster worker security (suppose noisy warehouses, and many others). The enrollment course of entails a declarative configuration on the iPhone, unlocking the utilization of configuration profiles, app administration, MDM instructions, and declarations.

Setup Assistant enforcements

Automated Machine Enrollment presents organizations a manner to make sure that their particular necessities are met previous to deploying gadgets into manufacturing environments. With these enhancements, organizations can mandate a minimal OS model as a prerequisite for system enrollment, guaranteeing compliance for SOC2, and many others. FileVault may also be enforced as effectively. Moreover, organizations have the choice to require customers to enroll their Macs into administration when registering the system in Apple Faculty Supervisor or Apple Enterprise Supervisor.

Updates to Managed Apple IDs

Apple can also be bringing some updates to Managed Apple IDs this fall as effectively with extra iCloud and Continuity companies. These updates embody assist for iCloud Keychain and Apple Pockets. Apple might be permitting organizations to limit entry to particular companies and outline which administration state a tool ought to be in when a person indicators in with a Managed Apple ID. Right here’s among the data Apple shared on the updates

  • Continuity: Customers can use AirPlay to Mac, Auto Unlock, Continuity Digital camera, Continuity Markup and Sketch, Handoff, Instantaneous Hotspot, iPhone mobile calls, Sidecar, SMS, Common Clipboard, and Common Management.
  • iCloud Keychain: Customers can securely retailer and entry credentials (together with passkeys) on all permitted gadgets.
  • Apple Pockets: Customers can add playing cards and passes to Apple Pockets together with the chance to make use of Apple Pay.
  • Developer account: If allowed, Managed Apple IDs created in Apple Faculty Supervisor can take part within the Apple Developer program.

Passkeys at work in iCloud Keychain

Apple is including PassKey assist to iCloud Keychain and entry administration to Managed Apple IDs. This may permit organizations to deploy and allow password-less authentication for inner companies with passkeys.

Customized id supplier assist for federation

To permit extra corporations to create Managed Apple IDs robotically, integration is supported with public and in-house IdPs supporting OpenID Join, SCIM, and the OpenID Shared Alerts and Occasions Framework.

Platform single sign-on updates for macOS

With enhancements to Apple’s platform SSO, builders can lengthen their SSO extension to create native person accounts on a shared Mac utilizing credentials from an organization’s IdP. As well as, permissions and group membership of these customers might be managed from system administration instruments.

Declarative system administration updates

Software program replace administration is now a part of declarative system administration and supplies new choices for when/ how an replace ought to be enforced, together with elevated notifications to the tip customers. To make the transition, an MDM resolution can migrate an already deployed configuration profile right into a declarative legacy configuration with out the necessity for redeployment and potential issues.

Managed Machine Attestation for macOS

Managed Machine Attestation is offered on macOS and supplies sturdy assurance concerning the safety setup and properties of the system in query.

802.1X assist on ethernet for iPhone, iPad, and Apple TV

iPhone, iPad, and Apple TV assist the configuration of 802.1X for Ethernet to connect with restricted networks that require authentication. Whereas I don’t suppose it’ll be extremely standard on iPad and iPhone, it’s a much-needed characteristic for Apple TV.

Personal 5G and LTE networks

With iOS/iPadOS 17, iPads and iPhones now assist Personal 5G and LTE networks. IT admins can robotically activate non-public networks when an iPhone enters a geofence and permits the gadgets to prioritize the non-public mobile over Wi-Fi.


These are among the key updates coming for IT and safety groups with the brand new variations of iOS 17, iPadOS 17, tvOS 17, macOS Sonoma, and watchOS 10. I’ll be diving into them in additional element within the coming weeks.

Apple @ Work is delivered to you by Kolide, the system belief resolution that ensures that if a tool isn’t safe, it may possibly’t entry your cloud apps.  When you’ve got Okta, Kolide might help you get your fleet to 100% compliance.  They’re Zero Belief for Okta. Be taught extra or request a demo as we speak.

FTC: We use revenue incomes auto affiliate hyperlinks. Extra.

Leave a Reply

Your email address will not be published. Required fields are marked *