Apple held their annual developers conference this week. We noted what's new.
Apple’s annual Worldwide Developers Conference (WWDC) has been taking place all this week in San Jose. One of last night’s sessions was “What’s New in Managing Apple Devices”, which tends to be where any interesting MDM-related announcements happen. In recent years, changes announced at WWDC for enterprise management have been fairly limited, typically being released a few months afterward in a .3 release and it looks like this year will be no different, however here is a quick summary of the interesting ones that stood out to us.
Apple formally announced Apple Business Manager, a centralised portal where enterprises will manage the Volume Purchase Programme (VPP), Device Enrolment Programme (DEP), creation of administrator accounts. Businesses will also have the ability to buy ‘credits’ from Apple or a reseller by purchase order and use these in the portal to purchase apps, which will be a welcome change to using the CEO’s credit card!
App Transport Security (ATS) enforces secure app network communication and was enabled for all apps except device management traffic last year, with iOS12 it will be enforced for device enrolment/management also.
A few interesting Restrictions: prevent devices sharing WiFi credentials, prevent devices receiving WiFi passwords from nearby devices, block USB while device is locked (excluding Apple Configurator), prevent manual changing of the date/time
With the release of iOS 10, Apple announced that certain iOS Restrictions would no longer be supported on un-Supervised devices, such as the ability to disable the App Store. After some pushback from customers this was not rolled out in iOS11 as expected, however Apple state that these Restrictions absolutely will be disabled for non-Supervised devices in iOS12. To ease the transition however, un-Supervised devices that have these particular Restrictions applied will continue to have them available and applied until the device is next wiped, at which point the device must be Supervised to use the Restriction.
Exchange ActiveSync configuration profiles will have an option to use OAuth authentication (modern authentication as it is known in Office365).
More granular configuration options for S/MIME have been added to allow for clearer management by administrators and more flexibility for users.
IKEv2 VPN configuration profiles will facilitate specifying various DNS settings, such as primary suffix, DNS server addresses etc.
So nothing revolutionary, but this was expected and we now await iOS12.3 for the good stuff!
You can watch the full session and see the slides here - https://developer.apple.com/videos/play/wwdc2018/302