Apple WWDC 2024: What IT Admins Need to Know

From enhanced privacy protections to tighter integration with the ecosystem, Apple has announced a major update to its product line at its landmark WWDC2024. While the debut of AppleIntelligence and the launch of Genmojis rightfully made headlines, today we're bringing you an overview of Apple's announcements regarding device management and what to expect from Apple administrators.

Declarative device management takes center stage

Apple strengthened its MDM capabilities when it launched Declarative Device Management (DDM) in 2022. Since then, declarative management has grown in popularity as a feature on WWDC2023. DDM basically means that the MDM server no longer needs to continuously sync the device with the managed device to apply the required settings such as installing apps or configuring policies. Any Apple device can autonomously manage policy enforcement and report its real-time status to the MDM server without constant polling. This is a welcome change for administrators who previously lacked real-time visibility and faced scalability issues, especially when managing large enterprises. This year, Apple announced several features through DDM to make its devices more autonomous and proactive.

Fine-grained control over update management

Apple has announced improvements to software update management, promising to provide software updates, commands, and queries for iOS18, iPadOS18, and macOS entirely through declarative device management instead of MDM profiles. The device can operate autonomously, such as retrying updates in case of failure due to insufficient storage space, low battery, and send real-time information back to the MDM server. On the surface, Apple claims that this update management is more secure, reliable, and transparent.

Apple OS beta updates can be managed through MDM

Thanks again to DDM, managing Apple beta updates will become less of a hassle. Previously, technicians needed to log in to test devices to use Apple's beta updates. With the latest advancements, IT admins should be able to remotely enroll test devices into the beta program using MDM tools without forcing AppleID to sign in. This also automates beta enrollment, where updates can be applied to test devices during the first boot.

Customize and manage extensions

Organizations may require end users to enable or disable specific extensions to protect and simplify the browser experience. Starting with macOSSequoia and iOS/PadOS 18, administrators can manage Safari extensions, from allowing lists and controlling extension behavior (always on/off) to configuring access to web pages. Will this prompt organizations to see Safari as a business browser rather than the more popular Chrome? We have to wait and watch.

Improved service configuration

Last year, Apple introduced an MDM feature that automatically configures Mac services such as SSH and Apache. This year, Apple administrators were able to install scripts, executables, and remote configurations for the launched file in macOSSequoia machines. The configuration is installed in a secure path and is tamper-proof by design. This enables administrators to provide basic services, such as antivirus software with the necessary boot configuration that cannot be changed or tampered with.

Lock and hide apps

Starting with iOS/iPadOS 18, Apple devices now allow users to hide and lock apps from the home screen and app drawer, respectively. In addition to leveraging enterprise APIs, it's only a matter of time before admins seamlessly control the hiding and locking of apps on managed devices.

Hassle-free Activation Lock

You can now turn off Activation Lock from Apple Business Manager (ABM) without having to contact Apple Support. Previously, when a device was (even accidentally) locked with Activation Lock, administrators had to contact Apple support, which was a painstaking and time-consuming job that resulted in many devices being unusable for quite some time. No longer.

Manage multiple Apple IDs

Apple administrators can simplify the configuration of Managed AppleIDs used by employees to ensure that AppleIDs created under the corporate domain are managed by default. Apple also provides users with the option to transfer any personal AppleID created with a corporate domain email address and move it to the scope of a supervised device.

Other noteworthy points:

• You can automatically enroll VisionPro and Watch devices in MDM through ABM.
• Enhancements to the SSO of the platform.
• Password-specific app.
• Apple virtual machine gets iCloud integration as well as the ability to erase all content and settings.
• Administrators can configure the increasingly popular 5G private cellular network (up to 5 eSIMs).

Our favorite update

• The end of proofreading tools? AppleIntelligence can now proofread, summarize, and rewrite your content.
• Make your photos more pop with custom emojis and object removers.
• It's digital. iPadOS has a native calculator app.
• Nativize and increase productivity. macOS18 doesn't require a third-party split-screen app.
• You can deposit cash through Apple's brand new Tapto Cash.

EndpointCentral enables you to manage and secure today's digital workplace across different device types and operating systems. End-to-end device lifecycle management, combined with security capabilities such as attack surface management, threat detection and response, and compliance. Powerful remote troubleshooting, self-service capabilities, and proactive analytics help reduce downtime and improve the overall end-user experience. EndpointCentral can be used on-premises or as a SaaS solution, integrating seamlessly into their existing IT infrastructure and enabling interoperability.