Apple wrapped up its Fall 2019 Keynote last Tuesday, and with it came details and release dates for the new consumer Apple services, a new Apple Watch, and the first “Pro” iPhone with iPhone 11 Pro. While Apple fans must wait on their new toys, they don’t have to wait any longer for iOS 13. The latest iOS update is now out and will soon be running iPhones everywhere. As we’ve previously written, this is likely Apple’s most important release for the enterprise IT market since iOS 7, and our product teams have been hard at work ensuring that Workspace ONE expands upon the value inherent in this new Apple platform. This article will explain what to look forward to and how to take advantage of iOS 13 in Workspace ONE.
Custom Automated Enrollment
With User Enrollment being pushed to iOS 13.1, the most enterprise-impacting feature in iOS 13 is Apple’s custom automated enrollment (formerly DEP) through Apple Business Manager. With this capability, Apple has enhanced the provisioning process for iOS devices by allowing Workspace ONE to present customized onboarding web screens during automated enrollment. Workspace ONE has expanded this to give admins an array of options to help streamline the enrollment process and drive adoption. These options include displaying company branding, offering multiple authentication options like token, SAML, or MFA, and requiring a Terms of Use acceptance. User acceptance is required for each option before they are taken to the home screen, allowing IT admins to tighten security practices and standardize their enrollment process for corporate-owned devices within Workspace ONE UEM.
You can test these changes now in our UATs, and they’ll be included in the next release of Workspace ONE UEM. If there are any other capabilities your organizations would like to see for customized automated enrollment, please let the VMware team know.
Profiles & Commands
Apple continues to deliver value each spring and fall through innovation in their profile and command frameworks. This year, they delivered updates to seven payloads and one net new command. One of the most requested capabilities is the newly added flexibility when managing Exchange accounts. With iOS 13 and Workspace ONE UEM, admins can configure Exchange accounts on behalf of users and limit their access individually to iOS Mail, Contacts, and/or Calendar native apps—rather than having to limit access to all of them at once as a group. This is great for admins who want the added security of a containerized mail client like Workspace ONE Boxer but require enterprise contacts to appear in the local store for features such as caller ID.
iOS 13 also comes with a handful of new restriction options for added security when locking down supervised devices. With Workspace ONE, admins can restrict user access to the newly released QuickPath keyboard, USB drives, and the Find My iPhone and Find My Friends features. Apple also continues its focus on user privacy by requiring supervision for more intrusive restrictions like preventing use of the camera, FaceTime, explicit content, Game Center and other services.
SSO Extension
Apple has also introduced a new Single Sign-On (SSO) Extension profile for iOS 13 that’s configurable in Workspace ONE. These extensions are built by identity providers and allow web and native app developers to utilize them as an authentication library instead of requiring apps to support multiple flavors of authentication (e.g. SAML, OpenID Connect, etc.). Admins can specify the type of extension and a list of hostnames for their organization in Workspace ONE, automatically and securely granting users access to corporate resources with no password entry. Apple has even developed its own built-in Kerberos extension that can also be configured using the new profile. These extensions offer a fantastic, native experience that overcomes many of the concerns surrounding authentication for admins, users, and even app developers.
The next release of Workspace ONE UEM will have all these features available, and you can test them now in our UATs.
Take Action Now To Get Ready
To learn more about these and other new features, please view our recorded webinar “Getting Ready for Apple Fall 2019 Releases with Workspace ONE.” This presentation offers a more in-depth look into how you can use Workspace ONE in conjunction with these releases to further improve the employee experience and strengthen support for Apple devices in the enterprise.
Stay informed about everything happening with Apple’s Fall releases by checking out the resources we’re providing:
• Subscribe to the “Getting Ready for Apple Fall Updates 2019” knowledge base article to stay up to date on everything going on with Apple this Fall
• Read this blog titled “WWDC 2019: A Home Run for the Enterprise” to catch up on all the changes you’ll see in all of Apple’s fall releases.
• View our recorded webinar with Chris Burns and Senior Technical Product Manager John Richards titled “Getting Ready for Apple Fall 2019 Releases with Workspace ONE” for an in-depth look at using Workspace ONE in conjunction with these releases.
• Go deeper into what we’re doing with Workspace ONE. Over the next couple of months, we’ll be releasing a series of video blogs that break down each major topic. Stay tuned for links as we start out with the following:
• User Enrollment and how it affects BYOD
• All about macOS Catalina
• DEP custom screens
• Deep dive on iOS 13