Apps Desktops Featured Mobile VMware Workspace ONE Workspace ONE Unified Endpoint Management

Apple Introduces Big Upgrades for the Enterprise at WWDC 2020

Usually a jam-packed, in-person event, Apple held its first virtual Worldwide Developers Conference this year, June 22-26, from their headquarters in Cupertino, CA.  As usual, we at VMware have a summary of the most important announcements as well as some insight into what we’ve seen and heard.

First, let’s acknowledge Apple’s admirable work in committing $100M to the “Racial Equity and Justice Initiative.” Tim Cook stated that the people at Apple were “…inspired and moved by the passionate people around our nation and around the world who have stood up to demand change.”  And I think we can safely say that Apple now deserves to be classified as an entity that has done that as well.

As Apple started to unveil changes to their consumer product lines, they captivated the audience with a barrage of clever transitions and refreshing graphics as they delved into each platform’s capabilities, complete with demos and animations to keep viewers engaged. iOS introduced Home Screen widgets, an app library with bite-size app features and coined App Clips that can be accessed even without installing the full app itself. For iPads running the still-new iPadOS, a handful of updates to the Apple Pencil and multitasking will add to its versatility. And the Mac takes a leap forward as Apple announced the platform is shifting away from Intel to Apple’s own silicon chips (more to come on this later). This allowed macOS itself, nicknamed Big Sur, to increment its almost two-decade-old macOS 10.x versioning to macOS 11.0. This was accompanied by a new aesthetic and array of iOS-like app icons that give the platform a visual refresh and overall, very polished experience.

Looking beyond the consumer-focused flash to the technical underpinnings, one theme made itself obvious as WWDC wound its way towards conclusion last week: Apple continues to drive a sensible convergence across its operating systems. We have seen this manifest in a new OS (iPadOS), a consolidated UI framework based on the home-grown Swift language and even the aforementioned macOS Big Sur’s UI updates seem to offer a more familiar experience when compared to iOS and iPadOS.  This trend trickles more substantively into the enterprise, with new capabilities across all of Apple’s platforms that were born from best practices derived from iOS.

Continue reading below for the best of what enterprises can look forward to this fall and stay tuned for a companion post on our Tech Zone that dives even deeper into the solutions in exhaustive detail and our MyVMware article for how to best prepare your organization for these changes inside Workspace ONE.

iOS

Non-removable managed apps

Instead of locking the entire home screen and blocking the removal of all the apps on a device, admins can now simply mark mission-critical managed apps as non-removable.  This will truly help the Employee Experience by allowing users to rearrange their home screens, add new apps and delete other apps they’ve installed while still maintaining control over what’s critical.

If a user attempts to delete or offload a marked app, the system prevents the action and displays an alert that states “This app cannot be deleted because it is required by your administrator.”  This ensures users will always have mission-critical apps available on their device.

Per-Account VPN

Apple has had support for full VPN, split VPN and per-app VPN, and is now adding a new capability called Per-Account VPN.  Admins can target MDM VPN configurations for several account types including Exchange in Mail, Contacts, and Calendar. Any traffic sent from these accounts will be tunneled using the targeted VPN config for added privacy and security, but this will not extend to other personal or unmanaged accounts. 

Skipping Setup Assistant Screens

Typically, any new Setup Assistant is introduced alongside a set of new skip keys and again Apple has done just that for the “Getting Started” and “Update Completed” panes. However, for iOS and iPadOS 14, a new profile payload also called Setup Assistant allows you to skip these and all panes even after device updates and restarts. This is great for organizations automating this process and striving to keep it truly “zero-touch.”

Set and query for the device time zone

As admins know, if the time zone is set incorrectly on a device, it can cause problems with key services like authentication and apps that depend on accurate time stamps. The new Set time zone command allows admins to select the time zone for each device directly even without the use of location services.

Randomized MAC Addresses

As of iOS 14, devices by default will use randomized MAC addresses when associating with Wi-Fi networks. If a device fails to join the network, it will revert back to its hardware MAC address. This setting can be disabled by users in Settings, or it can be disabled in the Wi-Fi configuration profile.

macOS

Apple Silicon chips

One of their biggest announcements at the conference was Tim Cook’s disclosure that Macs will now use Apple’s own silicon chips. This is a major announcement because it introduces the concept of the Universal App – meaning that developers will now be able to create apps that run on all of Apple’s platforms at once, from iOS to iPadOS to macOS.

Apple will begin shipping the first Macs with Apple silicon by the end of the year, but they will, of course, continue to support their Intel-based Macs for years.  And interestingly enough, they’ve stated that they still have multiple Intel-based Macs in development. So, don’t expect the Apple/Intel relationship to completely disappear any time soon.

For more information on this, check out Apple’s session at WWDC on how to port your Mac apps to Apple silicon.

Supervision for User-Approved MDM

Beginning with Big Sur, Macs that are enrolled in user-approved MDM will automatically be designated as Supervised, giving admins greater control over content and function.

Admins can control Activation Lock and Bootstrap tokens, and have the ability to schedule software updates just like they do with devices that are enrolled via DEP. More importantly admins now have far more control over local users and profiles with the ability to query and delete them and install additional restrictions via MDM Supervision.

Managed Apps

Another longstanding iOS feature that’s finally making its way into macOS is Managed Apps. With Big Sur, apps can be removed by MDM command and/or when they’re un-enrolled.  Managed app configuration and feedback are supported in the same style they are in iOS. Probably the most anticipated addition here is the ability to convert unmanaged apps to managed via MDM (note that this can’t be done on User Enrolled devices).

Auto Advance for easy Mac setup

Taking a step further to streamline the out of box enrollment process, Apple brings the Auto-Advance mode from tvOS to macOS as well. Just plug in the power and the ethernet cable and you can skip a lot of tedious steps to land directly on login.

Managed Software Updates

Apple has added a number of new capabilities like the ability to force updates or defer OS and non-OS updates. With VMware Workspace ONE, we have been working over the last year to significantly improve the managed software update experience across Apple operating systems starting with iOS. We’re looking forward to launching it for macOS very soon to take advantage of the latest updates with 10.15.4 and Big Sur.

Bootstrap Token

Bootstrap tokens got an upgrade as well. Previously, if IT administrators wanted to grant accounts Secure Token on a Mac device, they had to create workflows and add individual user accounts. In macOS 11, Bootstrap Tokens can grant a SecureToken to any user on a supervised Mac. macOS 11 may also ask for the Bootstrap Token in more cases than just when a user logs in.

Learn more about Bootstrap Tokens in the Deployment Reference for Mac:

Using SecureToken

Using Bootstrap Tokens

When a user sets up a Mac on their own

When a Mac is provisioned by an organization

Using command-line tools

Apple Business Manager / Apple School Manager

SCIM Integration

Administrators can use SCIM to import users into Apple School Manager and Apple Business Manager. SCIM allows them to merge Apple School Manager and Apple Business Manager properties (such as SIS username and grades in Apple School Manager, and roles in Apple School Manager and Apple Business Manager) over account data imported from Microsoft Azure Active Directory (Azure AD).

We’re excited about the new announcements from Apple this year and look forward to bringing them to market as part of the Workspace ONE solution for our customers and partners.  This year we’re also launching a new sub-space within VMware Communities for Apple related discussions, and we’re looking forward to some impactful community interaction over the next few weeks

For more information on these and other changes, keep an eye out for additional VMware blog posts, and take a look at Apple’s recorded videos as well
CLICK HERE to view Apple’s WWDC video “What’s new in managing Apple devices.”

CLICK HERE to view Tim Cook’s keynote video.