Apple recently concluded another exciting and informative Worldwide Developers Conference (WWDC) on Friday, June 10th. Keeping with the trend, WWDC 22 was a virtual event with all keynotes and information sessions available to the public free of charge. As we expected, Apple announced new versions iOS, iPadOS, tvOS, and macOS and highlighted many of their new capabilities.
We’ll get to the enterprise updates shortly, but first we can’t help but share some of the general updates that Apple shared.
At WWDC, Apple debuted a completely redesigned MacBook Air and a refreshed MacBook Pro 13”, both sporting Apple’s next-generation M2 chip. With a promise of 100GB/s of unified memory bandwidth (50% more than M1), up to 24GB of fast unified memory, an 18% greater multithreaded performance over M1, Apple’s new M2 chip is an enterprise game changer.
With iOS 16, Apple has reimagined the Lock Screen, providing new ways to customize and personalize the experience with widgets on the Lock Screen. This updated experience is very similar to creating a watch face on Apple Watch. Intelligence features were also prominent throughout the iOS 16 keynote segment – Apple impressively demonstrated the new ability to lift the subject from an image, as well as Live Text for video. iOS 16 also includes a slew of enhancements across many of their apps; my favorite is the ability to edit and unsend messages within iMessage.
iPadOS 16 introduced a few new iPad-specific features, namely Stage Manager and external display support. Stage Manager is a new multitasking feature that allows for multiple overlapping windows in a single view – a first for iPad! And Stage Manager will be very handy when connecting iPad to an external display, as your iPad’s display is now extended instead of mirrored.
macOS Ventura followed suit, adopting many of the app-specific features introduced with iOS 16 and iPadOS 16. Like iPadOS 16, macOS Ventura will also support the new Stage Manager functionality. macOS Ventura also introduced a new design for Spotlight and improved its image searching capabilities. The Mac platform continues to expand its Continuity features, working together with iOS 16 by supporting Handoff for FaceTime calls and delivering a new way to use the outstanding cameras built into iPhone as a webcam. Pretty neat!
In addition to the consumer features, Apple also announced a bevy of new enterprise features across iOS, iPadOS, and macOS platforms.
Declarative Device Management
Last year at WWDC 21, Apple announced a new management paradigm for Apple devices called Declarative Device Management. Declarative Device Management allows the MDM server to “declare” a device’s desired state, providing a device with a list of configurations and rules for when these configurations should be active, allowing for a more proactive management model driven by the device instead of the server. For a primer on Declarative Device Management, please refer to last year’s WWDC 21 blog post.
Declarative Device Management debuted with a limited scope; only user enrolled iOS and iPadOS devices could leverage the new features. At WWDC 22, Apple announced that Declarative Device Management is expanding to all platforms and all enrollment types with their upcoming Fall 2022 software updates.
In addition to the expanded scope, Declarative Device Management now supports new status reports and activations.
To provide context to the benefits of Declarative Device Management, let’s look at a device management scenario involving a passcode and Wi-Fi configuration profile. In this scenario, we want to deploy a passcode and Wi-Fi profile to a managed iOS device, but we only want to the profile to deploy after the device is compliant with its new passcode policy. Historically, we’d achieve this by deploying a passcode profile and creating a passcode compliance policy within Workspace ONE UEM. When the iOS device first receives the passcode profile, it would prompt the user to update their passcode. As we know, it can take some time for the user to update their passcode, which requires Workspace ONE UEM to frequently poll the device to check status. This means there is often some lag between when the device becomes compliant and the next time the device is polled. During this lag time, the user will not receive their Wi-Fi profile as the device is still marked as non-compliant.
With Declarative Device Management, this scenario can be completely reimagined. You can deploy the passcode & Wi-Fi simultaneously to the device. Through the new activation ‘predicate’ functionality, you can configure the Wi-Fi profile to only enable once the device has become passcode compliant. Essentially, the logic has been shifted from Workspace ONE UEM to the device, benefitting the user by reducing wait time and benefiting Workspace ONE UEM by reducing processing overhead. Truly a win-win solution.
Though Apple has announced that Declarative Device Management will be the future of their MDM protocol, Declarative does not conflict with the previous Imperative device management functionality. Declarations and existing configuration profiles can live side-by-side on the same device without issue.
Single sign-on enhancements
Single sign-on (SSO) updates were prominent at WWDC 22 across Apple platforms. Not only did Apple update User Enrollment for iOS 16 and iPadOS 16 with SSO support, but macOS Ventura now supports a platform-wide SSO experience.
User Enrollment SSO was designed to make User Enrollment faster and easier by reducing the number of required sign-ins. During the User Enrollment flow, users can download a mobile app from their IdP to facilitate the SSO process. After the User Enrollment process is completed, the IdP app will remain installed on the device as a managed app to broker future authentications. To allow additional flexibility to this SSO workflow, User Enrollment SSO now also supports the OAuth 2.0 authentication protocol.
macOS Ventura takes SSO capabilities one step further with its new Platform SSO functionality. Platform SSO enhances existing SSO functionality, extending it all the way to the macOS login window.
This allows users to use an Identity Provider (IdP) password to unlock their mac and permits apps and websites to reference the initial authentication for subsequent login prompts. With Platform SSO, users are not required to repeatedly authenticate with apps and websites after initial login.
New security solutions
Apple did not forget about security teams with their 2022 software updates. WWDC 22 introduced two brand new security solutions, Rapid Security Response and Managed Device Attestation.
Rapid Security Response, a new security solution for iOS 16, iPadOS 16 and macOS Ventura, completely changes the way Apple deploys security updates to the device. Rapid Security Response allows Apple to ship security fixes to users more frequently, outside of the traditional OS update lifecycle. This new security solution will enable Apple to get security fixes onto devices much quicker and without simultaneously introducing new features. Note that Apple did provide the ability to disable responses and the ability to prevent users from undoing responses.
Managed Device Attestation reimagines how we certify device identity for iPhone, iPad, and Apple TVs. As of iOS 16, iPadOS 16, and tvOS 16, device management solutions can now query to retrieve attestation certificates, providing strong assurances about device properties such as serial number, UDID, and OS version. This new security solution better protects against attackers stealing a device’s TLS private keys, spoofing legitimate devices, or lying about a device’s properties.
Through Rapid Security Response and Managed Device Attestation, Apple has upped the ante with their security solutions.
Getting ready for Apple Fall Releases
We are inspired by the announcements at WWDC 22 and excited to get started incorporating these updates into Workspace ONE.
If you’d like to learn more about Apple’s Fall 2022 platform updates, including new profile payloads and commands, check out our preparation documentation, Getting Ready for Apple Fall 2022 Releases.
We’d love to hear your thoughts on Apple’s upcoming platform updates. Are there any new features you are particularly excited about? We encourage you to provide feedback on our Workspace ONE UEM feature request portal.
