VMware Workspace ONE Unified Endpoint Management (UEM) provides a single platform to manage any device type, and we’ve recently released significant new capabilities for many of them. Today we shine a spotlight on multiple improvements around the macOS platform, including some new critical functionality and long-asked-for features.
A new framework for managing macOS updates
Managing macOS updates in a way that maximizes security and compliance while minimizing any loss of data is not a new problem for Mac admins. The need to maintain a flexible experience that allows end users to start updates when they’re ready compounds the problem. With the new macOS Updates Dashboard in Workspace ONE UEM, administrators have a substantially upgraded toolset for meeting these challenges.
The framework is built around the core macOS MDM protocol, leveraging native commands such as ScheduleOSUpdate and AvailableOSUpdates to present a list of all available macOS versions that is updated automatically when new versions become available.
Administrators can assign target versions to devices, specify when the deployment should begin, and specify how the deployment should occur. Perhaps at first you only want to notify users that a new update is available. Sometimes, you may want to automatically download the update, and then prompt the user to begin installation once they’re ready. In some cases when device compliance is critical, you may want to force the device to install the update immediately, with or without user consent.
When defining your update rollout strategy, administrators can leverage escalating behavior. For example:
- At first, only notify the user.
- After a few days, begin prompting the user to initiate.
- Finally, after the target deployment date has passed, force the update down on any devices that have not installed it yet.
Flexible deployment strategies can be developed by defining different deployment start dates and behavior targeting specific sets of users and devices. When an update is assigned to a device, Workspace ONE will periodically redeploy the specified command to the target devices until the update is confirmed completed.
The macOS Updates Dashboard is an important new tool for managing macOS updates, and it joins existing tools such as deploying macOS updates through the Intelligent Hub hubcli and the macOS Updater Utility to maximize both admin and user experience.
Regardless of the approach admins choose to use currently, the Workspace ONE product team remains committed to simplifying macOS updates. Administrators can expect further updates to this framework in future versions of Workspace ONE UEM, including support for some of the latest capabilities announced by Apple at their 2023 Worldwide Developer’s Conference (WWDC).
Hundreds of new payloads and keys added for macOS
Last year, Workspace ONE announced a complete rearchitecting of the profile payload framework for macOS. With Workspace ONE UEM 2306, this framework will be fully available across all shared SaaS environments and can be enabled by request for any dedicated SaaS environments. In addition to the framework itself, UEM 2306 includes support for hundreds of new keys in the native Workspace ONE UEM user interface.
We can’t include an exhaustive list here, but you can expect new keys (and in some cases entire new payloads) to support configurations in the following areas:
- Login and background item management: Prevents users on macOS Ventura from disabling background processing for specified apps.
- SSO extension: Support for third-party platform SSO extension configurations.
- Restrictions: Allows the deployment or removal of rapid security updates, as well as Universal Control, USB Restricted Mode, and manual configuration profile installation.
- Security and privacy: More granularity around delaying major, minor, and non-OS updates.
- Content caching: Configures the native caching settings on macOS devices.
- Firewall (native): Updates to configuration options for the native system firewall.
- Notifications: Configures the default notification settings for apps installed on macOS devices.
- And more!
Moving forward, the Workspace ONE team will leverage this new framework to quickly adopt new configuration keys as they are made available by Apple.
More flexibility around Intelligent Hub seeding
Administrators in shared SaaS environments (and dedicated SaaS environments by request) also now have more flexibility in determining which version of the Intelligent Hub is deployed to their newly enrolled devices. By default, the latest available Intelligent Hub will be deployed to devices, independent of UEM version. Alternatively, administrators can now choose to disable this behavior and instead choose a specific version to deploy. As new versions of the Intelligent Hub are released, they will automatically become available as a selectable option as well.
Keep in mind that this affects which version of the Intelligent Hub is initially deployed to devices but is not used to control auto-update settings for the Intelligent Hub once installed. Intelligent Hub seeding and auto-update behavior can both be configured in the “Intelligent Hub Settings” section of the Workspace ONE UEM System Settings.
Freestyle Orchestrator supports complex workflows for macOS
With Freestyle Orchestrator, Workspace ONE administrators can combine their profiles, scripts, sensors, and applications into a conditional and sequential workflow to automate execution in complex use cases. Freestyle Orchestrator support for macOS continues to be a focus, with several updates in recent releases:
- The ability to support on-demand workflows in the Intelligent Hub catalog
- Improved support for native conditions, such as native file status or app install state
- Customizable error handling
Although Freestyle Orchestrator is not macOS specific (it supports other platforms as well as third-party apps), workflows remain a central component of macOS management with Workspace ONE UEM. Expect continued growth in built-in capabilities and resource types for macOS workflows.
There’s more …
With WWDC 2023 in the rearview mirror, you can read our thoughts on some of the notable announcements from Apple for macOS 14 Sonoma as well as the other new platforms. While we’re still several months away from Apple’s release of these new versions, the team is currently focused on building out support for the new functionality.
Recently, the Workspace ONE team has been rebuilding the entire platform on a new architecture. As this architecture continues to roll out, focus will shift to new platform-specific capabilities that leverage it. Stay tuned for further Workspace ONE updates from the team here on the End-User Computing blog!
