What’s new in device deployment
The following features are new in mobile device management (MDM) for Mac computers and Apple TV devices.
Auto Advance for Automated Device Enrollment
With Auto Advance configured in MDM, organizations can order Mac computers and, after they arrive, simply plug them into Ethernet and power them on. The Mac will locate the assigned MDM solution and be automatically configured based on settings from the MDM solution, including skipping all Setup Assistant screens. The user then enters a known user name and password at the login window.
A Mac that meets all of the following criteria can take advantage of Auto Advance:
Comes preinstalled with macOS 11 for Mac computers shipped directly from Apple, an Apple Authorized Reseller or carrier, or running macOS 11 for Mac computers erased and ready to be configured
The Mac serial number must appear in Apple School Manager or Apple Business Manager
Has automated device enrollment settings, including the existing Auto Advance keys applied to the device using an MDM solution
Is plugged into a power source (recommended but not required)
Is plugged into an active Ethernet connection (initial configuration only)
Note: If the Mac is configured to use FileVault, an initial additional step requires the user’s password.
Apple School Manager and Apple Business Manager
Administrators can use System for Cross-domain Identity Management (SCIM) to import users into Apple School Manager and Apple Business Manager. After the domain verification, federation, and SCIM processes are complete, users with accounts in the Azure AD domain can use their Azure AD credentials to sign in to Apple services.
For more information, see Integrating with Azure AD.
New payloads and payload updates for macOS 11
Lights Out Management: Remotely starts, shuts down, and reboots Mac Pro (2019) computers.
Per App VPN: Allows apps to use different VPN tunnels for specific internal websites.
Associated Domains: Direct downloads are supported.
Single Sign-On Extensions: SSO extensions are supported for User Enrollment.
IKEv2: Added a specification on the maximum transmission unit (MTU), in bytes.
For more information, see Mac MDM payloads in MDM Settings for IT Administrators.
New payload updates for tvOS 14
SCEP: Key size can now be 4096 bits.
For more information, see Apple TV MDM payloads in MDM Settings for IT Administrators.
New restriction updates for macOS 11
Defer software update: This setting now includes supplemental, security, and non-OS updates (such as Safari).
For more information, see Managing software updates for Apple devices in MDM Settings for IT Administrators.
New queries and query updates for macOS 11
Device Info query: Specifies whether the Bootstrap Token is allowed.
LOM Setup Request query: Returns the LOM information.
Managed Application List query: Returns the list of managed apps.
Managed Application Feedback query: Returns managed app feedback.
For more information, see Queries overview for Apple devices enrolled in MDM in MDM Settings for IT Administrators.
New queries for tvOS 14
Device Info query: Returns the Time Zone setting on the device.
For more information, see Device information MDM queries for Apple devices in MDM Settings for IT Administrators.
New commands for tvOS 14
Application Attribute: Adds the ability to enable direct downloads for an associated domain and restricts the ability to remove the app.
For more information, see Commands for Apple devices enrolled in MDM in MDM Settings for IT Administrators.
New commands and command updates for macOS 11
Account Configuration: Specifies the short name of the local account to be managed.
Install Application and Install Enterprise Application: Now includes the “Install a Managed App” option, which allows managed apps to be removed when the device is unenrolled from an MDM solution, allows app config files (app preferences) to be installed, and allows an MDM solution to make an existing app a managed app.
LOM Device Request: Issues start, shut down, or restart commands.
Remove Application: Removes managed apps.
Schedule OS Update: Now includes an Install Force Restart option.
For more information, see Commands for Apple devices enrolled in MDM in MDM Settings for IT Administrators.