What’s new for enterprise in iOS 17
Learn about the enterprise content that Apple has released for iOS 17.
iOS 17 updates improve the stability, performance, or compatibility of your device and are recommended for all users. Device administrators can manage software updates using an MDM solution.
For information about general improvements, learn about iOS 17 updates.
For details about the security content of these updates, see Apple security releases.
iOS 17.6
Restricting wallpaper modification now applies to Focus modes.
Users will no longer be prompted to sign in to FaceTime when the app is restricted.
AirPrint can now be used with printers on different VLANs.
An issue was resolved where Smart Punctuation could apply to password fields.
iOS 17.5
A new MDM restriction is available to prevent installing apps through Web Distribution.
The Photos app properly enforces restrictions against printing, setting wallpaper, and enabling iCloud Photos.
Improves the stability of updating apps while in Single App Mode.
Per App VPN connects reliably on first use.
Messages stay associated with the correct phone number on Dual SIM devices.
iOS 17.4
Users no longer have to disable Stolen Device Protection in order to enroll in Mobile Device Management (MDM) or configure an Exchange account, but if they are in an unfamiliar location they may have to wait an hour.
Improves stability when making phone calls and searching contacts on devices with thousands of contacts and Managed Open In restrictions.
Users with Managed Apple IDs can now add student IDs or employee badges to Apple Wallet, if allowed by their school or business.
New MDM restrictions and commands are available for managing alternative marketplaces.
MDMs can install thinned apps to save time, storage, and bandwidth.
The command to set wallpaper no longer fails on subsequent attempts.
iOS 17.3
Stolen Device Protection must first be disabled in order to install configuration profiles, manually enroll in Mobile Device Management, or manually configure Exchange accounts.
iOS 17.2
Introduced a key,
allowLiveVoicemail
, to allow enabling or disabling of Live Voicemail via MDM.Devices no longer fail to complete extensible SSO authentication that requires multiple steps.
Passcode policy wipe will no longer delete configured eSIM(s) when the new
forcePreserveESIMOnErase
key is set to True.The global proxy profile no longer causes AirDrop discovery requests to time out.
Resolved an issue where sharingd crashes caused excessive cellular and Wi-Fi data use.
Exchange calendars are now shown as an option in default Calendar settings.
Devices are now able to locate AirPrint printers outside of the .local domain.
iOS 17.1
Continuity features can be used with Managed Apple IDs.
Always on VPN users are now able to make cellular and Wi-Fi calls, use cellular data, and send SMS/MMS messages.
Resolves an issue with iOS devices losing communication with MDM.
iOS 17.0.3
Resolves an issue where Apple Business Essentials users were unable to complete setup after updating to iOS 17.
iOS 17 devices no longer become unresponsive when joining a managed Wi-Fi network.
The Calendar app will no longer resend invitations to all participants after accepting or declining an Exchange event invitation.
iOS 17
iOS includes new features, bug fixes, and improvements for enterprise and education deployments.
Device Management
MDMs can enable account-driven Device Enrollment to allow users to enroll their iOS or iPadOS device into management using their organization's Managed Apple ID in Settings.
Apple Configurator in iOS 17 can now assign a device to an MDM server while it is being added to Apple School Manager, Apple Business Manager, or Apple Business Essentials.
Sign-in with Apple automatically uses the Managed Apple ID for Managed Apps and a personal Apple ID for nonmanaged apps.
MDMs can now enforce a minimum operating system version on enrolling devices when using Automated Device Enrollment.
Declarative device management can now be used to manage updates on iOS and iPadOS.
iOS now provides support for private, data-only cellular networks using LTE, 5G Non-standalone (NSA), or 5G Standalone (SA).
With Return to Service, MDM can send an erase command including Wi-Fi details, and an optional MDM enrollment profile, so the device can erase all data and automatically proceed to the Home Screen, ready to be used.
An Apple Watch can be enrolled and managed by MDM when paired to a supervised iPhone.
New declarations support the deployment of certificates and identities using ACME, SCEP, or an encrypted PKCS#12 container and certificates as .pem or .der encoded files.
Certificates from a self-signed Certificate Authority (CA) are automatically added to the device’s trusted root certificates.
Devices enrolled with User Enrollment can now be configured to disallow Auto Lock from being set to Never, which helps to protect organizational data.
MDM can now report on the battery health of iOS devices.
Bug fixes and other improvements
Canceled Exchange events no longer remain on Calendar if they’ve been deleted elsewhere.
Devices respond to MDM more reliably.
Apple devices now support connection to 802.1X networks using EAP-TLS with TLS 1.3 (EAP-TLS 1.3).
With Network Relay, a secure HTTP/3 or HTTP/2 relay can be configured to proxy all TCP and UDP traffic.
iOS and iPadOS devices support configuring 802.1X over Ethernet.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.