What’s new in mobile device management for Apple devices
The following features are new in mobile device management for iPhone, iPod touch, iPad, Mac and Apple TV devices.
Set-up Assistant pane updates
Accessibility (macOS only): The Accessibility Set-up Assistant pane can be skipped.
Get started (iOS and iPadOS only): The Get Started pane can be skipped.
Software update completed (iOS and iPadOS only): If a software update is performed during Set-up Assistant, the Update Completed pane can be skipped.
New payloads and payload updates for iOS 14 and iPadOS 14
DNS Settings: DNS settings can be encrypted, so DNS entries aren’t seen by others watching network traffic.
Set-up Assistant: Gives the ability to skip specific Set-up Assistant panes.
Per App VPN: Allows apps to use different VPN tunnels for specific internal websites.
Per Account VPN: Allows specific accounts in the following payloads: Calendar, Contacts, Exchange ActiveSync, LDAP, Mail and Subscribed Calendars.
Exchange ActiveSync: Allows the user’s password to be updated in place.
Notifications: For app notifications, turns off preview. For message notifications, manages the type of preview users can see.
SCEP: Key size can now be 4096 bits.
VPN: Added a specification on the maximum transmission unit (MTU), in bytes; added the ability to route all network traffic through a VPN connection; and added the ability to prevent users from disabling VPN On Demand.
Wi-Fi: MAC address randomisation can now be disabled when it’s associated with a Wi-Fi network. This feature is also available on watchOS.
New payloads and payload updates for macOS 11
Lights Out Management: Remotely starts, shuts down and reboots Mac Pro (2019) computers.
Per App VPN: Allows apps to use different VPN tunnels for specific internal websites.
Associated Domains: Direct downloads are supported.
Single Sign-On Extensions: SSO extensions are supported for User Enrolment.
IKEv2: Added a specification on the maximum transmission unit (MTU), in bytes.
New restrictions for iOS 14 and iPadOS 14
Allow App Clips: Restricts the ability to add App Clips. When this restriction is applied, any existing App Clips are removed.
Allow personalised ads delivered by Apple: Prevents Apple from using users’ information for ad targeting.
New restriction updates for macOS 11
Defer software update: This setting now includes supplemental, security and non-OS updates (such as Safari).
New queries and query updates for iPadOS 14
Device Info query: Returns the eSIM identifier.
Device Info query: Returns managed app feedback.
Device Info query: Returns the Time Zone setting on the device.
See MDM queries overview.
New queries and query updates for macOS 11
Device Info query: Specifies whether the Bootstrap Token is allowed.
LOM Set-up Request query: Returns the LOM information.
Managed Application List query: Returns the list of managed apps.
Managed Application Feedback query: Returns managed app feedback.
See MDM queries overview.
New queries for iOS 14, iPadOS 14 and tvOS 14
Device Info query: Returns the Time Zone setting on the device.
See MDM queries overview.
New commands for iOS 14, iPadOS 14 and tvOS 14
Application Attribute: Adds the ability to enable direct downloads for an associated domain and restricts the ability to remove the app.
See MDM commands.
New commands and command updates for macOS 11
Account Configuration: Specifies the short name of the local account to be managed.
Install Application and Install Enterprise Application: Now includes the “Install a Managed App” option, which allows managed apps to be removed when the device is unenrolled from an MDM solution, allows app config files (app preferences) to be installed, and allows an MDM solution to make an existing app a managed app.
LOM Device Request: Issues start, shut down or restart commands.
Remove Application: Removes managed apps.
Schedule OS Update: Now includes an Install Force Restart option.
See MDM commands.