What’s new in Apple platform deployment
Deployment and mobile device management (MDM) introduce new features for iPhone, iPad, Mac, and Apple TV devices. These updates, detailed below, include the following operating systems:
iOS 17
iPadOS 17
macOS 14
tvOS 17
watchOS 10
You can participate in testing these features using beta versions of the operating systems by signing up for AppleSeed for IT. For more information see the AppleSeed for IT website. For additional details about the features below, see the What’s New for Education and Enterprise WWDC23 documentation on the AppleSeed for IT website.
For more information, see the WWDC23 video What’s new in managing Apple devices.
Account-driven Device Enrollment
Account-driven Device Enrollment will make it easier for users to enroll their organization-owned iPhone, iPad, and Mac devices into management using their work account. The resulting enrollment is similar to profile-based Device Enrollment, but separates work and personal content. In macOS, it also enables supervision.
watchOS management
Apple Watch can be enrolled and managed by MDM when paired to a supervised iPhone, allowing organizations to create solutions that improve productivity, support wellness, and provide additional safety to their employees. Enrollment requires a declarative configuration on the iPhone and allows the use of configuration profiles, app management, MDM commands, and declarations.
For more information, see the WWDC23 video Meet device management for Apple Watch.
Setup Assistant enforcements
To help ensure their requirements are met before a device is put into production, organizations using Automated Device Enrollment can require devices to have a minimum operating system version prior enrollment. In macOS, they can also enforce FileVault in Setup Assistant and require a user to enroll the Mac into management when registered in Apple School Manager or Apple Business Manager.
For more information, see the WWDC23 video What’s new in managing Apple devices.
Managed Apple ID updates
Additional iCloud and Continuity services are turned on for Managed Apple IDs. This includes support for iCloud Keychain and Apple Wallet. New access management controls allow organizations to restrict access to specific services and define which management state a device should be in when a user signs in with their Managed Apple ID.
For more information, see the WWDC23 video Do more with Managed Apple IDs.
Passkeys at work
With the addition of iCloud Keychain and access management to Managed Apple IDs, organizations can securely deploy and allow password-less authentication for their internal services with passkeys.
For more information, see the WWDC23 video Deploy passkeys at work.
Custom identity provider support for federation
To allow even more organizations to automatically create Managed Apple IDs, integration is supported with public and in-house identity providers supporting OpenID Connect, SCIM, and the OpenID Shared Signals and Events Framework.
For more information, see the WWDC23 video What’s new in managing Apple devices.
Platform single sign-in (SSO) updates for macOS
With additions to platform SSO, developers can extend their SSO extension to create local user accounts on a shared Mac using credentials from an organizational’s Identity Provider (IdP). In addition, permissions and group membership of those users can be managed with MDM. This also extends to users managed by the IdP who don’t have a local account for use at authorization prompts.
For more information, see the WWDC23 video What’s new in managing Apple devices.
Declarative device management updates
Software update management is added to declarative device management and provides new options for when and how an update should be enforced, including increased transparency to the user. New declarations also allow management of service configuration files for third-party—and the built-in system services in macOS—apache, bash, cups, pam, sudo, sshd, and zsh.
To make the transition even easier and more seamless, an MDM solution can migrate an already deployed configuration profile into a declarative legacy configuration without the need for redeployment and potential user disruption.
For more information, see the WWDC23 video Explore advances in declarative device management.
Managed Device Attestation for macOS
Managed Device Attestation is available in macOS and provides strong assurances about the security posture and properties of a device.
For more information, see the WWDC23 video What’s new in managing Apple devices.
802.1X for Ethernet on iPhone, iPad, and Apple TV
iPhone, iPad, and Apple TV support the configuration of 802.1X for Ethernet to connect to restricted networks that require authentication.
Private 5G and LTE networks
iOS 17 and iPadOS 17 now support Private 5G and LTE networks. Administrators can automatically activate private SIMs when an iPhone enters a geofence and allows administrators to prioritize Cellular over Wi-Fi for these networks.
5G Network Slicing
5G Network Slicing allows mobile network operators to customize traffic through a 5G Standalone network with specific quality of service requirements for network latency, throughput, and packet loss.
In addition, managed apps can be assigned to a 5G network slice provided by supporting carriers. This can be used to provide specific quality of service parameters to the app when using one of the following models:
All iPhone 14 and iPhone 14 Pro models
iPad Pro 11-inch (4th generation)
iPad Pro 12.9-inch (6th generation)
Network relays in iOS, iPadOS, macOS, and tvOS
A new built-in relay can be used to secure traffic using an HTTP/3 or HTTP/2 tunnel as an alternative to VPN. The configuration is domain-based and can be applied to managed apps, domains, or the entire device.
For more information, see the WWDC23 video Ready, set, relay: Protect app traffic with network relays.
MDM developer documentation
The Apple device management protocol documentation, including declarative device management, is available under the MIT Open Source License in the new Device Management Client Schema project on GitHub.