WWDC 2024 – First Thoughts on First Looks
The Worldwide Developers Conference (WWDC) is always an exciting time at Addigy as we gather together to hear from Apple about their new releases and the capabilities organizations now have to manage them. Our team is actively reviewing all of the new improvements and features. Here are a few of the biggest highlights and changes we are most excited about:
We’ll be taking a deeper dive at our Sudo Talks WWDC24 Afterparty – SudoTalks Streamlines Hundreds of WWDC Sessions into One Hour of Apple Enterprise Highlights: Join us on June 25 at 12:00 ET for an insightful recap of Apple’s impact in enterprise technology. Sign up for SudoTalks now!
Before we dive in, it’s worth mentioning that for Apple, privacy is a fundamental human right. This year’s releases underscore their commitment to this principle. Apple continues to make meaningful improvements and enhancements to device management, furthering their achievements in end user and organizational privacy and security.
Apple Business Manager and Apple School Manager Updates
Apple announced significant changes to how Apple Business and Apple School Manager manage Apple Accounts and devices associated with organizations.
Managed Apple Accounts
Say goodbye to Managed Apple IDs (MAIDs) and say hello to Managed Apple Accounts. Managed Apple Accounts (MAAs) allow organizations to manage and own all of the Apple accounts associated with their domain. They can secure end user data, and provide end users with benefits such as iCloud services.
Additionally, Apple announced a new domain capture and account transfer feature that helps organizations capture accounts using their domain email. If an end user has created a personal Apple ID using their organization’s email account (e.g. an @school.edu or @business.com account), Apple will provide a pathway for the end user to keep their personal Apple ID account, while simultaneously allowing the organization to capture the email to be used as a Managed Apple Account.
This is best understood with an example. Jane Doe creates an Apple ID using her [email protected] email address. The organization now requires that all Apple Accounts using their domain (business.com) be Managed Apple Accounts. But Jane Doe created her account already. Jane has options—she can transfer the [email protected] account to a Managed Apple Account, or she can choose a new primary email address, such as [email protected], and keep all existing data associated with her Apple ID.
If Jane does nothing, the [email protected] account becomes a personal Apple Account, and the name is changed to [email protected] – which means [email protected] can become a Managed Apple Account.
Why We Love This
Managed Apple Accounts are a great way to balance organizational needs with the end user’s right to privacy and custom settings. End users have the option to transfer their associated data and settings to a new email, allowing the organization to reclaim and manage all accounts using their email domain. If the end user does nothing and ignores the request, Apple creates a new personal Apple ID with a new email for them, clearing the way for the organization to continue operating normally.
Activation Lock Management
Activation Lock is a critical security component in Apple devices—it protects devices from being used by unauthorized users after they’ve been wiped. Activation Lock can be enabled by the end user, and can be controlled in Addigy by the organization—whether the end user wants it to be enabled or disabled.
Anyone who manages Apple devices with Activation Lock has probably been in the situation where they are reprovisioning a device for a new user, and are met with the dreaded Activation Lock screen. Within Addigy, admins can look up Activation Lock codes to bypass this screen, even if the device has been removed from the console entirely.
Unfortunately, sometimes Activation Lock is left on unintentionally and there is no bypass code. This costs IT admins valuable time, requiring them to open an AppleCare ticket and prove ownership of the device. Now, with this update, Activation Lock can be turned off for organizational owned devices directly in Apple Business and Apple School Manager.
macOS 15 Management Updates
macOS 15 Sequoia introduced several exciting new features and management capabilities for administrators. You can dive into all the announcements.
Updates on Software Updates
Addigy had been deploying OS updates for macOS, iOS, and iPadOS via declarative device management (DDM) in beta since October of 2023 and in general availability for all customers since March of this year. Now, Apple has announced further iterations to DDM, including major improvements to the management of beta OS updates, and a way to change notification behavior to show notifications only one hour before enforcement times and the restart countdown.
Today, an individual device needs to be enrolled into a beta program (Developer, Apple Seed for IT/Education, or the Public betas) in order to receive beta updates. Addigy has utilized this functionality since the end of 2023, when we began pulling beta build information from the device, and created a declaration to manage the updates.
The new improvements will allow organizations to better utilize the Apple Seed beta programs. They can now add devices to the beta program at any time using an organization token—users do not need to be signed in with an Apple Account. Addigy will also utilize Apple’s beta updates catalog moving forward, instead of the DDM OS Updates feature.
These improvements make it significantly easier for administrators to enroll their whole fleet in the Beta program. They also allow organizations to better test and prepare for future OS updates, ensuring that their Apple devices, and all apps and workflows, are ready for the latest OSes
Restricting Local Network Drives and External Hard Drives
An important restriction is reintroduced in macOS 15 to manage local network drives and external hard drives. IT Admins can now control whether they want these drives to connect to their devices, and can limit them to be read only. For security-minded IT Admins who want to limit what types of drives can connect to their computers, this restriction offers new opportunities to secure their fleet.
Passkey and Hardware Security Key Support
Setup Assistant in macOS 15 now allows passkeys and supported hardware security keys during enrollment. This update improves the security of the device setup and enrollment processes.
Platform Single Sign-On
Apple’s Platform Single Sign-On (SSO) feature integrates deeply with macOS and iOS, allowing users to authenticate once using their enterprise credentials to seamlessly access multiple apps and services. The SSO extension can sync a user’s local macOS password with their Identity Provider account credentials, reducing the number of passwords users need to remember and manage. This feature enhances user experience by reducing password fatigue and improves security by minimizing the number of passwords a user needs to manage. It works in tandem with the Enrollment SSO payload, allowing users to sign in at the native Apple login window with their Identity Provider credentials.
This year Apple announced that in macOS 15, the Platform Single Sign-On feature has extended functionality to require IdP authentication across FileVault, the Lock Screen, and the login window. This includes new policy options for configuring Touch ID or Apple Watch to unlock the screen, making it easier for users while maintaining high security standards.
iPhone + macOS Restrictions
We love the iPhone Screen Sharing features introduced in macOS 15, which allow end users to access their phones from their computers. However, not every organization will want to allow these capabilities. Fortunately, Apple has also introduced a way to restrict iPhone Screen Sharing and FaceTime remote control.
iOS and iPadOS Management Updates
iOS and iPadOS 18 come with a lot of really exciting features for end users, such as more customizations for the look and feel of their home screens and granular control of the apps on their devices. See a complete overview of the new operating system here.
These updated features also come with new and improved ways for IT admins to manage their fleet.
Hiding and Locking Apps
Apple introduced the option to allow users to require Face ID, Touch ID, or a passcode to open an app, and to hide apps from the home screen.
New capabilities will allow IT Admins to manage whether individual apps can be hidden or locked. Admins will also be able to restrict end users’ ability to hide or lock apps on supervised devices—entirely.
Admins will find these capabilities particularly helpful when managing apps that contain company data, such as communication, email, or collaboration apps like Outlook, Slack, and Microsoft Teams, or when devices are shared or publically accessible. This adds an additional layer of security, ensuring only authorized users can access company assets, as well as devices that are left unattended and unlocked for any reason
iPadOS Calculator and Math Notes
The calculator app that has been in iOS and macOS is coming to iPadOS 18! The app has also gotten a serious update from Apple with a ton of great features, such as Math Notes. Math Notes allows users to write or type out equations on a scratch pad-like screen, where equations are instantly solved. More on this can be found here.
Along with this slick addition to the calculator application, IT Admins can manage the use of Math Notes on users’ devices.
Apple Intelligence
Finally, we must talk about the biggest announcement made this year: Apple Intelligence, introduced for iOS 18, iPadOS 18, and macOS Sequoia. Apple Intelligence brings powerful new AI capabilities to Apple devices.
Some key features include:
- Writing tools for rewriting, proofreading, and summarizing text across apps
- Image creation tools like Genmoji to generate custom emojis, and Image Playground for creating images from descriptions
- Enhanced Siri with natural language understanding, contextual awareness, and the ability to take actions across apps
- Integrations with ChatGPT for Siri and writing tools, making it easy for users to access OpenAI’s powerful model
With these powerful new abilities, the first question on many IT Admin’s minds is, How can we manage which AI features are allowed on organizational devices?
So far, Apple has introduced a new restriction that enables organizations to prevent the use of the ChatGPT integration in Siri and Writing Tools. We are excited to hear what else Apple will offer in the coming months, and will be sure to keep you updated.
Apple Intelligence leverages on-device processing and server-based models while prioritizing user privacy with their revolutionary private cloud compute. The new AI system aims to deliver helpful and relevant intelligence tailored to each user’s personal context. Apple has a strong privacy record, but if you’d like to dive into the details you can read more from Apple directly on Apple Intelligence and Private Cloud Compute.
WWDC24 Afterparty
WWDC24 revealed substantial improvements and new features that empower IT Admins to manage Apple devices more effectively and securely. By leveraging these updates, organizations can enhance their device management strategies, improve security, and provide a better user experience for their end users.
Our heads are still spinning with all the new updates. We’d love for you to join us as we dive into these features and explore the new functionality at our Sudo Talks WWDC24 Afterparty.