hat’s New in Managing Apple Devices

WWDC 2018

Posted by Den on August 03, 2018 · 12 mins read
What’s New in Managing Apple Devices

What’s New in Managing Apple Devices

WWDC 2018

What’s New in Managing Apple Devices

WWDC 2018

Classroom for Mac

Enrollment

Apple School manager

  • 200 GB of iCloud storage for Managed Apple IDs
  • Easier account password management
  • New Apps and Books purchasing experience
  • Flexible license management
  • Default MDM server for device type

Apple Business Manager

  • Manage Accounts, Apps and Books, Devices
  • Create Managed Apple IDs for admins
  • New Apps and Books purchasing experience
  • Flexible license management
  • Default MDM server for device type
  • No Managed Apple IDs for employees

New countries

Volume Purchase Credit

  • Add credit to your account via purchase order
  • Purchase from Apple or reseller
  • Launched last week in 10 new countries
    Austria, Finland, Netherlands, Switzerland, Belgium, Ireland, Norway, Denmark, Luxembourg, Sweden

Setup Assistant configuration

  • Privacy (macOS 10.13.4 / iOS 11.3)
  • iCloud storage (macOS 10.13.4)
  • Set language and region (iOS 11.3)
  • Where is this Apple TV? (iOS 11.4)
  • iMessage and FaceTime
  • Screen Time
  • Software Update

Security: Apple Transport Security

  • ATS required in 2018
  • SCEP server capabilities
  • DES no longer supported in iOS 11 or tvOS 11
  • Supported AES, SHA-512
  • Advertise your capabilities

Security: Enterprise app manifest delivery (mac OS)

  • InstallApplication still supported
  • Switch to one of the new, secure, methods
  • InstallEnterpriseApplication
    - INline manifest
    - Provide certs to pin

Management

Password restrictions (supervised)

  • Implies Safari AutoFill
  • Blocks WiFi password sharing

Command and settings

  • Enable/disable Bluetooth (macOS 10.13.4, iOS 11.3)
  • Exchange: Use OAuth
  • Managed Software Updates (macOS 10.13.4, iOS 11.3)
  • Erase Device: Prevent proximity setup (iOS 11.3)
  • macOS Server Account (Removed)

Managed Software Updates

  • Restrictions (Supervised)
    - Delay when user will see new update
    - Configure delay period
  • ScheduleOSUpdate supports version number
  • Apple Software Lookup Service
    - Catalog API for iOS updates
    - Documentation available

Settings new in iOS 11.3

  • Require authentication before AutoFill (Supervised)
  • Allow USB accessories while device is locked (Supervised/ 11.4.1)
  • Require teacher consent to leave a teacher 
    created Classroom class (Supervised)
  • Restrict Remote pairing to whitelisted devices (Supervised)
  • VPN: AlwaysOn Support CellularServices
    service exception
  • Home screen Layout: Web Clip support

Settings new in iOS 12

  • Notifications: Critical alerts, Show in CarPlay
  • Restrictions: Set data and time automatically (Supervised)

Settings new in iOS 12: S/MIME for Mail and Exchange

  • Allow user to
    - Enable/ Disable signing
    - Modify signing cert selection
    - Enable/ Disable encryption by default
    - Modify encryption cert selection

Settings new in iOS 12: VPN IKEv2

  • DNS server addresses
  • Primary domain for the tunnel
  • DNS search domains
  • DNS supplemental match domains

Commands and Settings for tvOS

  • Configure movie ratings, TV ratings, 
    app ratings, explicit content (tvOS 11.3)
  • Remote pairing to whitelisted devices (tvOS 11.3/ Supervised)
  • Install App Store app
  • Install software update
  • Install enterprise app
  • Configure home screen layout
  • Single App Mode

Commands and Settings for macOS 10.13.4

  • Generated private keys not exportable
  • AD Certificate: Auto-renew certs
  • Content Caching
  • Smart Card
    - Require to sign in macOS 10.13.2
    - Enable screen saver on removal
    - New options for Check Cert Trust key

User-approved MDM

  • Manage features which should only be available
    on organization-owned Mac
  • Kernel extension permissions (macOS 10.13.2/ UA MDM)
  • Introduced in 10.13.2
  • Required in 10.13.4

Announcements

Security

  • Allow USB accessories while device is locked
  • Switch in Settings to allow when locked
  • Supervised restriction to force switch on
  • Configurator managed devices

Supervised-only restrictions

  • Restrictions that should have been supervised
    only will only be honored on supervised devices
  • Now will be enforced in 2019
  • Upgrade and migration policy
  • App installation: Siri
  • App removal: iCloud documents and data
  • FaceTime: Multiplayer gaming
  • iTunes: Add Game Center friends
  • Safari: Explicit content

Managed Open In

  • Improvements in iOS 11.3 and iOS 12
  • Sharing files 👍
  • Contact API respects boundary in iOS 11.3

Developers

Schoolwork

  • Easily share content
  • Leverage power of apps
  • View student progress
  • Tailor instruction
  • Collaborate and provide feedback

ClassKit

  • Integrate with Schoolwork
  • Help teachers discover activities in your app
  • Take students directly to activity
  • Security share progress data with teachers

Roster API: Class Name

  • Use Class Name as display name
  • Consistency in Classroom and Schoolwork

Shared iPad

  • Data not available locally on new device
  • App persists any data to the cloud
  • Works well after deleting local data

Managed App Configuration

AppConfig Community
A community focused on providing tools and best practices around native capabilities in mobile operating systems to…www.appconfig.org
  • Thousands of developers
  • Shared schemas
  • App warning
  • Customization

Enterprise SDKs

  • IBM Watson Services for Core ML
  • IBM Cloud Developer Console
  • SAP Cloud Platform SDK
  • GE Predix SDK for iOS

Assessments

  • Support for testing apps (macOS 10.13.2)
  • Requires entitlement

Installation

startosinstall (macOS 10.13.4)

  • Part of macOS installer
  • Install macOS on startup dist
  • Install packages after macOS ( --installpackage )
  • Erase current startup disk first ( --eraseInstall )
← Previous Post Next Post