What's new with iOS 17, iPadOS 17, and macOS

Apple @ Work is brought to you by Kolide, the device trust solution that ensures that if a device isn’t secure, it can’t access your cloud apps.  If you have Okta, Kolide can help you get your fleet to 100% compliance.  They’re Zero Trust for Okta. Learn more or request a demo today.

Apple’s World Wide Developer Conference for 2023 has come and gone once again, and now we turn our attention to the summer of beta testing, preparing training, and more. I’ll be diving into many of these announcements in the coming weeks, but I want to run through the high-level updates that Apple IT administrators need to know for macOS Sonoma, tvOS 17, iOS 17, watchOS 10 (yes, Apple Watch is coming to MDM), and iPadOS 17.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


Account-driven Device Enrollment

Account-driven Device Enrollment is a streamlined solution that simplifies the process of enrolling company-owned iPhone, iPad, and Mac devices into management by utilizing users’ work accounts. This innovative approach ensures that the enrollment experience maintains a clear distinction between work and personal content. Furthermore, in macOS, it grants the added benefit of enabling device supervision. With Account-driven Device Enrollment, the task of managing devices becomes more efficient and tailored to the needs of both users and organizations.

watchOS gains device management support

When an Apple Watch is paired with a supervised iPhone, organizations gain the ability to enroll and manage it using Mobile Device Management (MDM) solutions. This expansion of the MDM protocol opens up many possibilities for creating customized solutions that enhance productivity, promote wellness at work, and bolster employee safety (think noisy warehouses, etc). The enrollment process entails a declarative configuration on the iPhone, unlocking the utilization of configuration profiles, app management, MDM commands, and declarations.

Setup Assistant enforcements

Automated Device Enrollment offers organizations a way to ensure that their specific requirements are met prior to deploying devices into production environments. With these enhancements, organizations can mandate a minimum OS version as a prerequisite for device enrollment, guaranteeing compliance for SOC2, etc. FileVault can also be enforced as well. Additionally, organizations have the option to require users to enroll their Macs into management when registering the device in Apple School Manager or Apple Business Manager.

Updates to Managed Apple IDs

Apple is also bringing some updates to Managed Apple IDs this fall as well with additional iCloud and Continuity services. These updates include support for iCloud Keychain and Apple Wallet. Apple will be allowing organizations to restrict access to specific services and define which management state a device should be in when a user signs in with a Managed Apple ID. Here’s some of the information Apple shared on the updates

  • Continuity: Users can use AirPlay to Mac, Auto Unlock, Continuity Camera, Continuity Markup and Sketch, Handoff, Instant Hotspot, iPhone cellular calls, Sidecar, SMS, Universal Clipboard, and Universal Control.
  • iCloud Keychain: Users can securely store and access credentials (including passkeys) on all approved devices.
  • Apple Wallet: Users can add cards and passes to Apple Wallet including the possibility to use Apple Pay.
  • Developer account: If allowed, Managed Apple IDs created in Apple School Manager can participate in the Apple Developer program.

Passkeys at work in iCloud Keychain

Apple is adding PassKey support to iCloud Keychain and access management to Managed Apple IDs. This will allow organizations to deploy and enable password-less authentication for internal services with passkeys.

Custom identity provider support for federation

To allow more companies to create Managed Apple IDs automatically, integration is supported with public and in-house IdPs supporting OpenID Connect, SCIM, and the OpenID Shared Signals and Events Framework.

Platform single sign-on updates for macOS

With enhancements to Apple’s platform SSO, developers can extend their SSO extension to create local user accounts on a shared Mac using credentials from a company’s IdP. In addition, permissions and group membership of those users can be managed from device management tools.

Declarative device management updates

Software update management is now part of declarative device management and provides new options for when/ how an update should be enforced, including increased notifications to the end users. To make the transition, an MDM solution can migrate an already deployed configuration profile into a declarative legacy configuration without the need for redeployment and potential problems.

Managed Device Attestation for macOS

Managed Device Attestation is available on macOS and provides strong assurance about the security setup and properties of the device in question.

802.1X support on ethernet for iPhone, iPad, and Apple TV

iPhone, iPad, and Apple TV support the configuration of 802.1X for Ethernet to connect to restricted networks that require authentication. While I don’t think it’ll be incredibly popular on iPad and iPhone, it’s a much-needed feature for Apple TV.

Private 5G and LTE networks

With iOS/iPadOS 17, iPads and iPhones now support Private 5G and LTE networks. IT admins can automatically activate private networks when an iPhone enters a geofence and allows the devices to prioritize the private cellular over Wi-Fi.

Wrap-up

These are some of the key updates coming for IT and security teams with the new versions of iOS 17, iPadOS 17, tvOS 17, macOS Sonoma, and watchOS 10. I’ll be diving into them in more detail in the coming weeks.

Apple @ Work is brought to you by Kolide, the device trust solution that ensures that if a device isn’t secure, it can’t access your cloud apps.  If you have Okta, Kolide can help you get your fleet to 100% compliance.  They’re Zero Trust for Okta. Learn more or request a demo today.


Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

Read More