Apple’s Worldwide Developer Conference for 2019 kicks off next Monday, June 3, and as in years past (WWDC 2018, WWDC 2017, etc.), we’ll be watching and writing about all the enterprise news. We’ll learn about iOS 13, macOS 10.15, and more.
The device management breakout session will stream live at 11:00 am PT on Friday, June 7, but we’ll probably get information from the developer betas and documentation earlier in the week.
What do we want to see, and what will we actually get?
First, we have to give the obligatory introduction and set the context before we begin our supplication: Putting out multiple operating systems used by countless enterprises around the world in high-stakes, high-security situations is a big job. Apple has to consider any changes very carefully, as the huge scale can magnify any issues into headline-grabbing news. Overall, they do a good job, and Apple device management is consistent and secure, especially if you understand Apple’s perspective and have good processes for dealing with changes.
Now that we have that out of the way, here are my thoughts going into WWDC 2019.
If you’ve been reading this blog for a while, you’ve probably seen my article, “iOS MDM needs to get better for BYOD,” first published in 2017 and updated several times since then. The short version is that while supervised MDM mode and the Device Enrollment program are very good for corporate-liable devices, the experience for BYOD users that enroll their phones in regular MDM is behind the times. We could use:
- A “Work and School Do Not Disturb” mode for MDM-managed apps and accounts.
- More transparency for end users, so that they better understand what their employer’s MDM is and is not doing.
- More personal privacy. I believe that a few more features, like polling personal apps, should be removed from the regular (non-supervised) MDM mode.
- Enrollment with multiple MDM servers would be nice to have, too.
I’ve rehashed these points a million times in that article and on podcasts, and I know a lot of people feel the same way. Hopefully we’ll get some clarity, but in the meantime, I’ve become much more pragmatic over the years, and I believe that having seperate phones for work and personal use is perfectly fine.
On a related note, Supervised Mode has room for new features, too. There are a lot of items in the Settings app UI that still aren’t exposed as MDM APIs. How about managed app configuration settings for the Settings app itself?
In the last year, we’ve covered Jamf Connect and Mosyle Auth, two third-party products that can link macOS user accounts to cloud identity platforms. In addition, Apple added support for federating Managed Apple IDs to Microsoft Azure AD via SAML. And overall, identity and conditional access are becoming a key part of end user computing.
So, the time is right for Apple to keep on adding various forms of support for cloud identity providers and SAML in all of their products. The more, the better!
If you’re familiar with the concept of the “hype cycle” (as outlined by Gartner), you can see that the idea of using an iPad as a laptop replacement is on the “Slope of Enlightenment.” In other words, this is actually becoming a real thing now, and people are using iPad Pros everywhere.
This doesn’t really affect the enterprise a huge amount—if you can support iPhones, you can support iPads—but a lot of us in the EMM space are doing this, so we’re excited about what might come with iOS 13. The rumors are that we’re getting multiple windows for apps and “stackable cards,” as well as a revamped Files app and maybe even mouse support.
macOS is going through a multi-year transition from traditional to MDM-style management, just like Windows 10. The difference is that Apple is able to shut down older techniques more readily than Microsoft.
What makes this interesting is that many IT departments are beginning to manage Macs for the very first time, and we’re at the point when a lot more companies are offering them as an alternative to Windows. As a result, management platforms like Jamf, Fleetsmith, Mosyle, Addigy, and Workspace ONE are all growing like crazy.
There’s more going on in here than I can cover in one section of a preview—for example, there’s user-approved MDM, app notarization, and the last gasps of imaging—but overall, this is under the microscope more than ever.
Most people take iOS security for granted, and that’s probably okay. However, there’s a lot going when you look deeper:
- It’s easy to sideload apps with just a little bit of Googling.
- There was just a kerfuffle around companies that used MDM for parental controls, not to mention the episode with Facebook and Google using in-house enterprise app certificates in unapproved ways. And the iOS 12.2 change that made BYOD devices harder to enroll in MDM clearly came from a security angle, too.
- iOS devices get attacked by things like the GrayKey passcode breaking device and products from the NSO Group.
- And with the App Store antitrust case moving forward, who knows what could happen if third-party app stores became a thing.
Mobile threat defense products are around to help address these concerns, and this nascent industry is growing. There are still concerns that these MTD agents have a hard time doing their job, though. Perhaps we could see Apple give some mobile threat defense vendors more access to iOS? One thing’s for sure—as these devices and OSes get more complicated, the security conversation around them gets more important.
We’d all like Apple to be more open, but they’ve taken steps in the right direction. Remember that they finally started live streaming all the WWDC sessions a few years ago, a big improvement from the way we used to have to guess at the specifics of new iOS versions all summer.
Every company should be testing the beta versions of iOS and macOS—even if you don’t have any in-house apps or you don’t do MDM, you’re still a mobile company. And don’t forget, you can file feedback, too.
For additional positive news, we also saw Apple speaking at the Jamf Nation User Conference, and appearing on the Mac Admins Podcast.
Until we get to all the enterprise news from WWDC 2019, we have lots of other information on our enterprise mobility management resources page.
Update: We got quite a few interesting updates, especially with the new BYOD-oriented User Enrollment MDM mode. Read all about it in our WWDC 2019 deep dive post.