Apple’s Worldwide Developer Conference is running this week, giving us a look at the upcoming versions of their operating systems. On Wednesday they streamed the session What’s New in Apple Device Management, and I watched it to see what’s coming up.
As it turns out, iOS 10 doesn’t have any sweeping changes—instead the focus was on iOS 9.3, which came out in March and was a big release for education. The most interesting new enterprise feature from WWDC is probably CallKit, which improves how third-party VoIP apps work. Let’s take a look at all this.
iOS 9.3 and education
The big new education features in iOS 9.3 were Apple School Manager, Shared iPad, and the Classroom app. The March release (instead of with iOS 10 in September) gives schools time to test and deploy everything before the new academic year in the fall.
Apple School Manager (ASM) is a service used to deploy and manage school-owned devices, apps, and content—much of it is based on the Device Enrollment Program and Volume Purchase Program. ASM uses third-party EMM vendors to provide all of the backend MDM plumbing. ASM can integrate with student information systems to manage users and groups (i.e. students, teachers, classes, etc.) and can create managed Apple IDs for students and staff.
The Shared iPad mode lets users to log any school-owned iPad and get all their own apps and data—it works a lot like roaming user profiles on Windows. This would be useful for the enterprise, too, but my gut assumption is that it will be a while before that happens. It would also be great for families, but same thing—I’m not holding my breath.
The Classroom app lets teachers control all of their students’ devices. For example, they can make them all run a specific app at the same time, or choose a student to AirPlay their iPad to an Apple TV in the classroom.
iOS 9.3 also brought other refinements, mostly for corporate-owned devices run in the special Supervised MDM mode. These include the ability to specify the layout of icons on the Home Screen; real app blacklisting and whitelist; a mode for lost devices; activation lock; and finer control over notifications. Again, these are for institutional devices—users don’t have to worry about any of these things happening to BYOD iPhones and iPads enrolled in normal MDM.
The WWDC session itself mostly covered the nuts and bolts of how EMM vendors support all of these new features, along with some demos. For more user-oriented information, check out Apple’s support pages for Apple School Manager and the Classroom app.
What’s new in iOS 10
Now what’s actually new this week and matters to the enterprise?
The new CallKit API for VoIP apps will really make the experience a lot smoother and less confusing for users by allowing third-party apps work just like the normal phone on the lock screen, recent calls list, and favorite contacts list. MDM controls will allow IT to specify the default app for audio calls for any enterprise-managed contacts and accounts.
This will be huge for unified communications and VoIP providers (Cisco Spark got a callout during Monday’s keynote) and it should considerably advance the cause of split work/personal calling for BYOD. (Giving out a personal cell number is still one of the biggest objections to BYOD I hear from friends and acquaintances.)
Last year at WWDC, Apple said that some time in the future they would deprecate some restrictions settings from normal MDM, and make them available only on devices managed in Supervised mode. This year they said this will be happening very soon, though not immediately in iOS 10. The particular restrictions are app installation and removal; FaceTime; Siri; Safari; iTunes; explicit content; iCloud documents and data; Multiplayer gaming; and adding GameCenter Friends. Overall, this is in line with Apple’s strategy to differentiate the MDM capabilities on corporate and personal devices.
Other iOS MDM updates include a few changes to configuration payloads for VPNs and WiFi.
Now on to OS X (which in case you missed it will be renamed to macOS). Earlier this year, the 10.11.4 update added the ability to command Macs enrolled with under the Device Enrollment Program to install major OS updates, so it will be possible to use MDM to update these devices to macOS Sierra. Sierra will also support a new payload to configure the IP firewall, as well as a few new restrictions.
The What’s New in Security session had a few other things of note for the enterprise: There are changes to how Gatekeeper works (Gatekeeper controls whether or not non-App Store or unsigned applications can run on OS X / macOS); and mandatory App Transport Security means that all iOS apps in the App Store will be required to use HTTPS (with some exceptions) by the end of the year.
In other sessions, Apple publicly mentioned that they’re participating in the AppConfig Community, and advocated for AppConfig best practices.
Even though there were no sweeping changes to how we think about iOS MDM this week, right now there’s still plenty to talk about in MDM and MAM. I presented a session about this last month at Citrix Synergy, but now that Apple WWDC and a few other announcements have happened, I’m going to post a followup next week. Stay tuned.