Apple’s 2015 MDM updates are incremental, but that’s fine—it’s a sign of maturity.

By now you've probably heard all the major news from the Apple Worldwide Developer Conference last week. Today I'm going to take a closer look at some of the announcements that are relevant to the enterprise mobility management space.

By now you’ve probably heard all the major news from the Apple Worldwide Developer Conference last week. Today I’m going to take a closer look at some of the announcements that are relevant to the enterprise mobility management space. As it turns out, many of the EMM updates from WWDC are fairly small and incremental, but that’s perfectly fine—in fact, it’s a sign of maturity in our space.

General announcements

The new iPad multitasking and QuickType features really look great. (I’ve personally never been the “work as much as possible from an iPad” type, but they make me want to give it another good try.) Arguably these will make iPads into even more powerful business tools. But will this have a huge immediate impact on the enterprise? Not really. We’ve already had 5 years of bringing tablets into all sorts of enterprise situations, and we’re already talking about the idea of mobile-enabling processes and applications, so there’s nothing too new here. Is this a harbinger of the dawn of a new paradigm in human-computer interaction? Again, no. Even though we found a place for iPhones and iPads very quickly, the last few of years of very gradual adoption of touchscreen laptops, “convertibles,” and Surface tablets have shown us that this is a slow process. Bottom line for the enterprise, the iPad updates are nothing to lose sleep over.

Devices with Touch ID will now require 6-digit passcodes instead of 4. While in theory Touch ID means this shouldn’t affect users too much, this is still going to throw a lot of people for a loop. Expect a lot of inquiries about this in when iOS 9 comes in the fall.

When the iOS 9 updates do come, they’ll be much smaller. (Supposedly 1.3GB as opposed to iOS 8’s 4.53GB.) I lost count of the number of people that I’ve met that couldn’t update their phones because they didn’t have enough space, so this is good news. (On the other hand, it’s also ridiculous that the base model iPhone still only comes with 16GB of storage.)

One interesting development is that Xcode 7 will allow anyone—not just registered developers—to build apps and install them on their devices. Some are predicting that this will open the floodgates to a new trade in apps outside of the Apple App Store. Is this a crack in the armor of the modern mobile OS and app model? Sure, it will certainly make sideloading apps easier, but on the other hand, it’s still not as easy or as simple as on Android. And remember that jailbreaking devices is still a lot harder than it used to be. Bottom line on this one: let’s keep a wary eye on it to see what happens.

EMM-specific announcements

For EMM, the other main highlight of WWDC was the What’s new in Managing Apple Devices session, where updates to MDM, the Volume Purchase Program (VPP), and the Device Enrollment Program (DEP) were announced.

This year most of the emphasis was on VPP, DEP, and supervised devices. (In Apple MDM parlance, “supervised” refers to a special more tightly-control management mode meant for institutional devices, as opposed to just regular MDM for BYOD and COPE devices.) If you happen to use one of these programs or supervised mode, then these announcements could be important, but if not, then most of the updates are fairly minor.

Here are the more significant announcements:

Devices that are enrolled in DEP can now be automatically configured using Apple Configurator (a management utility that I’ll talk about shortly), so there’s no need to touch a device at all to set it up.

VPP app licenses can now be assigned directly to devices, instead of to users, and no Apple ID is required at all.

It’s now possible to convert unmanaged apps (apps that users install on their own) into managed apps (apps that have mobile app management policies applied to them via an MDM server) without reinstalling the apps. For supervised devices, this happens silently, and for normal devices, the user will be prompted to accept management of the app. This solves a big issue that existed in the past with using iOS MDM to manage apps—what would happen if IT wanted to manage an app, but a user had already installed it.

The following new restrictions are available for all managed devices: screen recording; trust new enterprise app authors; and treat AirDrop as unmanaged destination (closing a data-leaking loophole). For supervised devices, the following new restrictions are available: automatic app downloads, iCloud photo library; keyboard shortcuts; modify device name, passcode, and wallpaper; News (the new app); and pair with Apple Watch.

Some older restrictions that were available for all managed devices will be depreciated in the future; they include app installation and removal, Safari, iTunes, and a few others. This is because they were created before supervised mode existed. (I like that Apple is keeping all of the intensive lockdown features out of the normal MDM mode.)

OS X is getting a few restrictions for the first time, including the ability to block the camera and iCloud.

The final big EMM announcement is a completely revamped version of Apple Configurator. While the original Apple Configurator was based on three main workflows (the old Prepare, Supervise, and Assign functions), Apple Configurator 2 is much more flexible and extensible. (It even looks like it will be able to replace some of the functions of the old iPhone Configuration Utility, which hasn’t been updated in a couple of years.)

Apple Configurator 2 has many ways to improve the workflow of setting up devices, and it can be used in conjunction with DEP, as I mentioned earlier. It will also support multiple Apple Configurator stations. (In the past, you’d always have to use the same instance to manage the same devices.) The only major drawback remaining is that it’s still only available on OS X, not Windows.


Again, these are mostly small incremental changes. If one of these new features happens to be important to you, then that’s great, and if not, then EMM is business as usual.

There were no major new concepts introduced this year. So that means Apple didn’t address app wrapping for public apps, adding true multi-user support to iPad, or connecting devices to multiple MDM servers.

But aside from those questions, this year’s WWDC EMM updates are a sign of just how far we’ve come.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Seemingly incremental changes but very a very useful set of key features. Being able to stage applications onto the device via configurator and then convert to managed apps for OTA updates will greatly improve the staging process for bulk deployments so apps can be deployed over the LAN and still updated OTA via MDM afterwards. Also features like trusted app authors increases the overall security of the iOS platform to ensure users are not install applications from malicious or untrusted 3rd party developers.