GoKawiilApple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional grade platform all the solutions necessary to seamlessly and automatically deploy, manage, and protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
WWDC has come and gone once again, and there are a number of key updates coming to the IT world this fall. One note before we begin: now is the time to test your device workflows, apps, etc. Bugs that are reported early in the beta process are the ones that get fixed.
With macOS 27 and iOS 27, the transition to declarative device management is no longer a forward-looking roadmap notice from Apple. It’s the standard. By moving legacy configurations into the declarative model and introducing powerful new native controls, Apple is giving IT departments the tools to keep Apple the best vendor for IT endpoints.
About Apple @ Work: Bradley Chambers has been an Apple IT admin since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade WiFi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, share stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
The end of the legacy profile
The most significant IT announcement is the migration of legacy configurations into DDM. Using the new ProfileAssetReference key, IT teams can now wrap legacy configuration profiles within the declarative model. There is a critical thing to know, though: system processes are now enforcing TLS 1.2+ requirements for device management services. If a device management vendor isn’t updated to meet these standards, essential management tasks like enrollment, profile installation, and software updates will simply fail. This is the first thing every admin needs to audit as soon as possible.
Additionally, devices running the new operating systems will no longer restore device management information from a backup. Instead, they will automatically run through Automated Device Enrollment after the restore is complete, ensuring the device receives the current management state rather than a stale configuration. This alone will save help desks countless hours of troubleshooting.
Apple officially killed legacy software update management. Software update commands and queries no longer function in the new operating system releases. IT teams are now absolutely forced to use declarative software update management to configure and enforce updates.
Apple is also moving the management of on-device intelligent systems entirely to declarative configurations. IT teams can get granular control to allow or deny device-wide Apple Intelligence features, including Genmoji, Image Playground, and Writing Tools. If you do not want these features running in your environment, you finally have a supported way to shut them down.
Endpoint Security and privacy
... continue reading