Apple @ Work: What’s new for IT teams with Apple’s fall software releases?

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage and protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. WWDC has come and gone once again, and we have a lot to digest and test over the summer, but there are some notable enhancements for IT teams who manage Apple fleets coming this fall. The most important announcement, in my opinion, is a better way to move between device management vendors. Some of my favorite gear Aqara Smart Lock U50 Upgrade your doors with Apple Home Key and the Aqara U50. About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, thousands of Macs, and thousands of iPads, Bradley highlights how Apple IT managers deploy Apple devices, build networks to support them, train users, share stories from the trenches, and offer ideas for how Apple could improve its products for IT teams. Platform SSO is now built into the Setup Assistant Platform SSO has been a great step forward for streamlining identity across macOS, but Apple took it a step further this year. Platform SSO is now integrated directly into Setup Assistant during Automated Device Enrollment. This means users will be prompted to sign in with their identity provider as part of the initial device setup process, before even landing on the macOS desktop. Once the user signs in, Platform SSO handles authenticated enrollment into the device management system. If the identity provider is federated, it can also sign the user into their Managed Apple Account. A local account is then created, with the password either synced from the identity provider or set by the user using a Secure Enclave-backed key. Even the account profile photo can come from your IdP. This is a big win for IT teams looking to streamline Mac deployments and rollouts. Users get a familiar login experience, devices enroll cleanly, and everything ties back to the organization’s existing infrastructure. It reduces the number of steps, reduces setup confusion, and makes zero-touch deployment feel much more complete. Some of my favorite gear eufyCam 2C Upgrade your home security with wireless cameras that includes HomeKit compatibility. Safari configuration, DDM, and more With Safari configuration, software update timing, and app version control all moving into the declarative device management model, the writing is on the wall. Traditional update commands are officially on their way out. For IT teams still relying on older workflows, this summer is the time to start mapping a transition. The benefits are clear from a reliability point of view. DDM gives you better insights into what is happening on your fleet, reduces update delays, and streamlines how policies are enforced. Managed Apple Account improvements make account transitions easier One of the more underrated updates this year is how Apple will make it easier for IT teams to manage Managed Apple Accounts at scale. For years, personal accounts on work devices have been a headache. WWDC25 introduced some smart changes that help IT teams get ahead of that problem. Admins can now download a list of personal accounts using their domain with personal Apple IDs. That means IT finally has visibility into which users created personal accounts with their work email. From there, Apple will give IT teams the tools to guide those users through updating and transitioning their accounts into Managed Apple Accounts. The update also includes a new option to block personal accounts from using company-owned devices. It works without a device management system and covers key areas like Setup Assistant and System Settings. Some of my favorite gear Abode Home Security System Abode is the best home security system and includes compatibility with HomeKit. These updates make moving to a cleaner, more secure identity model easier. Apple wants organizations to adopt Managed Apple Accounts, and now they are giving IT more control over that process without adding more complexity. Device management system migration This year’s announcement that stood out to me was Apple’s focus on solving a long-standing pain point for IT teams. Device management migration is one of those changes that does not grab headlines but completely shifts how organizations handle change. Whether you are moving from one vendor to another, consolidating systems, or managing a merger, being able to move devices between systems without wiping them is a massive win. “2025 saw significant enhancements to Apple MDM, including app preservation for Return to Service, limited sign-in to Managed Apple Accounts, and Declarative Management expansion. Notably, Apple introduced Device Management service migration, eliminating the friction and pain of switching MDM providers for better products, support, and price. This feature empowers organizations to easily migrate devices to different MDM providers, fostering competition and benefiting organizations leveraging Apple devices.” — Alcyr Araujo, CEO at Mosyle Apple is making it easier to bring Vision Pro into enterprise workflows with new support for device management. If a Vision Pro was not purchased through standard channels, there was previously no way to bring it under management. That changes this fall. Apple Configurator for iPhone will now support adding Vision Pro to your organization, just like a Mac or iPad. This gives IT more flexibility when purchasing devices outside of typical procurement workflows. Return to Service is also coming to visionOS, alongside iOS and iPadOS. It adds a quick reset option triggered by Control Center or the lock screen. It is designed to streamline device turnover without requiring a full wipe and re-provisioning. This is a big win for shared-use environments where Vision Pro might be passed between users. Apple is clearly building toward a world where Vision Pro is not just a single-user device. If they keep investing in the right tooling, use cases in training, simulations, or field work could become much more viable. Shared Mac enhancements Authenticated Guest Mode is coming to the Mac this fall as well. When paired with Platform Single Sign-On, users can log in with a cloud identity, use the Mac, and have all local data wiped on logout. It’s a great fit for healthcare, retail, or training environments, where devices are frequently shared. Additionally, Tap to Login is one of the most practical macOS updates for shared environments in years. It lets users tap their iPhone or Apple Watch on a Mac to log in using a badge stored in Apple Wallet. There is no need for local accounts. Think hospital staff moving between machines during shifts or retail teams swapping out at a register. If you pair it with Authenticated Guest Mode and Platform Single Sign-On, you get a full login flow that wipes user data after logout and signs users into apps with a single credential. It requires an external NFC reader, which might limit where it rolls out, but the experience aligns with how organizations already use physical ID badges. More inventory data is a win for IT visibility IT teams live and die by accurate inventory data, and Apple added several new details that make managing fleets of devices easier. Activation Lock status, device storage, and cellular info like IMEI and EID were already available, but WWDC25 adds even more. Later this year, iPhone and iPad will include Bluetooth and Wi-Fi MAC addresses. That is a big help for organizations that use network access controls or need to track devices by MAC address for compliance. IT admins also get AppleCare coverage info directly in the device inventory, which means fewer manual lookups and better tracking of support eligibility. Apple will also expand inventory visibility for released devices, including who released them and when. This is especially useful in environments where devices are passed between users or reissued frequently. This ties into the new Apple Business Manager and Apple School Manager APIs. For the first time, IT teams can access this inventory data via an API, which means better automation, easier reporting, and more accurate records. App control App management also received some long-overdue attention. IT can now pin app versions, block automatic updates, and see real-time install status. These are small things on paper, but they give admins more control without more complexity. macOS is also catching up here, with support for deploying both App Store and custom packages using the same declarative approach. Wrap up This year’s WWDC might not have had flashy moments for IT teams, but I think there are some huge wins. Declarative device management continues to be shown as the path for managing device communications. The enhancements to Apple Business Manager and School Manager give IT more control and better automation. I suspect API access will lead to some interesting integrations with existing IT solutions. Overall, the most significant enhancement is the device management system migration tools. IT can now move devices between systems without asking users to wipe them. That feature removes friction and allows organizations to pick the best solution for their needs without feeling locked in. Vision Pro might still be early for the enterprise, but Apple is building the right tools if it takes off in areas like training, healthcare, or fieldwork. Tap to Login on Mac is one of the best updates for shared-use workflows in years, and Apple is giving IT deeper visibility into devices than ever before. It’s time to test. Now is the time to find bugs in your enterprise workflows and hopefully file enough feedback to address them before this year’s major OS releases ship.