Apple managed to pack quite a bit into one keynote and one week at WWDC 2023. The Apple Vision Pro was a present stealer, adopted by the brand new 15-in. MacGuide Air, updates throughout Apple’s complete lineup of platforms, notable modifications coming in watchOS 10 and the growth of widgets in all instructions. Unlike final yr, there wasn’t loads of time devoted to the enterprise. Blink whereas scrolling by means of the periods record and you can simply miss the few that utilized to enterprise and training. But there have been some vital traits to notice, particularly with declarative gadget administration (DDM).As far as Apple is anxious, it is the longer term — and everybody must get on board.DDM was teased in 2021 and totally articulated it final yr, nevertheless it’s typically flown a bit underneath the radar. It’s supported for a number of administration use circumstances alongside conventional cellular gadget administration (MDM) profiles and gadget queries. The complete goal of DDM is to maneuver a lot of the logic for securing and managing gadgets onto the gadgets themselves. This permits an iPhone or iPad, for instance, to configure itself and make modifications because the state of the gadget modifications — and solely alert an MDM server when such occasions happen or in response to new declarations which are launched. This has a number of benefits for IT, together with the power to help a number of and complicated configuration declarations which are activated in response to how a tool is getting used (and by whom). In addition to this streamlining strategy, safety is ratcheted up as a result of the gadget can monitor and implement modifications instantly as wanted, even when it may possibly’t attain the MDM server. Another benefit: community and server hundreds are lowered as a result of gadget states now not must be repetitively queried. Apple drew a line within the sand final yr, saying that DDM would finally supersede the corporate’s older MDM framework. This yr, it expanded the usage of DDM to incorporate software program replace states, permitting gadgets to deal with the set up of software program updates themselves. This ought to lead to extra well timed and constant replace administration. In addition to that, DDM has gained the power to deploy and handle certificates. On Macs, DDM will be capable to handle providers and customary instruments similar to bash, zsh, and sudo in additional autonomous style. (These modifications come the requisite reporting capabilities.) What’s extra notable than the expanded DDM capabilities themselves is that Apple is now offering MDM distributors with the instruments to seamlessly swap from conventional MDM profile-based administration to declarative administration. Until now, this sort of swap meant eradicating the administration profile(s) from a tool after which changing them. This created further duties and meant that there can be a short interval the place options had been unmanaged between profile removing and receiving and activating declarations. Moving ahead, DDM will take over the performance of current profiles with out these profiles being eliminated first.The message is evident that Apple is shifting to make DDM the usual. Given that iOS 17 and macOS Sonoma would be the third era of Apple’s working methods to function declarative administration — with every doing so with larger performance — it’s apparent that Apple will finally deprecate and transfer away from extra conventional profile-based MDM. Right now, the onus is principally on MDM distributors to shift to DDM, and accomplish that with as little friction for directors and finish customers as potential. As I famous final yr, nonetheless, it might have implications for companies and faculties nonetheless utilizing older gadgets. As gadgets age out of the power to run newer working methods, they may nonetheless depend on conventional administration processes. That means IT admins ought to start to contemplate gadgets that may’t run this yr’s releases as possible needing alternative.Securing and simplifying enrollmentAlong with the push for declarative administration, Apple put a concentrate on each securing and simplifying the enrollment course of. Automated gadget enrollment can make sure that a tool meets sure safety necessities, similar to checking for FileVault safety or the model of a tool’s working system in addition to whether or not it’s eligible for enrollment.To velocity enrollments, significantly mass deployments, Apple has not solely improved Apple Configurator but in addition launched Shortcut for frequent deployment processes, permitting for extra automation and fewer hands-on work. And for gadgets being redeployed (similar to when an worker leaves or the top of a faculty yr), the brand new Return to Service function streamlines the method of erasing and re-enrolling a tool. For deployed Macs, it is now not potential to skip enrollment — even when there isn’t any connectivity. This ensures there’s no level at which a Mac is left in an insecure or unmanaged state earlier than use. Along with the continuing shift to DDM, these options show Apple’s dedication to each safety and ease. The firm is its merchandise and their enrollment, activation, and use processes and is actively eradicating as many factors of friction, delay, or frustration as potential. This isn’t shocking for a corporation so obsessive about seamless person experiences, nevertheless it’s good to see that Apple is tackling that have for each the top person and the IT skilled behind the scenes.Novel safety approachesIn addition to those typical safety areas, Apple can also be providing some out-of-the-box options. One permits community relays to exchange VPNs. (Apple had beforehand rolled out the usage of a number of relay factors as a method to defend net shopping and web use.) Now, it is bringing the method to companies, claiming it affords a safe and fewer resource-hungry different to VPNs. The function might be managed by MDM (as can VPN configuration). How broadly this might be adopted stays unclear, provided that it represents such a unique safety strategy. But it is a noteworthy function transfer from the patron aspect of issues to the enterprise.Another function is the power to make use of MDM to allow and handle eSIMs on iPhones and mobile iPads for 5G slicing and personal 5G/LTE networks. The use of those networks is gaining floor amongst organizations, as a result of it permits for sure service ranges and latency and may present connectivity overlarge or distant areas the place Wi-Fi isn’t an choice.Other safety enhancements embody the growth of gadget attestation, launched final yr to make sure solely approved gadgets can entry enterprise sources, to report extra gadget information similar to kind and OS; enhancements to enterprise single sign-on; and expanded use of Managed Apple IDs mixed with id administration federation.Letting the enterprise leadOne of the frequent themes throughout the assorted enterprise-oriented periods and bulletins at WWDC is that Apple is constructing options that deal with the wants and ache factors of enterprise admins. Even the power to handle Apple Watches (lastly) as enterprise gadgets displays that the corporate is conscious of the methods its merchandise get utilized in enterprise and training and is responding to each markets.In quick, Apple is listening to enterprise customers somewhat than dictating how its services and products have to be used within the enterprise world. This isn’t the identical firm that was as soon as an outlier within the enterprise. This is an organization that’s now deeply engaged with the enterprise world and is placing its immense problem-solving expertise into partnering with the enterprise.
Copyright © 2023 IDG Communications, Inc.