Apple @ Work is brought to you exclusively by Mosylethe only Apple Unified Platform. Mosyle is the only solution that integrates all the solutions you need to seamlessly and automatically deploy, manage and protect Apple devices in the workplace into a single professional-grade platform. More than 45,000 organizations trust Mosyle to keep millions of Apple devices running effortlessly and affordably. Request your EXTENDED TRIAL PERIOD Today and find out why Mosyle is everything you need to work with Apple.
WWDC has come and gone once again, and this fall will bring a number of major updates to the IT world. A note before we begin: now your device’s workflows, apps, etc. it’s time to test it. Bugs reported early in the beta process are fixed.
With macOS 27 and iOS 27, the move to declarative device management is no longer Apple’s futuristic roadmap announcement. This is standard. By moving legacy configurations to a declarative model and introducing powerful new native management tools, Apple is giving IT departments the tools to keep Apple as the go-to provider for IT endpoints.
About Apple @ Work: Bradley Chambers has been an Apple IT admin since 2009. With experience deploying and managing firewalls, switches, mobile device management, enterprise-grade WiFi, 1,000s of Macs, and 1,000s of iPads, Bradley will highlight how Apple IT managers deploy Apple devices, network users, share management paths, and support IT. Apple can improve its products for IT departments.
End of old profile
The most significant IT announcement is the migration of legacy configurations to DDM. Using the new ProfileAssetReference key, IT teams can now stack legacy configuration profiles within the declarative model. However, there is something important to know: system processes now enforce TLS 1.2+ requirements for device management services. If the device management vendor is not updated to meet these standards, important management tasks such as registration, profile installation, and software updates will simply fail. This is the first thing every admin should check as soon as possible.
Additionally, devices running newer operating systems will no longer restore device management data from a backup. Instead, once the restore is complete, they will automatically run through Automated Device Registration, ensuring that the device receives the current management state rather than the old configuration. This alone will save help desks countless troubleshooting.
Software updates and Apple Intelligence
Apple has officially removed the old software update management. Software update commands and prompts no longer work on newer operating system releases. IT teams are now forced to use declarative software update management to configure and apply updates.
Apple also moves the management of intelligent systems on the device to completely declarative configurations. IT teams can gain granular control to allow or deny device-wide Apple Intelligence features, including Genmoji, Image Playground, and Writing Tools. If you don’t want these features to work in your environment, you finally have a supported way to turn them off.
Endpoint security and privacy
In macOS 27, Apple offers an enterprise-grade solution for running applications. Using the existing (and reliable) Endpoint Security framework, administrators can now apply declarative rules to allow or deny the execution of specific application binaries. This is a huge gain in terms of security compliance, especially for organizations that need to prevent the execution of unauthenticated command-line tools or unmanaged binaries.
To combat operational overload on the user side (which used to be a real problem), Apple is introducing a new integrated privacy consent prompt that appears when the app is first launched. IT administrators can provide a custom justification string and recommend default privacy settings, making users more likely to make the right choice when granting permissions.
Identity management and recruitment
Personality management gets some attention this fall. Platform SSO is evolving to support web-based authentication flows in the direct login window. It brings full support for modern MFA, custom identity provider flows and QR code logins. In shared device environments, this solves authentication friction while allowing IT to mandate a second factor via Touch ID for both device login and FileVault unlocking.
Onboarding IT teams now have direct control over Mac-to-Mac data transfers during the Setup Assistant. Administrators can specify exactly which subfolders and files are required for migration, taking decision-making completely out of the hands of the end user. Return to Service also received major improvements, notably the ability to set the device’s language and region directly in the Automated Device Enrollment profile and enforce a forced software update on a monitored device when it receives a wipe command.
Device health monitoring
The Status Channel becomes a proactive device health monitor. Managed devices now have a camera, Face ID, and more. can report the status of hardware components directly to your device management server. When things go wrong, the new TriggerEnhancedLogCollection command allows IT teams to enable remote log collection on monitored devices to dig deeper into the problem.
Volume licensing for application subscriptions
The addition of a volume licensing mechanism for app subscriptions is exciting because it finally brings the SaaS-heavy world of modern software distribution into the same simplified management workflows that have long existed for standard volume purchase software distribution. Apple has never done volume licensing for traditional IAP, so I’m glad to see them turn to subscriptions. From a procurement perspective, this is a big win for smaller SaaS vendors.
Wrap it up
Apple Business was announced earlier this year and is rolling out to more than 200 countries and regions. This was a big update that Apple may have saved for WWDC as well. Overall, there are some very nice improvements this year. DDM is standard, and Apple is also improving remote IT support with new tools.
Stay tuned as always video or to read down to all the technical details.
Apple @ Work is brought to you exclusively by Mosylethe only Apple Unified Platform. Mosyle is the only solution that integrates all the solutions you need to seamlessly and automatically deploy, manage and protect Apple devices in the workplace into a single professional-grade platform. More than 45,000 organizations trust Mosyle to keep millions of Apple devices running effortlessly and affordably. Request your EXTENDED TRIAL PERIOD Today and find out why Mosyle is everything you need to work with Apple.
FTC: We use automatic affiliate links that generate income. More.
