John
Blaine

iPadOS 15 enterprise features explained

John Blaine

Oct 25, 2021

6 min read

Apple opted to virtualize their annual Worldwide Developer Conference, in 2021 owing to the ongoing pandemic. But that didn’t stop them from announcing plenty of new enterprise features and updates. WWDC 21 kicked off with Apple CEO Tim Cook’s keynote presentation, after which Craig Federighi took the stage to discuss the new features and highlights of iOS 15, iPadOS 15, macOS Monterey 12 and more.
The iPad has become the go-to gadget for a wide range of users – right from artists to students, designers to IT professionals and the iPadOS 15 enterprise features have generated great interest among IT admins.

Expand your iPad management capabilities

iPadOS 15 Updates

iPadOS 15 introduced major updates in FaceTime, with Spatial Audio and Voice isolations enhancing your video call experience. Multitasking on iPadOS 15  just got more convenient with the Split View and Center Window feature. iPadOS 15 also introduced extra-large widgets, intelligent widget suggestions and the option to place your widgets among apps on your Home Screen. The “Focus” mode allows you to filter notifications depending on what you’re currently doing, allowing you to isolate yourself from distractions.

So, what are the new iPadOS 15 enterprise features?

This was a great year for device management and Apple did not disappoint. The “What’s new in managing Apple devices” session gave us a glimpse into the plans Apple has in store for device management and we’re all for it!

Declarative Device Management

Apple’s present MDM protocol can be described as ‘an imperative and reactive protocol’, where the management process contains multiple trips between the server and the device. This could cause performance issues if the number of devices is increased. For achieving optimal performance and scalability, Apple has introduced Declarative device management, which is built right into the existing MDM protocol.

WWDC 2021 highlights: What is Declarative Device management?


Declarative device management involves the client’s device updating the server with any change on the system as opposed to the traditional MDM protocol, where changes are pushed from a server onto the device with instructions on what actions to accomplish. So, what are the benefits?
The DMM model does not require extra commands for checking the status, thus improving the performance and scalability in a major way. Apart from that, rather than waiting for a server request, the notification channel in the DMM model would allow the device to send changes to the server.
The functioning of declarative device management revolves around three new components: Declarations, Status channel and Extensibility.

Declarations

Declarations allow the admins to specify what actions they want to perform on a device i.e. policies pushed onto the device by an organization. Apple further breaks down declarations into four categories: Configurations, Assets, Activations and Management.

  • Configurations: Configurations represent the existing policies such as email accounts, settings and restrictions, on the device.
  • Assets: Assets help in providing reference data for configurations, which can be used by any number of configurations.
  • Activations: Activations allow the activation of the configurations directly, provided the configurations be valid for the activation to be valid. Activations include pre-requisites that have to be satisfied before the activation is applied to a device.
  • Management: Management declarations convey general information about the device, such as the organization details or the device management capabilities.

Status Channels

In the status channel, device updates are reported proactively to the MDM server. This process considerably reduces the need to iteratively query devices, thus significantly improving the device compliance efficiency.

Extensibility

Apple devices receive updates constantly, so it gets difficult to understand what version of the OS, device model or MDM server version is compatible with a particular capability. Declarative device management extensibility ensures the device and the servers share their supported capabilities. The shared details include the server capabilities and protocol updates. So, when any information gets updated, the device and the server update each other.
The important thing to keep in mind is that DDM is not replacing the current MDM model, rather they’re built on the same framework. So all management functionalities would remain the same and it wouldn’t impact the already enrolled devices.

Account-driven user enrollment

The iPadOS15 updates introduced the Account-driven user enrollment, promising a smooth onboarding experience, more authentication options and the introduction of a “required” app, which allows the admin to install one pre-approved app without prompting user permission.

WWDC 2021 Highlights: Account-driven user enrollment


With iPad OS 15, users can access a new “VPN and Device Management” section in the Settings app. This update removes the need for an MDM provider to initiate downloading and enrollment or an agent app. After tapping the new “Sign in to Work or School Account” button, the user adds the login details. After authentication, the user is expected to enter the password for their assigned Apple ID. Successful authentication permits the user to allow device management, which is followed by creating an encrypted partition for enterprise data and for authorizing the MDM enrollment. After enrollment, it allows the silent installation of a single “required” app, ensuring that this app cannot be removed by users.

Required App

As mentioned earlier, the required app allows admins to install one App Store application during enrollment. This app would be installed silently on unsupervised devices and would not require the users’ permission. Apart from that, the required app cannot be uninstalled/removed by the user.

Temporary Sessions

With temporary sessions, IT admins would be able to restrict login to a Shared iPad with an Apple ID, allowing the users to access only a temporary session. After logging out, all user data and device data will be wiped, ensuring user privacy protection.

Privacy

It comes off as no surprise that Apple values the privacy of its users and WWDC 21 saw several updates for enhancing and protecting the users’ and organization’s privacy and data, such as:

  • Private Relay: Private Relay reroutes internet traffic through two proxy networks, thus encrypting data and enhancing security even when employees work from a public network outside the office.
  • Hide my Email: Hide my Email allows users to create randomly generated email addresses, giving them greater control over who can access their actual emails and help reduce spam as well.

Siri

With the new update, admins can now force on-device Siri translation rather than through Apple servers. Apart from that, Siri can now process offline requests thanks to on-device processing, which ensures your audio requests do not leave your device by default.

Managed Pasteboard and Preferred KDC

Admins can enforce restrictions to force apps that leverage the clipboard, thus having control over data pasted across managed and unmanaged apps. Apart from that, admins can now specify whether a device uses KDC servers unavailable by DNS.

Our final thoughts

Apple has yet again delivered, with features and updates that greatly benefit administrators. The introduction of declarative device management and account-driven user enrollment has the potential to change how we perceive device management. Add to that, enhanced privacy features, temporary sessions and the various updates mentioned above, the iPadOS 15 enterprise features are a great addition to the new OS.

Share
  •  
  •  
  •  
  •  
  •  

John Blaine

I like writing. And drinking water. Stay hydrated folks!

Share your thoughts