Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Oct 25, 2021
6 min read
Apple opted to virtualize their annual Worldwide Developer Conference, in 2021 owing to the ongoing pandemic. But that didn’t stop them from announcing plenty of new enterprise features and updates. WWDC 21 kicked off with Apple CEO Tim Cook’s keynote presentation, after which Craig Federighi took the stage to discuss the new features and highlights of iOS 15, iPadOS 15, macOS Monterey 12 and more.
The iPad has become the go-to gadget for a wide range of users – right from artists to students, designers to IT professionals and the iPadOS 15 enterprise features have generated great interest among IT admins.
iPadOS 15 introduced major updates in FaceTime, with Spatial Audio and Voice isolations enhancing your video call experience. Multitasking on iPadOS 15 just got more convenient with the Split View and Center Window feature. iPadOS 15 also introduced extra-large widgets, intelligent widget suggestions and the option to place your widgets among apps on your Home Screen. The “Focus” mode allows you to filter notifications depending on what you’re currently doing, allowing you to isolate yourself from distractions.
This was a great year for device management and Apple did not disappoint. The “What’s new in managing Apple devices” session gave us a glimpse into the plans Apple has in store for device management and we’re all for it!
Apple’s present MDM protocol can be described as ‘an imperative and reactive protocol’, where the management process contains multiple trips between the server and the device. This could cause performance issues if the number of devices is increased. For achieving optimal performance and scalability, Apple has introduced Declarative device management, which is built right into the existing MDM protocol.
Declarative device management involves the client’s device updating the server with any change on the system as opposed to the traditional MDM protocol, where changes are pushed from a server onto the device with instructions on what actions to accomplish. So, what are the benefits?
The DMM model does not require extra commands for checking the status, thus improving the performance and scalability in a major way. Apart from that, rather than waiting for a server request, the notification channel in the DMM model would allow the device to send changes to the server.
The functioning of declarative device management revolves around three new components: Declarations, Status channel and Extensibility.
Declarations allow the admins to specify what actions they want to perform on a device i.e. policies pushed onto the device by an organization. Apple further breaks down declarations into four categories: Configurations, Assets, Activations and Management.
In the status channel, device updates are reported proactively to the MDM server. This process considerably reduces the need to iteratively query devices, thus significantly improving the device compliance efficiency.
Apple devices receive updates constantly, so it gets difficult to understand what version of the OS, device model or MDM server version is compatible with a particular capability. Declarative device management extensibility ensures the device and the servers share their supported capabilities. The shared details include the server capabilities and protocol updates. So, when any information gets updated, the device and the server update each other.
The important thing to keep in mind is that DDM is not replacing the current MDM model, rather they’re built on the same framework. So all management functionalities would remain the same and it wouldn’t impact the already enrolled devices.
The iPadOS15 updates introduced the Account-driven user enrollment, promising a smooth onboarding experience, more authentication options and the introduction of a “required” app, which allows the admin to install one pre-approved app without prompting user permission.
With iPad OS 15, users can access a new “VPN and Device Management” section in the Settings app. This update removes the need for an MDM provider to initiate downloading and enrollment or an agent app. After tapping the new “Sign in to Work or School Account” button, the user adds the login details. After authentication, the user is expected to enter the password for their assigned Apple ID. Successful authentication permits the user to allow device management, which is followed by creating an encrypted partition for enterprise data and for authorizing the MDM enrollment. After enrollment, it allows the silent installation of a single “required” app, ensuring that this app cannot be removed by users.
As mentioned earlier, the required app allows admins to install one App Store application during enrollment. This app would be installed silently on unsupervised devices and would not require the users’ permission. Apart from that, the required app cannot be uninstalled/removed by the user.
With temporary sessions, IT admins would be able to restrict login to a Shared iPad with an Apple ID, allowing the users to access only a temporary session. After logging out, all user data and device data will be wiped, ensuring user privacy protection.
It comes off as no surprise that Apple values the privacy of its users and WWDC 21 saw several updates for enhancing and protecting the users’ and organization’s privacy and data, such as:
With the new update, admins can now force on-device Siri translation rather than through Apple servers. Apart from that, Siri can now process offline requests thanks to on-device processing, which ensures your audio requests do not leave your device by default.
Admins can enforce restrictions to force apps that leverage the clipboard, thus having control over data pasted across managed and unmanaged apps. Apart from that, admins can now specify whether a device uses KDC servers unavailable by DNS.
Apple has yet again delivered, with features and updates that greatly benefit administrators. The introduction of declarative device management and account-driven user enrollment has the potential to change how we perceive device management. Add to that, enhanced privacy features, temporary sessions and the various updates mentioned above, the iPadOS 15 enterprise features are a great addition to the new OS.
Start managing your iPads with Hexnode UEM30 DAY FREE TRIAL