Apple has introduced a selection of interesting improvements for iOS and Mac admins in the recently introduced iOS 14, including new APIs for mobile device management (MDM) and usability improvements.
The easy (but good) stuff
One of the better enhancements is the introduction of choice. iPhone and iPad users can now choose which web browser and/or email app they want to use. While Safari is highly secure (and more secure in the latest OS iterations), the real beauty of this improvement is in email, as enterprises built around Microsoft Office will now be able to standardize on Outlook on enterprise mobile devices. The process is pretty simple: Install the app you want to use and then set it as default in application Settings on the device.
Privacy is also improved with a recording indicator that’s displayed whenever an app has access to the microphone or camera
Improvements for MDM
Apple has signalled the importance of enterprise IT with its recent Fleetsmith purchase and has boosted this message with a series of useful APIs in its latest (or upcoming) operating systems that MDM developers can make use of.
Announcing same-day support for iOS 14, Jamf CTO Jason Wudi said: “This year, Apple has made important updates in user provisioning, powerful enterprise workflows, and ensuring security while upholding user privacy, and we’re excited about what these advancements mean for IT and the end users that rely on Apple’s platforms.”
Microsoft Intune is also delivering new functionality along with iOS/macOS. “Microsoft Intune is excited to support Apple in their launch of iOS 14, iPadOS 14, and watchOS 7,” the company said. “We are delighted to deliver new functionality alongside Apple’s launch.” You can read more on this at Microsoft here.
The new APIs deliver useful improvements.
Apple is allowing better control of the setup process during device activation. One of the key steps here is that admins can accelerate the process by skipping unnecessary steps. For example, if your employees don’t use an Apple Watch, there is no need to work through or cancel the setup steps for the device.
Apple’s decision to take Shared iPad out of the classroom and into the enterprise will also pay dividends. It means that admins can create user-level configurations of shared devices. They should also see the number of users configured on a single device in their admin console, assuming users are resident on those devices.
Apple has also improved VPN configuration. In this case, that means admins can configure systems with VPN settings for specific and default apps. They can also specify which apps and domains can use the VPN – again, this provides an additional level of control around access to corporate services and data.
Apple has improved managed apps so admins can now enable permissions to allow end-users to remove them from their devices if they aren’t required and forbid such removal if they are required.
Apple also improved MDM around content caching. It’s now possible to build MDM solutions that provide contentcaching metrics, which lets admins monitor use.
Admins can also now set time zones and restrict the randomization of MAC addresses over Wi-Fi. These enhancements should help improve enterprise security, particularly as many businesses are now exploring geolocation protection around WFH deployments in an attempt to build a border against remote phishing attacks.
Apple hasn’t shipped the next version of macOS, but the release builds in numerous enterprise improvements first seen in iOS. Enrolment has been improved, including with supervised enrollment. It is now also possible to defer updates for up to 90 days, or force update managed devices. App management via MDM has also been improved as described above. We can anticipate further enhancements to the platform as the company coalesces around Apple Silicon.
Opportunity: App Clips
While not an enterprise-focused improvement per se, one of the big opportunities in iOS 14 may turn out to be App Clips. These are cut-down versions of a native app that provide just enough code for an iOS device to handle a single transaction. These might be of use in iOS-compatible guest logging and entry systems, and may provide useful conduits for retail, visitor attractions and hospitality deployments – assuming we ever get to visit places again.
The idea is that by providing users with a taste of what an app can do, it becomes easier to encourage users to install the full app.
Let me know which of these enterprise improvements are of particular use within your enterprise or flag any smaller enhancements that merit a little more attention.
Copyright © 2020 IDG Communications, Inc.