Just like everything else in 2020, the Apple Worldwide Developer Conference (WWDC) has been upended due to the COVID-19 pandemic. For the first time in its 33-year history, WWDC was an online-only event.
- User enrollment: The release of Apple iOS 13.1 enabled customers running SOTI MobiControl v14.4.3 or newer to automatically gain support for user enrollment.
- Customized enrollment with Automated Device Enrollment: Organizations can leverage modern forms of authentication, enforce acceptance of terms and conditions, and incorporate branding into the Automated Device Enrollment workflow.
Now onto this year’s latest updates from Apple.
Highlights from the Keynote
The newest build of macOS is called Big Sur and from the looks of it, Apple has made a concerted effort to streamline its architecture so that macOS, iOS and iPadOS all have the same look and feel.
With that said, here are some cool new features announced at the WWDC 2020 keynote:
- It’s back: The legendary Mac start-up chime returns to Big Sur.
- App library: The average iPhone has about 75 apps installed, yet 75% of those apps are installed and then never used.1 App library categorizes and summarizes all installed apps. No more swiping across numerous pages to find the app you are looking for.
- Less disruptive phone and FaceTime calls: It’s small, but it’s big. The next time a phone or FaceTime call comes in, instead of taking up the entire screen, a little notification will appear at the top.
- Big news for AirPods and AirPods Pro: When you listen from device to device, AirPods now automatically switch with you for a seamless, interruption-free experience. Meanwhile, AirPods Pro now features “Spatial Audio”, which creates a surround sound listening experience. Audiophiles rejoice!
iOS 14: Apple Doubles-Down on Security
There weren’t any big “wow” announcements for iOS 14. Rather, Apple implemented some nifty, common sense updates to enhance security and protect against data leakage.
Managed Notification Previews
It’s just a habit: A notification appears on an iPhone and you immediately look down to see what it is, even if the device isn’t yours.
Intentional or not, 82% of people have admitted to “shoulder surfing” – looking at someone else’s phone screen – without them knowing. While over 60% of air travelers have also confessed to spying on a seatmate’s phone during a flight.2
And while it seems harmless, there is always a chance that the wrong person will get a quick glance at a snippet of sensitive information. This becomes problematic in the case of sensitive corporate data that must be protected and kept private to ensure confidentiality remains intact for enterprise organizations.
For iOS 14, Apple has introduced Managed Notification Previews. It’s simple, yet smart. Administrators can control when message previews are shown:
- Only after the end user unlocks the device
This is something IT administrators have long asked for.
The reason organizations want this feature is to prevent users from deleting business-critical apps. Before the introduction of Non-Removable Apps, the only option available was to blanket ban the removal of all apps, personal or enterprise, which was a heavy-handed approach.
That now changes with the introduction of Non-Removable Apps. Instead of locking down all apps, admins simply mark which business-critical apps are non-removable.
End users can still delete, install or offload other apps as mandated by their organization. But if they try to delete a Non-Removable App, an alert pops up preventing them from doing so.
Managed Open-In Now Supports Shortcuts
This new feature adds the security of Managed Open-In to the ease of Shortcuts. Let’s look at each element individually first:
- Managed Open-In is an iOS implementation designed to prevent data flow from managed accounts and apps to unmanaged accounts and apps (and vice versa). It ensures that content like received files can only be opened in approved apps.
- Shortcuts allows users to build automated workflows. Instead of opening an app to perform step-by-step actions, Shortcuts lets you execute those workflows with a simple tap or Siri voice command.
Now that Managed Open-In supports Shortcuts, Shortcuts respect data flow restrictions.
For example, let’s say you have a Shortcut created to save all downloaded pictures into a file folder based on date. If the image came from a managed app, and the destination (in this case, the automatically created file folder) isn’t managed, the Shortcut will not execute.
With Shortcuts, it easy to absentmindedly save sensitive data in a vulnerable location on an iPad or iPhone. This simple new feature ensures that can no longer happen.
Wi-Fi Mac Address Access Control
When an iPhone is being used on the go, it interacts with dozens, if not more, Wi-Fi access points. And when a device connects to a network, it does so through its hardware Mac address.
With Wi-Fi Mac Address Access Control, a random Mac address is created and presented to the access point for enhanced user privacy.
Now, there are a couple of things to note:
- Random Mac addresses will be created by default. If the random address cannot connect to the Wi-Fi access point, the device will revert to its hardware Mac address.
- End users can disable this feature in Settings.
- The Wi-Fi payload can also disable the generation of a random Mac address. However, this does put the user’s privacy at risk. As such, a warning message does appear should users choose this option.
Lastly, there was no mention if specific random Mac addresses are linked to specific Wi-Fi networks or if a newly random address is created each time a user connects to known networks.
Per Account VPN for iOS
iOS VPNs allows users to send and receive data across public networks in three ways:
- Full tunnel: Allows all traffic to flow through
- Split tunnel: This chooses which traffic can flow through it
- Per App VPN: Only certain or specified apps can send their data through a VPN
Now, Apple has introduced Per Account VPN for iOS. This enables IT administrators to force a device to use a secure VPN connection when accessing Contacts, Calendars and Mail accounts.
Previously, IT admins could force Contacts, Calendars and Mail accounts to route traffic through a VPN by leveraging Per App VPN and specifying domains that would trigger an automatic VPN connection for each of those "apps" (Contacts, Calendar, Mail).
Now, they can specify ALL traffic from specific Contacts, Calendars and Mail accounts to go through a VPN. This is a much more intuitive way to configure this type of functionality. More importantly, it strengthens user privacy, because it prevents administrators from accidentally or maliciously routing traffic from personal Contacts, Calendar and Mail accounts through a corporate VPN.
Shared iPad: More Users, More Security
Shared iPad was first introduced in a school setting within Apple School Manager. In Spring 2020, Shared iPad for Business was released.
It is a great way for workers in the retail, healthcare, field services, and transportation and logistics industries to stay productive while limiting the number of iPads an organization purchases and deploys.
And now, administrators have even more management capabilities for Shared iPad for Business:
- Dynamic numbers of cached users: Set the amount of available storage for each user on an iPad, rather than just a fixed number of total users.
- Bulk deletion: Delete all users from a shared iPad at once using a single action.
- Added queries: New queries for estimated resident users and quota size.
- Establish temporary sessions: Allow users to sign into a shared iPad temporarily without having to create an account. When the temporary user signs out, any data generated in the session is deleted.
macOS Big Sur: Easy to Setup, Easy to Manage
For the new macOS Big Sur (which is as gorgeous as the mountainous area it’s named after), the prevailing theme was how quick and simple setup and management is.
Auto Advance for Mac
A few years ago, Apple introduced a method to quickly setup Apple TVs to scale. The same method is now available for Mac as Auto Advance for Mac.
How it works:
- Plug in a power and connect ethernet cable into Mac (make sure your network supports DHCP)
- Boot it up
- That’s pretty much it
All the intermediate setup screens are skipped, and you land right at the log in page. When it comes to the enrollment process, it’s as zero-touch as it gets.
Supervision for User Approved MDM
This is cool. With Supervision for User Approved MDM, any Mac enrolled in a user-approved MDM will now be considered supervised.
For admins, they get the same abilities as if the devices were enrolled using automated device enrollment, such as:
- Control Activation Lock Bypass
- Use of Bootstrap Token
- Scheduling software updates
- Replacing and removing profiles
- Installing supervised restrictions using MDM
Managed Mac Apps
Using Managed Mac Apps, administrators can remove apps through an MDM command or whenever the device is un-enrolled.
But what’s really impressive is that now, admins can convert an unmanaged app to managed using MDM. The only limitation is that this app conversion feature is not supported for user enrolled devices.
More to Come
There are some advantages to WWDC 2020 being virtual. This year, a large contingent of experts and engineers from SOTI logged on, listened in, and compared notes during and after the keynote presentation.
As a result, they were able to quickly share these first impressions. But stay tuned as in the coming weeks, they will be taking a deeper look at the cool new features and exciting new announcements made at WWDC – and what they mean for SOTI customers.
In the meantime, we invite you to check out our collection of Apple resources:
Apple Management with SOTI
SOTI MobiControl for macOS
SOTI MobiControl for iOS
SOTI Blogs About Apple
Contact Us Anytime About Apple
Want to know more about the benefits of managing your Apple deployments with SOTI? Simply contact us with your questions or comments. A SOTI Apple expert will get back to you with all the answers and information you need.