This month, Apple will release a new version of iOS, macOS, and tvOS, among others. A preview of what Apple has in store can be found on the Apple website. In this blog, we will explore the key features that can elevate your organization’s security, management, identity, and Apple services.

Security

Apple continues to improve its platform’s security. The following updates will be available in macOS Catalina.

Separate System Volume

macOS Catalina operates within a fully self-contained, read-only system volume. After upgrading to Catalina, two volumes will be available: System and Data. From a user’s perspective, nothing changes.

Bootstrap Token

In macOS Catalina, Apple resolves a common issue. Often, Active Directory users do not receive a SecureToken upon login. A SecureToken is necessary for users to utilize disk encryption (FileVault 2). Apple now addresses this problem through the Bootstrap Token, which works in conjunction with an MDM server. Note that your MDM server must be updated accordingly.

Privacy Policy Preferences Control

In macOS Mojave, Apple took steps to further protect user privacy. When a specific app requests access to the camera, macOS prompts the user for approval. In macOS Catalina, Apple takes the next step by also requesting approval when an app needs access to your documents, Desktop, download folder, iCloud Drive, folders of third-party cloud storage providers like Google, removable media such as USB, and external volumes. An MDM server enables predefining these approvals.

Kernel Extensions

To enhance platform security and stability, Apple is gradually moving away from third-party kernel extensions. Kernel extensions are drivers for applications such as Wacom and Endpoint Protection. In macOS Catalina, Apple introduces new software for developers to use, called System Extensions and DriverKit. Users no longer require Administrator rights when an app utilizes Apple System Extensions or DriverKit. The app will run within the user space of macOS, and it will not leave behind remnants on the system when deleted.

Management

User Enrollment

iOS 13, iPadOS, and macOS Catalina introduce a new form of management called User Enrollment. Designed for Bring Your Own Device (BYOD), User Enrollment protects user privacy while providing IT with the necessary tools to secure corporate data.

Setup Assistant Customization

Devices enrolled in Apple School Manager or Apple Business Manager can display a web view during the Setup Assistant, which administrators can populate with organization-specific text and images. Additionally, modern authentication methods are supported.

macOS Updates

New configurations and commands are available in macOS that can be managed by IT. Profiles for VPN, Privacy Preferences Policy Control (PPPC), Restrictions, and Activation Lock have been expanded with new capabilities.

iOS Updates

Similarly, new configurations and commands are available for iOS that can be managed by IT. Profiles for Wi-Fi, Exchange ActiveSync, VPN, and Restrictions have been enhanced with new capabilities.

Identity

Managed Apple ID

Utilize Managed Apple IDs to eliminate the need for users to create their own Apple ID for business purposes. Link your Apple Business Manager with Microsoft Azure Active Directory (AD) to automatically assign Managed Apple IDs to users. Users can then log in to their Mac, iPhone, iPad, and even iCloud.com using their Microsoft Azure AD credentials. Users are provided with a Managed Apple ID with 5 GB of storage.

Single Sign-On Extension

This extension is intended for identity providers to deliver a seamless experience when users log in to apps and websites. When properly configured with MDM, users authenticate once and are automatically granted access to corporate native apps and websites. This greatly enhances the user experience.

Apple Services

Apple Deployment Programs: On December 1, 2019, Apple will bid farewell to deploy.apple.com. If your organization has not yet migrated to business.apple.com, it is necessary to do so. For more information, visit https://support.apple.com/en-us/HT209617. If you need assistance, contact Root3 Support.

AppleSeed for IT

Apple offers a beta program available to Apple Business Manager members via appleseed.apple.com. Additionally, a public beta is available via beta.apple.com. Utilize the betas to test the new platform within your organization and inform your app developers of any limitations in the new OS.

Learn More

Download Apple’s What’s New for Business or contact us! You can send an email to [email protected] or call +31 85 400 30 30.