As Apple dives further into the business realm, iOS 12 could ease Apple enterprise device management.
The company also released a new program to help IT pros with Apple enterprise device management, called Business Manager, an enterprise counterpoint to Apple School Manager. The two products share key features, such as the ability to manage accounts, apps, books and devices; the ability to create managed Apple IDs for administrators; a streamlined apps and books purchasing experience; flexible license management; and the ability to designate a default mobile device management (MDM) server.
Unlike Apple School Manager, IT cannot designate Apple IDs for employees with Apple Business Manager. Apple Business Manager will not likely replace many of the features and real-time updates that third-party enterprise mobility management provides, but it may be a valid replacement for the Apple Device Enrollment Program and Volume Purchase Program.
After IT enrolls devices with Business Manager, it can perform tasks for Apple enterprise device management, such as assign and manage policies and features using an MDM platform.
Securing Apple enterprise device management
Apple will offer some enhanced security features in iOS 12 -- expected in September -- that will benefit enterprise users. For example, an Intelligent Tracking Prevention feature in Safari will limit third-party advertisers from acquiring user data via cookies. Safari will also prevent marketers from accessing identifying information gleaned from a user's like and share patterns.
Apple is encouraging IT pros to update the API for Apple push notifications in their MDM tool to the HTTP/2 API, which is more efficient. With this new API, Apple is aiming to reduce latency and speed up mobile app performance.
Apple now requires App Transport Security in iOS 12, which involves secure web connections through HTTPS to encrypt data. Apple also improved password security with further restriction capabilities, including management of Password AutoFill, password and Wi-Fi sharing, and password proximity requests. IT should already have a guest network set up, but these features can protect primary networks. Apple will also prevent users from modifying its Bluetooth restrictions.
Although it was a quick mention in the overview presentation at the Worldwide Developers Conference, Apple is also enabling OAuth for Exchange accounts configured via the profile, which will provide some flexibility with identity management efforts.
Another iOS-specific update is that the Configurator will allow users to connect to a USB device even when a phone is locked. The Configurator can also install a profile when it supervises a device, but will not enroll it in MDM.
Managed software updates
With iOS 11.3 came some new managed software updates for Apple enterprise device management. These updates allow IT to delay when a user will see a new software update for up to 90 days. IT admins can also specify the version number that they want to roll out.
These features enable proper training and testing to take place so users see updates when IT wants to deploy them. There were also some minor updates to Managed Open In to respect the Contacts API boundary.
Additionally, the home screen layout payload now includes the ability to use web clips. Finally, Apple has made some updates to the Secure/Multipurpose Internet Mail Extensions management features, which enable users to choose when they sign on and encrypt their Exchange mail accounts.