After the success of last year’s Worldwide Developer Conference (WWDC) and with the COVID-19 pandemic still preventing travel and in-person gatherings for many, Apple again held its annual developer conference as an online event.

The announcements Apple made at WWDC 2021 show how seriously the company is taking iOS, iPadOS, and macOS enterprise. I’m excited about the impact these updates will have on Citrix Endpoint Management, and in this blog post, I wanted to take a look at some key features.

What’s New on iOS/iPadOS 15

VPN and Device Management Redesign: Apple has combined VPN and Device Management, providing a single comprehensive location that displays the device state.

User Enrollment: Apple has introduced account-driven user enrollment, which changes the onboarding experience flow to a more user-driven experience. Now, from the Settings app, they can directly enroll the device by entering the organization email or ID in the new “Sign In to Work or School” option under the new “VPN & Device Management” entry. This new user enrollment flow uses Service Discovery.

New Restrictions:

  • Managed pasteboard restriction: A new restriction for iOS 15 and iPadOS 15, managed pasteboard enables admin control over the pasting of content from an app. It uses Open In management to support the managed Open In rules that are enforced.
  • Force on-device translation: This prevents content for translation from being sent to Apple servers for processing.

Required App: Admins can specify an app to install on an unsupervised device without additional user approval (install permission prompt). The user must consent to this installation when enrolling the device.

What’s New with macOS Device Management

With the introduction of Monterrey, Apple is bringing valuable features to the table for macOS device management, including:

  • Managed apps: When a device is enrolled with User enrollment, apps can be managed on macOS 12.
  • System extensions: Starting with macOS 12, administrators can remove an app system extension.
  • Software Updates: With Monterrey, Apple is unifying the OS update process for macOS and iOS.
  • New restrictions for macOS:
    • Force a delayed major macOS software update: Defer major macOS updates, such as macOS 12, for a specified time.
    • Force a delayed minor macOS software updates: Defer minor macOS updates, such as macOS 11.5, for a specified time.
    • Enforce a major macOS software update delay (macOS 12 must be installed)
    • Enforce a minor macOS software update delay (macOS 11.5 to be installed)
    • Enforce a non-macOS software update delay, such as a supplemental update to be installed.
  • Prevent users from using Erase All: Content and Settings on their Mac.
  • Setup Assistant: This feature enables you to Skip the “Allow unlock with Apple Watch” pane.
  • Apple Configurator 2
  • Restore and revive Mac: With macOS 12, you get the ability to restore and revive a Mac using Apple Configurator 2, beginning with models with the Apple T2 Security Chip.
  • Apple Configurator for iPhone: Using the iPhone app, now Mac devices can be assigned to organizations and take advantage of “Automated Device Enrollment” features.

MDM Updates

Declarative management is an update to the existing protocol for device management, and Apple’s new MDM technology promises to make managing iPads, iPhones, and macOS devices much easier. The new methodology offers a more modern and optimized way to manage a device (moving from a “server-centric” to a more “device-centric” approach to device management)

This new methodology is initially for User Enrollment and can still be used in combination with the current protocol. The four declaration types are:

  • Configurations: Similar to MDM’s existing profile payloads, these represent the policies to be applied to the device such as accounts, settings, and restrictions.
  • Assets: These consist of reference data that are required by configurations for large data items and per-user data. These have a one-to-many relationship with configurations.
  • Activations: This set of configurations are applied atomically to the device and can include predicates, such as “device type is iPad” or “OS version greater than 14.” There is a many-to-many relationship between activations and configurations.
  • Management: This is used to convey the overall management state to the device, describing details about the organization and capabilities of the MDM solution.

Apps and Books Management Updates

Apple also announced the API version 2 of Apps and Books with improvements to help with managing an organization’s content, including:

  • Real-time notifications, including assignment, asset, and registered user notifications
  • Asynchronous processing
  • Increased request sizes

The API version 2 of Apps and Books will significantly improve performance and reliability for large-scale deployments.

Learn More

It was another exciting WWDC this year, full of great updates and information from Apple and its customers, as well as the new enterprise features for iOS/iPadOS 15 and macOS 12. You can check out the keynote and developer documentation for more information. Citrix Endpoint Management will provide support for these great features soon, and you can learn more about Citrix Endpoint Management and Apple in our product documentation. And stay tuned for updates on upcoming Citrix Endpoint Management releases.


Disclaimer: The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.