MDM becomes DDM: This is what iOS 15 brings to companies

  • Home
  • Female care
  • MDM becomes DDM: This is what iOS 15 brings to companies
MDM becomes DDM: This is what iOS 15 brings to companies
Images
  • By deutschewhiskybrenner
  • 920 Views

When developing iOS 15 and iPadOS 15, Apple also thought about the needs of companies. However, the most serious changes will probably only really have an impact on future iOS/iPadOS versions. An overview. [...]

Even if the business context of the new operating system versions iOS 15 and iPadOS 15 was somewhat lost at the keynote of the WWDC 2021 - in the subsequent sessions of the Apple developer conference, adjustments for corporate use were definitely an issue and there were a number of exciting announcements. We would like to present the most important ones to you here.

New MDM commands / restrictions

Currently, Apple offers managed open-in settings for (managed) contacts and (managed) apps/domains and files. This setting allows admins to prevent managed app data and content from being moved to unmanaged apps (and/or vice versa). With iOS/iPadOS 15, the copy and paste function of the clipboard can now also be configured accordingly. This means that, firstly, information copied from enterprise apps cannot be pasted into unmanaged apps. And vice versa, it is possible to prevent information from unmanaged apps from being injected into corporate apps.

Other innovations in this context:

Declarative Device Management

Essentially all of Apple's MDM configurations are based on the same mechanism that has been in place since the introduction of device management. While Apple's MDM protocol has continually added new capabilities and features over the years, the underlying structure of the protocol has remained largely unchanged. So far - because the practice Apple now calls "reactive management" is now being followed by new concepts and mechanisms with "declarative device management".

The background: Until now, the MDM system had to query a managed end device to detect changes such as installed apps, rolled out configurations, an operating system update. This is because an MDM system must always provide commands and commands to a device in order for it to respond - the device does not notify the MDM on its own. Hence the term “reactive” management.

Aus MDM wird DDM: Das bringt iOS 15 für Unternehmen

The newly presented declarative management is optimized for the MDM server and enables devices to be managed more autonomously and to be able to react more proactively. In other words, devices can independently react to state changes and apply logic based on those changes without being prompted by the MDM server. Additionally, devices can now notify the MDM server when relevant changes occur. Apple offers three areas in declarative management.

1. Declarations are used to convey policy - they can be used to configure accounts, settings and restrictions. There are four types of declarations:

2. The Status Channel allows an MDM Server to subscribe to specific changes in device status. In this way, the system is able, for example, to receive notifications from devices whose operating system version is being updated.

3. The third area, extensibility, allows both MDM and devices to notify each other when certain features are supported. For example, if a device's operating system is updated so that a feature supported by the MDM is available, the device reports this and adopts the change from the MDM. Similarly, when the MDM service is updated to support a new feature that is compatible with the device, the system notifies the device, and the device receives the change.

Important to know: Declarative Management is designed to coexist seamlessly with the existing MDM protocol. This means that MDMs can adopt a gradual roll-out of the new functionalities without disrupting the existing functionalities.

Apple Configurator

The Apple Configurator is a tool that provides basic management functions (e.g. the ability to apply profiles, install apps and perform actions such as resetting a device, upgrading the software and enabling supervised mode) when a device is connected via cable is connected.

The new version focuses more on management functions for macOS devices with the T2 / M1 chip. The main new functions include deleting all user data, firmware recovery and installing a newer macOS version, among others.

In addition, Apple Configurator supports the ability to add macOS, iOS and tvOS devices purchased outside of a formal business channel to Apple Business Manager or Apple School Manager with so-called preliminary enrollment. Previously, this was not possible for macOS devices.

User enrollment

In 2019, Apple introduced a modern Bring Your Own Device (BYOD) approach with iOS 13 and user enrollment. The stated goal of User Enrollment is to improve and secure the way employees (BYOD) or service providers access company resources with their own devices.

With the new iOS 15 operating system, Apple is now going one step further and expanding user enrollment to include better protection of company data and user privacy: If a user with a managed Apple ID logs into a company network with their personal device, they can Finally, access to a shared Enterprise iCloud Drive can also be granted. Even if he is logged in with his personal Apple ID, he has access to his personal and Enterprise iCloud Drive at the same time. This helps protect company data by keeping it within the managed iCloud Drive space and not on an iCloud instance tied to the user's personal Apple ID. Data separation can be (de)activated via the Apple Business Manager.

AirPrint

Photos and documents have been printed on paper using AirPrint-enabled printers for years. Previously, the user only had a few options for printing. With the new operating system, the user can load presets, choose the paper tray selection, media type and print quality and print PDF annotations (optional). The option to print in portrait or landscape format is finally available.

*Mark Zimmermann has several years of experience in the areas of mobile security, mobile solution creation, digitization and wearables and is responsible for a team for mobile solution development at EnBW Energie Baden-Württemberg AG. He knows how to present his topics from a wide variety of perspectives for company-specific challenges. To this end, he works part-time at national lectures and as a freelance author for specialist publications and runs his own podcast (Beta-Schmerz) all about the iOS ecosystem.