This is a little description of what I see is most relevant in planning for the future, when managing Apple devices, especially Macs.
Several announcements was made on WWDC 20 (World Wide Developers Conference 2020) and those are important to consider. I will share links to WWDC videos as well as describe some general and important changes, that influences the planning for the future, of especially the macOS platform.
From WWDC 20, I can recommend the following videos:
- Keynote (mostly what is new in the coming operating systems): https://wwdc.io/share/wwdc20/101
- Platforms State of the Union (mostly technical for developers): https://wwdc.io/share/wwdc20/102
- What’s new in managing Apple devices: https://wwdc.io/share/wwdc20/10639
- Deploy Apple devices using zero-touch: https://wwdc.io/share/wwdc20/10223
- Leverage enterprise identity and authentication: https://wwdc.io/share/wwdc20/10139
Apple also introduces a two year transition away from Intel, and over to Apple Silicon (which currently is the same CPU as is installed in iPad Pro)
- Explore the new system architecture of Apple Silicon Macs: https://wwdc.io/share/wwdc20/10686
I actually thing the transition to the new architecture will be very well handled, probably better than the transition to PowerPC or to Mac OS X.
Management changes on macOS
Beside for the above, Apple also announced changes in the way Macs can be managed.
- All configuration profiles has to be installed and approved by the user (no script can install these without user involvement)
- Manually enrolled Macs will both be User Approved and Supervised, when an Mac admin is entering the admin credentials to authorise the management of the Mac
What does this mean?
It means that Munki or shell scripts cannot install configuration profiles anymore with the user has to be involved. Many have used this to not pay for a MDM solution for the management, and until Bug Sur they could mostly manage the same stuff on the device as a MDM.
MDM is the future of managing all Apple devices, there is no way around this.
Please note, that whenever I advocate for management of devices, I recommend this as a service to the user, so the user can the tools he/she needs, so that the user can do a well done job efficiently. At the same time, we can secure the company data on the device, and hopefully this design will also help the user.
The second point above means, that Apple acknowledges that a lot of companies have Macs without DEP (which are not enrolled in Apple business Manager or Apple School Manager), and these devices can still be fully managed (even though a little more time hase to be used on the device when enrolling it into the MDM).
I really look forward to what Apple has to offer on these new versions, and can’t wait to help customers implementing these, to further add improvements to the user experience and efficiency.