Apple Announces New MDM Features for iOS 11.3 & macOS 10.13.4

Last updated April 19, 2019

Apple has begun sharing new functionalities that are expected to be available in the yet-to-be-released iOS version 11.3 and macOS 10.13.4 OS updates. Below is a comprehensive list, specific to mobile device management, of what is expected.

Please note: Apple has noted that these features are subject to change. Additionally, this article shares knowledge about the Apple MDM protocol and not necessarily the SimpleMDM product.

Auto renewal of Active Directory certificates

Administrators can flag Active Directory (AD) payloads for auto-renewal. This will cause the client to automatically renew its certificate when necessary with the AD server. MacOS only.

Autonomous Single App Mode for macOS

Administrators will be able to create whitelists of allowed applications. This functionality was previously available for iOS supervised devices only. This option will be available for user approved MDM enrollments and applications that have been signed with an Apple-issued production developer certificate.

Bluetooth Control

Administrators will be able to turn bluetooth on and off. Previously, administrators were only able to disable modification of the bluetooth setting.

Content Caching

Administrators will be able to configure the content caching service on a macOS device. This will allow the following:

  • iCloud caching controls
  • App and software update caching controls
  • Enable or disable the content cache feature
  • Specify a maximum cache size
  • Specify a data path for the cache
  • Specify which other servers and devices to interact with and how

Home Screen Layouts with Web Clips

Apple MDM did not previously support positioning web clips on home screen layouts. With the release of iOS 11.3, administrators will now be able to do so. As the home screen layout feature requires iOS supervised mode, this will also.

Changes to Restrictions

The restrictions profile will now allow administrators to disable the proximity setup feature during device setup.

Functionality has also been added that forces device behavior as it relates to the classroom app. Specifically, devices can be forced to:

  • Join a class.
  • Request permission to leave a class.
  • Lock or enter single app lock without prompting the student.
  • Grant screen observation permission without prompting the student.

These features are specific to supervised iOS devices.

Delay OS Updates

This is a big one. Administrators will be able to have better control over when devices receive new OS updates. Though workarounds were available, previously there was no officially supported nor reliable means for an administrator to accomplish this.

In both iOS 11.3 and macOS 10.13.4 and later, administrator will be able to specify a number of days to delay a software update, with a maximum delay of 90 days. With this option enabled, the user of the device will not see a software update until the specified number of days has passed since the release.

Thank you to Antoine Moussy for noting that this feature will require supervision for iOS devices.

MacOS Setup Assistant

Administrators will be able to skip the following screens during macOS Setup Assistant, allowing for further tailoring of the device setup process:

  • Cloud Setup
  • Siri Setup
  • Privacy Setup
  • Cloud Storage Setup

Release Date

Apple does not typically announce release dates for minor software releases. This document will be updated as we learn more about the upcoming features available.

Comment (1)

“Surprisingly, this has not been noted to require iOS supervision, so this feature, as it stands, will be available for both supervised iOS, unsupervised iOS, and macOS devices.”

In Configurator 2.7 beta, the “Defer software updates for XX days” is “Supervised only”.

Leave a Reply

Your email address will not be published. Required fields are marked *

Start your 30-day free trial of SimpleMDM

Start My Free Trial

Test-Drive SimpleMDM Right Now. No Credit Card Required.

Start My Free Trial