Last updated April 19, 2019
Update 8/23/18 – Added privacy preferences, setup assistant, notifications, and restrictions updates.
Update 7/31/18 – Added link to InstallEnterpriseApplication article.
Updated 7/3/18 – Added macOS device lock message.
Updated 6/19/18 – Added DEP, Dock notes. Clarified Proximity setup.
Updated 6/18/18 – Added S/MIME & Contacts API information
At the Apple Worldwide Developer Conference this past week, Apple shared new features to expect in iOS 12, macOS 10.14, and tvOS 12. This article focuses specifically on the mobile device management (MDM) features that are to be released.
We will be updating this document as as information becomes available leading up to the release of these new OS versions. Since details are sometimes thin, we’ve provided our best interpretation of the information available.
We suggest bookmarking this page and checking back often.
The restrictions payload will add support for enabling or disabling the following:
Additionally, automatic date and time can be forcefully enabled without the option to disable.
Exchange accounts utilizing OAuth will be configurable by MDM. Administrators will be able to optionally allow users to override admin-specified S/MIME settings for mail and Exchange accounts.
iOS will also allow administrators to:
iOS and macOS will allow the administrator to specify a specific OS version for a device to update to. Previously, an OS version could not be specified.
Apple is expanding the functionality of managed open-in, a security feature used to restrict file transfers between managed and unmanaged apps. For one, the Contacts API, which apps use to access information in the Contacts database, will respect the managed open-in restrictions. No further specifics have been provided at this time.
Administrators will be able to specify how notifications should be grouped together in the UI. For instance, notifications can be configured to group by app, by an automatic setting that allows the app to decide, or not at all.
Additionally, notifications can be disabled while in CarPlay mode.
Like iOS, MacOS will include support for the password auto-fill and password sharing restriction options. macOS will also support OAuth Exchange account setup and the ability to specify a version number for managed OS updates.
The macOS enrollment and setup assistant process is simplified to match the iOS enrollment process.
A new mechanism for installing macOS packages using MDM, named “InstallEnterpriseApplication”, will become available. Notably, it will allow MDM vendors to provide more security around the package delivery process. Read about this feature in depth: Explained: InstallEnterpriseApplication MDM Command.
Administrators can enabled or disable “Show recents in Dock” and block the user from changing this setting.
A message can optionally be specified to display when a device is locked.
Administrators may control the settings are are displayed in the “Privacy” tab of the “Security & Privacy” pane in System Preferences.
MacOS 10.14 introduces Dark Mode, and as a result, adds an additional configuration screen to the Setup Assistant that allows users to enable it. The DEP & MDM protocol have been extended to allow administrators to skip this screen for their deployment.
Starting in tvOS 12, tvOS apps can be managed using MDM in conjunction with an Apple VPP account. Additionally, tvOS will add support for managed OS updates.
tvOS will add support for restrictions and configurations currently found in iOS. Specifically:
Administrators will be able to configure devices to skip the “Choose Your Look” setup assistant screen.
On a tangental note, Apple has also released Apple Business Manager ahead of the their OS software updates. In a nutshell, Apple Business Manager unifies the Apple DEP and VPP portals and adds additional Apple business functionalities. We’ve covered the specifics in our article What is Apple Business Manager?
If we’re missing something, tell us about it in the comments below. We’ll add it to the article and give you credit.