New MDM features for iOS 11.3 & macOS 10.13.4

SimpleMDM Favicon
SimpleMDM|January 25, 2018
News Article 2 Background
News Article 2 Background

Note: Apple has noted that these features are subject to change. Additionally, this article shares knowledge about the Apple MDM protocol and not necessarily the SimpleMDM product.

Apple has begun sharing new functionalities that are expected to be available in the yet-to-be-released iOS version 11.3 and macOS 10.13.4 OS updates. Below is a comprehensive list, specific to mobile device management, of what is expected.

Auto renewal of Active Directory certificates

Administrators can flag Active Directory (AD) payloads for auto-renewal. This will cause the client to automatically renew its certificate when necessary with the AD server. macOS only.

Autonomous Single App Mode for macOS

Administrators will be able to create whitelists of allowed applications. This functionality was previously available for iOS supervised devices only. This option will be available for user approved MDM enrollments and applications that have been signed with an Apple-issued production developer certificate.

Bluetooth control

Administrators will be able to turn Bluetooth on and off. Previously, administrators were only able to disable modification of the Bluetooth setting.

Content caching

Administrators will be able to configure the content caching service on a macOS device. This will allow the following:

  • iCloud caching controls

  • App and software update caching controls

  • Enable or disable the content cache feature

  • Specify a maximum cache size

  • Specify a data path for the cache

  • Specify which other servers and devices to interact with and how

Home screen layouts with web clips

Apple MDM did not previously support positioning web clips on home screen layouts. With the release of iOS 11.3, administrators will now be able to do so. As the home screen layout feature requires iOS supervised mode, this will also.

Changes to restrictions

The restrictions profile will now allow administrators to disable the proximity setup feature during device setup.

Functionality has also been added that forces device behavior as it relates to the classroom app. Specifically, devices can be forced to:

  • Join a class.

  • Request permission to leave a class.

  • Lock or enter single app lock without prompting the student.

  • Grant screen observation permission without prompting the student.

These features are specific to supervised iOS devices.

Delay OS updates

This is a big one. Administrators will be able to have better control over when devices receive new OS updates. Though workarounds were available, previously there was no officially supported nor reliable means for an administrator to accomplish this.

In both iOS 11.3 and macOS 10.13.4 and later, administrator will be able to specify a number of days to delay a software update, with a maximum delay of 90 days. With this option enabled, the user of the device will not see a software update until the specified number of days has passed since the release.

Thank you to Antoine Moussy for noting that this feature will require supervision for iOS devices.

macOS Setup Assistant

Administrators will be able to skip the following screens during macOS Setup Assistant, allowing for further tailoring of the device setup process:

  • Cloud Setup

  • Siri Setup

  • Privacy Setup

  • Cloud Storage Setup

SimpleMDM Favicon
SimpleMDM

SimpleMDM is a mobile device management solution that helps IT teams securely update, monitor, and license Apple devices in a matter of minutes — all while staying on top of Apple updates automatically.

Related articles