cancel
Showing results for 
Search instead for 
Did you mean: 

Getting Ready for Apple Major OS Releases 2024

sergey_p_belous
JumpCloud Employee
JumpCloud Employee

JumpCloud Support for New Apple Operating Systems

JumpCloud is excited to announce support for the latest releases of macOS and iOS from Apple.  Businesses have transformed and redefined how they can Make Work Happen® on iPhone, iPad and Mac. JumpCloud is here to ensure a smooth transition to the latest Apple operating systems, including through our Patch Management tools.

JumpCloud’s software and agents have been tested with Apple devices to verify compatibility and were subjected to thorough performance evaluations to ensure they operate at the highest level with macOS 15 Sequoia, and iOS and iPadOS 18.

  • JumpCloud Agent tested and validated for macOS 15
  • JumpCloud Protect app tested and validated for iOS 18
  • JumpCloud Password Manager app tested and validated for iOS 18 and macOS 15
  • JumpCloud Mobile Admin app tested and validated for iOS 18

Below are the enhancements that we are delivering:  

  • JumpCloud Admin Portal supports macOS 15 and iOS 18
    • Dynamic Device Group Selection
    • Versioning throughout the platform
  • Updated Policies
    • JumpCloud Endpoint Security, System Extensions, CrowdStrike Falcon MDM Settings (No kernel extension), SentinelOne Agent Permissions
      • Added the following key: NonRemovableFromUISystemExtensions
    • Automatic macOS Updates Policy 
      • Added a new selection for “Automatic action for devices running macOS 14 Sonoma”
      • Added a new option “Enforce upgrade to macOS 15 Sequoia” for automatic action for devices running macOS 13 and lower
    • WiFi Configuration (iOS and macOS)
      • Added the following option: Disable MAC Randomization
  • JumpCloud Remote Assist
  • Account-driven User Enrollment Support - (See  JumpCloud Now Supports Apple’s Account-Driven User... - JumpCloud Community )
    • With iOS/iPadOS 18, Apple is no longer supporting Profile-driven User Enrollment. JumpCloud is actively working to support the alternative, Account-driven User Enrollment.
    • Please note that Profile-driven Device Enrollments and Automated Device Enrollments remain unaffected by this change.
    • Impact to existing devices and profiles:
      • Existing enrolled devices are not impacted and will continue to be enrolled
      • Users will not be able to enroll or re-enroll iOS/iPadOS 18 until Account-Driven User Enrollment is supported
  • Option to skip screens for Automated Device Enrollment
    • Apple Intelligence (iOS 18.1 and macOS 15.1)

 

 

You’re in the Driver’s Seat for Upgrades

Whether your organization is ready for full-scale deployment of macOS 15 Sequoia and iOS/iPadOS 18 on their release days or need more time to evaluate your key applications, JumpCloud can support all your needs. Admins can defer Sequoia updates to a convenient time with a Major Upgrade Version Delay policy in the Admin Portal, or tell their users they can upgrade immediately. All the power’s in your hands. And coming soon, JumpCloud Major Version Patch policies will also give you the ability to move all your devices on older versions to the latest, most secure Apple operating system with a single policy, using JumpCloud’s Patch Management tools. 

 

What Apple Announced for IT 

As part of their annual cycle of operating system updates, Apple has announced new versions of their popular operating systems - macOS, iOS, iPadOS, tvOS, watchOS and visionOS. In addition to introducing many impressive consumer features, Apple announced important enhancements coming to their device management protocol as well as Apple Business Manager and Apple School Manager.

The information provided below documents the new enterprise-related updates and features announced in Apple’s WWDC information sessions. You can access these sessions at your convenience through Apple’s Developer Program website.

This is a summary of new management-related features in Apple operating systems and apps. It also describes updates to the Apple mobile device management (MDM) framework.

Note: This article does not indicate support for any of the below features with JumpCloud.

 

Deprecation of Profile-driven User Enrollment

  • Profile-based User Enrollment is no longer supported in iOS and iPadOS 18. For User Enrollment, sign in with a Managed Apple Account in Settings.
  • NOTE: JumpCloud now supports Account-driven User Enrollment. iOS devices prior to iOS 18 can continue to enroll with Profile-driven User Enrollment via the JumpCloud User Portal. Devices enrolled into management prior to upgrading to iOS 18 will continue to function. However, if the device is upgraded to iOS/iPadOS 18 prior to being enrolled, or the device is un-enrolled and attempting to re-enroll, Profile-driven User Enrollment will fail. Use the newly supported ADUE flow:  JumpCloud Now Supports Apple’s Account-Driven User... - JumpCloud Community  

 

Apple Business Manager and Apple School Manager Updates

  • Domain Capture and Account Transfer: Apple announced that in the future, organizations will be able to enforce the creation of Managed Apple Accounts (formerly known as Managed Apple IDs (MAIDs)) for their domains, capturing personal Apple Accounts that try to use the organization’s domain. Previously, this was only possible by integrating with an identity provider (IdP). Users can transfer their existing personal Apple Account to a Managed Apple Account or change their existing email address.
  • Activation Lock: This new feature allows IT admin users with Manage Device privileges to turn Activation Lock off for organization-owned devices, directly from Apple Business Manager and Apple School Manager. This removes the need for IT admins to contact AppleCare support.
  • Support for Apple Watch and Apple Vision Pro: Apple Watch and Apple Vision Pro devices can now be managed within Apple Business Manager and Apple School Manager, allowing the use of the new Activation Lock capabilities and existing Automated Device Enrollment enrollment options.

 

Device Management Updates

  • Safari Extensions Management: Apple’s declarative device management now supports a new configuration for Safari extensions management on supervised iOS 18, iPadOS 18, and macOS 15 devices. Organizations can control which Safari extensions are allowed, always on/off, configured by specific domains/subdomains, and extending to both standard and Private Browsing modes.
  • Software Update Management: In addition to the existing Software Update Enforcement configuration, Apple’s declarative device management now supports a Software Update Settings configuration for devices running iOS 18, iPadOS 18, and macOS 15. This configuration allows for control over various update-related settings, including:
    • Automatic software update behavior
    • Rapid Security Response behavior
    • Deferral of software update (1-90 days)
    • Whether local administrator authorization is required to perform an update for macOS
    • Enrollment into beta programs (support for macOS later this year)
    • The default notification behavior when enforcing software updates
    • The visibility (recommended cadence) of software updates (iOS and iPadOS only)
    • Beta program registration and management

 

New APIs and Hardware Requirements

  • Apps and Books for Organizations API: Developers can configure Services IDs and authorization keys for the Apps and Books for Organizations API, to retrieve information about apps and books they manage (with new fields for visionOS compatibility) and a new endpoint for searching the App Store.
  • Managed Device Attestation: Attestions will only be issued to devices that meet the following hardware requirements:
    • iPhones, iPads, and Apple TVs now require an A11 Bionic chip or later
    • Mac computers now require Apple Silicon (M1 and above)

 

What’s New in macOS 15 Sequoia

  • Passkey and Security Key Support: Automated Device Enrollment on macOS 15 will now support WebAuthN for web authentication, providing support for security keys and passkeys for enrollment authentication.
  • Platform Single Sign-On (SSO): Platform SSO has been enhanced with macOS 15 to require IdP authentication when accessing FileVault, the Lock Screen, and the login window. Optional configurations for Touch ID or Apple Watch unlock are also available.
  • External Storage Management: A new disk management declarative configuration allows managed access to external and network storage and can enforce read-only volume mounting for enhanced data control.

 

What’s New in iOS 18 & iPadOS 18

  • Hiding and Locking Apps: iOS 18 and iPadOS 18 introduce options to require biometric authentication or a passcode to open apps and to hide apps from the Home Screen. MDM will be able to control these features on a per-app basis (managed apps only) or disable them entirely on supervised devices. Apple is bringing these restrictions to the MDM protocol later this year.
  • In-House App Installations: With iOS 18 and iPad 18, proprietary in-house apps now require a device restart to trust the provisioning profile. This does not apply to applications deployed via MDM.

New Restrictions

iOS 18, iPadOS 18, and macOS 15 now support new Restrictions keys for the following features:

  • eSIM Outgoing Transfer
    • Supported on iOS 18 and iPadOS 18
    • Requires supervision
  • iPhone mirroring
    • Supported on iOS 18, iPadOS 18 & macOS 15
  • Video Conferencing Remote Control
    • Supported on iOS 18 and iPadOS 18

 

What’s New in tvOS 18, watchOS 11, and visionOS 2

  • tvOS: Enhancements include better management for returning devices to service and identifying AirPlay receivers.
  • visionOS: visionOS 2.0 brings support for Automated Device Enrollment and new configuration management functionality for Apple Vision Pro. visionOS 2.0 also enhances the Mac virtualization experience by allowing the virtual Mac screen to be significantly wider, almost wrapping around the user when wearing the Vision Pro. This upgrade provides users with a much more expansive workspace than prior releases.

 

Apple Intelligence (Coming Later in 2024)

  • Apple announced exciting new generative AI features, coming later this year to iOS 18, iPadOS 18, and macOS 15. Apple’s Beta releases indicate iOS/iPadOS 18.1 and macOS 15.1 to be the versions enabling Apple Intelligence features. Apple has announced they will be providing device management controls for various Apple Intelligence features as they become generally available.

New Restrictions capabilities by Apple to control the following Apple Intelligence features:

  • Genmoji
    • Supported on iOS 18, iPadOS 18 & macOS 15
  • Image Playground
    • Supported on iOS 18, iPadOS 18 & macOS 15
  • Image Wand
    • Supported on iOS 18 and iPadOS 18
  • Writing tools
    • Supported on iOS 18, iPadOS 18 & macOS 15
  • Personalized handwriting
    • Supported on iOS 18 and iPadOS 18
  • In addition, we are expecting a new Restriction to be made available to block access to 3rd party model tools like ChatGPT in a future version of macOS and iOS, based on our conversations with Apple. Though these restrictions have not yet been documented, we expect them to be released prior to the inclusion of 3rd party models in Apple Intelligence.

 

For more information one Apple’s new enterprise features, check out the full World Wide Developer Conference 2024 session: What’s new in device management - WWDC24 

 

JumpCloud Roadmap Items

  • Account-driven User Enrollment
    • In active development with Early Access/Beta targeted for late Q3 2024/early Q4 2024
  • Additional MDM Policies for iOS and macOS
  • Apple Business Manager Federation
  • Declarative Device Management
  • Account-driven Device Enrollment

 

Documentation

 

7 REPLIES 7

troyopholous
Novitiate I

Thanks for creating the 

  • Block macOS Sequoia Installer App policy!

rjordan
Rising Star I

Looking forward to Account Driven Enrollment as we were in the middle of launching our Mobile Trust / BYOD iOS campaign to get everyone to scan the QR and get those devices into JC as user enrolled/BYOD so that we could take advantage of JC Go and other BYOD MDM features.

Also excited to get Federated IDP setup with MAID/ABM!

Same here. We planned to enable the new resource access policy for iOS devices on September 30.
On Monday, users were told how to enroll their iPhones.
They came to us with the new version 18 and said it did not work.

Thanks, Apple, for the new challenge.☹️

Great roll out by the team!!  Thanks always Sergey!

rjordan
Rising Star I

Loving the updates and progress on all of this.  Thanks team for keeping up on all of this and promptly turning things positive.

NVergin
Rising Star II

Any idea on how soon JumpCloud will support the management of Safari Extensions via the announced declarative device management enhancements?  This is a struggle currently and being able to enforce the use of some specific extensions and granting them access to all websites without user intervention is very important for us.