AVR’s Guide to iOS 13 and iPadOS13
For the last few years, Apple has held a special event in the first half of September to announce the arrival of the latest iPhone and Apple Watch model and the annual major release of iOS. This year’s special event is scheduled for Tuesday 10 September at 18:00 and can be watched live on Apple’s US website.
The first major change to expect is that iOS will going forward be split into iOS for iPhones and iPadOS for iPads. iPadOS offers a new approach to multitasking, with Slide Over offering the ability to keep multiple apps open concurrently, have multiple windows open on screen and have multiple windows or spaces for the same app. This offers an end-user experience that more closely resembles the desktop computer or laptop that many will be familiar with.
Apple is also introducing User Enrolment, which will greatly improve MDM features for BYOD users. User Enrolment uses Managed Apple IDs to create a separate APFS container for configurations, actions and apps delivered by MDM in a manner similar to Android Enterprise’s Work Profile. As the corporate information is containerised, your MDM will have a more restricted view of what is on a user’s device. It will see an anonymised identifier instead of a serial number, UDID, IMEI and MAC address and will only see apps within the corporate container. It will no longer be possible for most unmanaged apps to become managed, although there are some apps that will support concurrent usage both within and outside the container.
There will also be a much-restricted set of policies and configurations available to devices under user enrolment – email, calendar, contacts, WiFi and per-app VPN. It will no longer possible to enforce device-wide restrictions for BYOD devices such as complex passcode restrictions or wipe the device, however it can enforce a six-digit passcode. Most iOS Restrictions for unsupervised devices are being deprecated in iOS 13, except for Managed Open-In restrictions.
Managed Apple IDs are created within Apple Business Manager or can also be dynamically created if federated with Azure AD. They do not conflict with regular Apple IDs and a device can have both a regular Apple ID and a Managed Apple ID. The Managed Apple ID will also be used as a credential of their new business-level iCloud services.
Traditional MDM remains and is now known as Device Enrolment, and DEP is now known as Automated Device Enrolment so there will be three options going forward for managing devices.
AVR strongly recommend either upgrading to one of the supported versions for iOS 13 & iPad OS or amending your iOS Restrictions to defer software updates until you have upgraded to a supported version of Core/Cloud. If you require assistance with this, please contact us on the contact page.
Apple is moving their existing Device Enrolment Program (DEP) and Volume Purchase Program (VPP) to end of life on December 1, organisations will need to upgrade to Apple Business Manager by that date.
Balaji discovered that organisations were predominantly relying on role-based access controls (RBAC) to solve their growing identity privilege challenge.