'Mortimer, we're back!'

Apple announces new device management tools

This year’s World Wide Developers Conference (WWDC) didn’t officially restore the IT track it’s had in past conferences, but Enterprise (including Education) returned to the agenda. And Apple has opened its WWDC 2015 conference videos to the public giving device administrators a glimpse of new features.

Device deployment and management

Apple’s most important session for Mac and iOS admins What’s New in Managing Apple Devices details many new features for supporting devices. Most improvements center around new Mobile Device Management (MDM) commands, settings and deployment.

Todd Fernandez, Senior Manager for Device Management, covered four major areas in his 52 minute presentation.


  • Apple is expanding its Device Enrollment Program (DEP) from two countries to 26.
  • They’re also shortening the time to get replacement iOS devices into DEP to a 4-hour turnaround.
  • MDM systems can keep DEP-enrolled OS X and iOS devices in the Setup Assistant until they are fully configured with accounts and/or configuration profiles.
  • OS X – MDM can control account creation for OS X. It can prevent account creation (for network accounts only) or create the first new user account as a Standard account not admin.
  • OS X – MDM can create a hidden admin account in addition to creating a new Standard user account.
  • OS X – MDM can control skipping the iCloud Setup Assistant.
  • iOS 9 – Apple Configurator 2 in conjunction with DEP can fully enroll and configure a device (without tapping on the glass) all the way to the Home screen.


  • Apple is expanding its Volume Purchasing Program (VPP) to 26 countries.
  • Apple will support multi-national app assignment. Facilitators can purchase apps in their countries and deploy to devices in other countries as long as the apps are available in the local App Store.
  • Administrators can assign VPP Managed Distribution apps to devices instead of users. This won’t require an Apple ID but will require purchasing an app license for each device.
  • A user won’t see managed VPP apps in purchase history if logged in to the App Store with an Apple ID.
  • MDM can control both OS and app updates.
  • MDM can convert unmanaged apps to managed apps without reinstalling them or losing user data.
  • Additionally, MDMs can migrate user to device assignments without reinstalling apps or losing user data. The migration is silent on supervised devices.
  • OS X Server’s Caching service can “pre-heat” a local cache of iCloud data on the local network.
  • MDM can bulk associate and disassociate single app assets to and from users and devices.
  • MDM can retrieve a list of purchased apps including licenses without having to retrieve all licenses.
  • iOS 9 – MDM or Configurator 2 can install apps while the App Store is closed.
  • MDM can prevent users from trusting third-party apps.


  • MDM can query for available software updates.
  • MDM can update an OS X and iOS to the latest available software update. Admins can stage all updates to install at one time.
  • iOS 9 – MDM can prevent modifying device name, wallpaper and passcode.
  • OS X – MDM can restrict camera, iCloud usage, Spotlight suggestions and sending diagnostics to Apple.


  • The iOS 9 SDK includes DEP and VPP simulators for testing.
  • Configurator 2 shows the current state of iOS devices, what it can do and what will happen whether in Setup mode or already prepared.
  • Configurator 2 can update individual apps without launching iTunes.
  • Configurator 2 shows more device information such as device name, serial number UUID, model, etc.
  • Configurator 2 shows installed apps and profiles on devices.
  • Configurator 2 supports both manual and automated workflows.
  • Configurator 2 supports enrolling devices into an MDM and skipping all Setup Assistant panes to go directly to the Home screen when finished.
  • Configurator 2 supports Blueprints (templates) for preparing devices.
  • Configurator 2 no longer requires associating devices to the Macs that prepare them.
  • Configurator 2 can write device tags to the devices such as First Grade or Cart 12 for easier searching and sorting. Any Configurator 2 station can read these tags.
  • Configurator 2 includes command line tools, Automator actions and supports scripting libraries.

Testing these new tools

Apple currently limits access to OS X 10.11 El Capitan, iOS 9 and Configurator 2 to paid Apple Developer accounts, which cost $99 USD per year. Non-developers, such as device administrators, will find useful resources such as forums for discussing the new products, certificate tools, advanced testing configuration profiles and simulators.

In July Apple makes OS X 10.11 El Capitan and iOS 9 available to everyone for testing via its Apple Beta Software Program. The Beta program offers none of the support options of the Developer program, however, it’s free to everyone who enrolls.

Bear in mind some tools such as Configurator 2 will require OS X 10.11 El Capitan and a dedicated iOS device for testing. Testers cannot revert a device to an earlier supported iOS version once they’ve updated it to the beta version.

Also, testers can’t explore new DEP and VPP features until those programs are updated later this year.

Other Key Videos

Apple has publicly posted more than 100 WWDC 2015 session videos online. While most are geared toward app developers, Mac admins should find a few videos very interesting.


Apple CEO Tim Cook opens the conference and presenters announce iOS 9 and OS X 10.11 El Capitan.

Supporting the Enterprise with OS X Automation

Sal Soghoian, Product Manager for Automation Technologies, reviews OS X’s automation capabilities including AppleScript, shell script, JavaScript for Automation (JXA) and Automator, including building workflows for Apple Configurator 2.

Introducing the New System Fonts

Type Designer Antonio Cavedoni introduces Apple’s new San Francisco system fonts for OS X, iOS and Apple Watch. This is worth watching to understand the level of detail Apple puts into unifying the look and usability of all its platforms.

Comments are closed.