1 Reply
      Latest reply on Aug 9, 2016 11:10 AM by mlbell4
      rtrouton Level 1 Level 1 (0 points)

        Todd Fernandez - Senior Manager, Device Management and Server

         

         

        September 2016 release timeframe for macOS Sierra (based on showing September 2016 in the video when release dates were discussed.)

         

         

        Reviewing features released in iOS 9.3

         

         

        Apple School Manager (watch video)

        Shared iPad (watch video)

        Classroom (watch video)

         

         

        Education:

         

        Apple deployment programs

        Apple School Manager

        Apple ID

         

         

        Enterprise:

         

        Apple deployment programs

        DEP (Device Enrollment Program)

        VPP

        New settings and commands

         

         

         

         

        Apple School Manager

         

        Manages people, devices and content

         

        People


        • Student information system integration
        • CSV import

         

         

        Creates managed Apple IDs for each student and teacher.

         

        Admin accounts

        • Tiered administration
        • Roles and privileges

         

        Student accounts

         

         

        Required for Shared iPad, can also be used for 1 to 1.

        Passcode options

        Disabled options

        - Commerce, FaceTime, iMessage, iCloud Mail...

         

         

        Roster Service API

         

         

        Users:

        Students' Apple IDs

        Teachers' Apple IDs

         

         

        Customers will not need to download new tokens for new API.

         

        Handles duplicate records from multiple sources (LDAP + API)

         

        Allow admin to configure automatic policy matching criteria

        Allow admin to manually merge records

         

         

        source_system_identifier corresponds CSV import's "PersonNumber". This may not be unique, be able to handle non-unique import collisions.

         

         

        There is no delta API, only full enumeration.

        - Consider throttling admin-initiated syncs.

         

         

        DEP:

         

        Find purchases

        Configure MDM servers

        Set up devices with MDM

         

         

        Content:

         

        VPP (Volume Purchase Program)

        iTunes U

         

         

        Enrollment optimization: Shared iPad (watch video)

         

         

         

         

        iOS 9.3.2 no longer supports MD5

        • DES deprecated
        • AES support added

         

         

         

         

        New in macOS Sierra:

         

         

        DEP allows the skipping of the following in the Setup Assistant:

         

        • Siri
        • iCloud preferences

         

         

        Shared iPad

         

         

        Multiple users

         

         

        Requires managed Apple ID to sign in

        Sign into iCloud and iTunes

         

         

        Device-assignment of apps via VPP

        MDM vendors use PurchaseMethod1

         

         

        All app types supported

        - App Store developers must allow device assignment

         

         

        Student data truth is stored in the cloud

        • Data is cached locally, but purged as needed
        • User data is separated
        • Data will continue to upload to the cloud after sign-out, if needed.

         

         

        If one student signs out with data still waiting to upload and another student signs in:

         

        • Previous student's data continues to upload to the cloud until transfer is completed.
        • New student's data downloads and the new student is able to start working right away.

         

         

         

         

        Lock screen grace period:

         

        Time after screen locks that device can be re-opened without re-entering the passcode.

        Once that time period expires, passcode will need to be entered.

         

         

        User channel:

         

        Allow MDM server to configure per-user settings for iOS - Similar to how macOS has always worked.

         

         

        No user authentication on iOS (watch video, didn't get all details.)

         

         

        Restrictions payload:

         

        Most restrictive payload wins

        Combined to compute effective restrictions

        Acts just like using multiple profiles for managing restrictions

         

         

        Managed Apple ID association

         

         

        Programmatically associate Managed Apple IDs for VPP

        - No need to invite the Managed Apple ID in order to send the app via VPP

         

         

        iBooks Store VPP books

         

         

        - Assigned to users

        - Cannot be distributed to devices

        Shared iPad must "download" in iBooks

        Downloaded only once per device

         

         

         

         

        Enterprise Apps

         

         

        Universal Provisioning Profile - Allows non-App Store apps to be installed

         

        • Apps installed via MDM are explicitly trusted.
        • Otherwise, user must explicitly trust apps from that UPP signer to run on this device.

         

         

         

         

        Management:

         

         

        In iOS 9.3:

         

         

        Settings command was updated to support setting max users, diagnostic submission:

         

         

        New commands for iPads:

         

        User list

        Logout User

        Delete User

         

         

        Other new commands (apply to all iOS devices.)

         

        MDM Lost Mode (including device location)

        MDM Activation Lock

         

         

         

         

        Configuration profile payloads:

         

        Exchange, Mail: Allow Mail Drop

        Managed Domains: Safari autofill passwords

        VPN: Many new IKEv2 settings

        Restrictions: Many new settings

         

         

        Restrictions:

         

         

        Apple Music

        Classroom Screen View

        iCloud Photo Library

        iTunes Radio

        Modify Notifications

        Show/Hide Apps

         

         

        Configuration profile payloads: Education (watch video)

        Configuration profile payloads: Per-user on Shared iPad (watch video)

         

         

        iOS 9.3.2

         

         

        MDM commands and queries

         

         

        Enable / Disable app analytics

        Set lock screen grace period

         

         

        DeviceInformation returns analytics settings

        Watch video for info on key for setting lock screen grace period.

         

         

         

         

        What's new in iOS 10:

         

         

        Contacts, Exchange, Google, LDAP: Communication service rules for audio

        Lock Screen Message: Updated key names

        VPN: IKEv2 EAP only authentication method

         

         

        PPTP VPN has been removed from iOS 10 / macOS Sierra

        - PPTP payloads will not work

         

         

        Wi-Fi: Captive Bypass

         

         

        See video for more details

         

         

        What's new in OS X 10.11.4:

         

        Install major update (DEP Macs) - can force macOS Sierra upgrades on DEP-enabled Macs.

        Configure IP firewall

         

         

        Restrictions:

         

        Apple Music

        iCloud Photo Library

        iTunes Radio

        Back to My Mac

        Find My Mac

         

         

        Some additional restrictions listed, see video.

         

        See complete list of session and lab notes here:

        https://forums.developer.apple.com/message/142899