What’s New for IT | JNUC 2022

What’s New for IT | JNUC 2022

Show Video

Welcome, everybody. My name's Nick, and I am with Apple product marketing. And joining me will be-- Ooh.

Joining me will be Omar here shortly as well, too. And just really excited to be back here with this community. And hopefully you all enjoyed the keynote as well, too, where Jeremy shared a lot of our vision about, you know, what our vision is around, how our devices are best for our users and also best for IT. Today's session, I'm going to do an overview of just what's new for IT.

So we'll talk a bit about AppleSeed for IT, the Mac Evaluation Utility, and just how to prepare your organization to be ready for this fall. And then Taimur's going to come up and talk about what's new in Apple Business Manager and Apple School Manager and a lot of the device management features that we announced as well, too. Make sure you check out our deeper dive sessions that will be later this week. So tomorrow, we'll have a deeper dive session around deployment and management features. And then on Thursday, we'll have a deeper dive session on security and identity. So let's get started here.

Of course, at WWDC, we introduced a variety of new operating systems, right, new versions of iOS, iPadOS, and macOS, which are really going to help enable users everywhere to be more productive and to be more collaborative. macOS Ventura, this is going to be a really fantastic release. It adds continuity camera for iPhone as a Mac webcam for better video quality and remote meetings and Stage Manager to really stay focused while easily moving between tasks. I know I'm really excited about all the new mail updates that are coming to Ventura as well, too, and using passkeys to eventually replace passwords, too. In iPadOS 16, the-- we'll be extending productivity in all new ways to multitask with the all-new Stage Manager.

And coming later will be full extended display support as well too. Additional features like display scaling, the new weather app, and a lot of the intelligence features that are built in are going to be really big hits, we think, for your end users. And iOS 16, which, of course, was just recently released, has the all-new lock screen with support for widgets, which are just very glanceable information.

And that can be customized using focus modes, which was also talked about during the keynote as well, too. Of course, coming later this fall-- or later this year, sorry-- Freeform is a productivity app where you and your collaborators will be able to bring ideas to life, really plan projects, collect inspiration, brainstorm with your teams, and draw with a friend as well, too. You can share these files and insert web links and more.

So as we talked at the keynote, it's really our shared responsibility to enable employees to thrive in the workforce and to increase student-teacher productivity. And that's why we make it our goal to help you get these devices into the hands of your end users quickly and reduce any friction that may come a part of the deployment process. So before Taimur comes up and talks about everything that's new, I want to spend just a little bit of time talking about the programs and the tools that we have available for you to help prepare your organization.

So let's start with AppleSeed for IT. Of course, AppleSeed for IT is a seeding program that's focused on IT professionals. Within the portal, you can get access to beta software, provide feedback, get content designed for IT audiences. That includes detailed release notes and test plans.

Make sure you sign up for this program using your Managed Apple ID that's associated with your organization at appleseed.apple.com/it. Just as a side note, we've seen a lot of increase to this program, which is really, really fascinating-- which is really, really great to see, and we just encourage you to keep using it because that's where we publish these things, like documentation and release notes that you'll be able to find right in that portal. This is really to help you understand what's changed from an IT workflow perspective. Test plans are also there to ensure that the newest features work in your existing environment.

We also have surveys here, too, which are provided so that we can better understand what your environments look like. Of course, you know, we're committed to doing year-round testing, and we hope you are as well, too. To see what's available in the test plans, make sure you log in to the Feedback Assistant app. Now, speaking of feedback, I want to take a minute and just talk about the Feedback Assistant app, which is available, of course, on all of our platforms and on the web. And it's where you can send us feedback on your experience with our software.

And I wanted to highlight just a few best practices that we think a lot of people are already doing but want to encourage everyone to continue doing this. First of all, submit feedback using the device on your-- that you're having an experience or any sort of issues with, all right? The Feedback app lets you capture relevant log data and diagnostic files. Make sure you write clear and concise bug reports.

Give your bug name a descriptive title so that our teams can easily reference what your issue is. State clearly what you expected to happen, what happened instead, and what you think is a problem. Submit screenshots. So make sure you take as many screenshots as possible and any video showing what that device behavior looks like. And be clear and concise in the steps that are needed to reproduce the issue. Collect any logs and attach them to the bug report.

And of course, review your feedback as well, too. Make sure you log back into the Feedback app and see if there's any action items that need to be taken on it. That's Feedback Assistant. Now, you've probably seen this slide from us before, and we really want to just continue to encourage to test early and to test often. Explore the beta releases with all of the new functionality that's in there. Your users are going to be really excited to get their hands on the software.

So you want to have a deep understanding of what they're capable of doing. Dive into all the test plans and submit your feedback. And of course, test your infrastructure, right? Test with the latest Jamf beta. Jamf does a really great job with their beta programs.

And check with other solutions that are in your IT stacks to see what beta programs they offer as well, too. And when software updates are available, do your final validations and additional testing and just making sure that all of your apps work as well, too. Next, I want to take a look at a tool that we haven't talked about a whole lot, and that's a tool to help you test Mac specifically and to implement best practices. The Mac Evaluation Utility evaluates your organization's ability to deploy Mac computers. This app checks your network to help verify critical services are reachable for essentials, like automated device enrollment or software updates. It also examines the device's management configuration to help make sure that you're aligned with any best practices.

The results can be shared with colleagues, and you can help build a plan for success for deploying Mac at scale at your organization. This is what the app looks like. You can get it right from AppleSeed for IT.

It's totally free. And it's designed to run on a Mac that you manage on your network. When you first launch the app, you'll be greeted with the nice welcome screen. And to begin, you just click the Play button to run your first report. You can choose which tests you want to have the Mac Evaluation Utility run, and it will automatically save it locally for you.

When it's complete, you'll see this overview screen, which provides you a summary of that report. To dive deeper, you can click on the Results tab to see a complete list of all the tests that were run. You can click on specific tests to see additional information right in the inspector sidebar there. This is a really great way to see individual areas that might need some attention in your network. These are the different types of reports that Mac Evaluation Utility can do.

So it really has a wide range of different things, from computer information, network information, all of our different services available, finding which apps are still using kernel extensions and which apps have switched it over to system extensions. Now, this is one of my favorite features about the Evaluation Utility, is that it has the ability to export into a formatted PDF. This is a really great way to provide an executive summary of all of your findings.

Of course, it can be shared with colleagues. And it is very easily consumable by your organizational leaders as well, too, which is great. And as you read further into the document, each category includes any deployment blockers, issues and warnings, and will highlight all of your successful tests. So, to summarize Mac Evaluation Utility, it's a critical tool for testing and can really help by establishing a baseline for your organization. This can be really, really helpful, especially during the macOS beta cycle, which we're currently in.

If you haven't already, consider setting a baseline for your Mac deployments before macOS Ventura launches this fall. We also suggest setting any baselines before and after any sort of major infrastructure changes. And if you have a complex organization with maybe multiple buildings, different ISPs, different network teams, you can use this utility to try to find any sort of anomalies that other sites might have. Get started by downloading this right from AppleSeed for IT. Lastly, I want to highlight a new program that we launched earlier this year. Jeremy also mentioned this during the keynote as well, too, this morning.

Apple Professional Training is training and certification from Apple designed for app developers and for IT professionals. I want to focus on the IT track that we launched earlier this spring, and this is really the foundational content to really help you support Apple devices in your organization. It starts off with a certified support professional course. This is designed for help desk admins.

And then after you pass that course, you can move on to the certified IT professional, which goes into all the deployment and management essentials there. And we fully expect that you get training from a MDM vendor of your choice. Of course, Jamf has some fantastic training that would complement this after going through these courses.

Here's just a little bit of what it looks like. So it's all online. It's free and open, so you don't even need like an Apple ID or anything to log in. You can just navigate to the website and get access to this training. Here's the device support tutorials. You can see some of the examples here of what we have that goes really in-depth with all the different topics that are available here.

And here's what a specific page looks like, in this case, talking about Activity Monitor. And this is what the deployment and management course looks like. Again, very similar.

There's a lot of in-- Can see, that we have over 13 hours of content built for this. And again, it's all free, and you don't need to even log in to check it out. Now, once you feel that you're ready to take an exam, these are all available online and available in most countries as well, too.

They take about two hours to complete, and it's all done in a remotely-proctored environment. And it has about a hundred questions or so. Exams are $149 US dollars plus tax, and any new or update exams are typically released annually. So we'll be planning on updating this this fall. And you can keep your badge current by taking the recertification exam as soon as it's released or before whenever the badge expiration date is.

Now, the cool thing about these is they're all digital, and it's an open format as well, too. So that means you can share them across all of your favorite professional sites or social networking sites as well, too. And something that I'm extremely proud of is that we've also partnered with the Mac Admins Foundation to ensure that access to these Apple exams are available for everybody. With some underwriting by us, the foundation is going to be offering vouchers to applicants who are in financial need. So if anybody wants to be able to take this exam that might not be able to afford the exam cost, the Mac Admins Foundation is really helping out here, which is really great. Yeah.

We're really excited to be supporting the foundation, and just the overall Mac admins community in general. So check out some of the training. Head over to training.apple.com.

And with that, I'm going to turn it over to Taimur to talk about everything that's new. Take it over, T. Thank you. Hello, how are you guys doing? My name is Taimur. That's one way to pronounce my name. You can try multiple. I'll always answer.

I'll be showing you what's new in device management. Let's start with what's new, though, in Apple Business Manager and Apple School Manager, simple web-based portals that you're familiar with that works with your third party MDM solution so that you can take advantage of zero-touch deployments, buying apps and books in volume, and creating [indistinct] for your users. This spring, we updated Apple School Manager and Apple Business Manager with a new look and feel across users, devices, and preferences. I think it looks great. You do, too, yeah.

It's cleaner and easier to see information at a glance. We've also added features like showing the amount of iCloud storage associated with the Managed App-- And a new user group section so that you can organize your employees. We've also done something new with Apple School Manager and Business Manager with regards to adding federated authentication for Google Workspace as the identity provider.

This joins the existing Microsoft Azure AD support so IT teams can use federated authentication to allow users to sign in with their Google or Azure credentials and making it easier for users to access Apple services or at least more difficult to forget a password. With federation set up, as I'll show you here, when a user logs in with their Managed Apple ID, the domain is recognized as being federated, and the user is directed to continue. And the standard Google Workspace sign-in window is presented to the user so they can proceed to log in as they normally do with the same credentials as they would for any other Google Workspace service.

On our side, we introduced something called Sign in with Apple a few years ago, allowing users to quickly and privately sign into third party apps and services using their personal Apple ID. With the release of iOS and iPadOS 16 and macOS Ventura, we're excited that Sign in with Apple will now be working with Managed Apple IDs. So IT teams will be able to control which apps their users can use with Sign in with Apple. What you'll see here is an illustration of that.

A new access management option will be available in the sidebar of Apple Business Manager or School Manager. Here, IT administrators can manage Sign in with Apple access. So IT teams can choose either allow all apps or, if they're more particular, then allow only certain apps to control access for their users. Now, if a user tries to log in to an app that is not on the list, we will elegantly but firmly tell them that there was an error.

And this functionality is the same for ASM, Apple School Manager, and Business Manager. We've also released something specific in Apple School Manager called organizational data sharing, which allows an administrator in an Apple School Manager organization to authorize the sharing of data about all users on behalf of their organization. So the roster API, which is what you'll see here, is our first use case of organizational data sharing. The roster API allows third party education apps to sync user and class data from Apple School Manager. And this saves the administrator the time and the manual task of creating students' and class records in that third party app or service, and we're excited to see what else it can do. Within Apple School Manager, just like in Sign in with Apple, administrators can set the policy that's right for them and their school.

And they can choose whether administrators can initiate org data sharing flow for any app or for, again, a list of designated applications. So that's Sign in with Apple at work and school. Users can quickly sign in to apps and websites using their Managed Apple ID. We have new controls in Apple Business Manager and School Manager to allow IT teams to choose which apps are allowed. Now let's look at what's new for managing Apple devices. In addition to all the great new features that are there for end users, we have not forgotten about you, and there are exciting updates for in macOS Ventura and iOS and iPadOS 16 for IT teams, including new deployment options, identity integrations, and new security controls.

We'll start first with the new expanded deployment options for IT administrators to make the onboarding experience for employees even better. Add devices to Apple Business Manager. It allows zero-touch deployment, as we know, as the best way for IT to deploy Apple devices directly to their users. It automatically enrolls organization-owned devices into your MDM solution so you don't have to physically touch devices to provision them before users get them. Now, with iOS and iPadOS 16, Apple Configurator for iPhone can now also add iPhone and iPads to your organization.

This works, as you'd expect, just like adding a Mac. So simply hold your phone running Configurator over the animation. The device will connect to the internet and add itself to your organization. After erasing or restoring a Mac, another thing we've updated recently is a network requirement for Setup Assistant. An internet connection will be required to go through Setup Assistant for devices registered to your org in School Manager or Business Manager.

So once the Mac is set up for the first time and connected to a network, the Mac is then acknowledged as owned by an org. If, later on, for example, the MDM initiates an erase all content in Settings or the device is restored via Configurator, then the network, and therefore device enrollment, cannot be bypassed in Setup Assistant. And finally, starting in iOS and iPadOS 16, you'll now be able to install applications during automated device enrollment, before a user even gets to their home screen. So any apps assigned to devices will be automatically installed during the setup process so that users will have everything they need to get up and running before they have a chance to complain. macOS Ventura and iOS and iPadOS 16 also add new identity integrations.

We've spoken about before, and I'll give you a little more detail here. Incoming in macOS Ventura, Platform SSO will use SSO extensions to extend the macOS login window, allowing existing users to use an identity provider password to unlock their Mac. Platform SSO basically makes using your identity provider at the macOS login window possible by making tokens from the login available to third party SSO extensions or using the built-in Kerberos extension.

This enable users to sign in once at the login window and then automatically sign in to apps and websites. Something we talked about earlier was the User Enrollment SSO as well. It's designed to make the user enrollment grow faster and easier by reducing the number of sign-ins required during enrollment into MDM. So this is accomplished by installing an identity app and then using it to handle repeated authentication flows during and after the enrollment process.

A native app authentication experience provides a richer experience for end users and often more authentication options for IT administrators. And finally, as we discussed before, Sign in with Apple will now work with Managed Apple IDs to help IT administrators control access to apps and services. We're also really excited to expand our security controls for IT to keep devices updated and secure. In iOS and iPadOS 16 and macOS Ventura, we've introduced a new mechanism called Rapid Security Response to ship security fixes to users faster and more frequently. This allows IT to get important security improvements to devices even faster.

Now, this isn't a normal software update. These improvements can be applied automatically between normal updates. With devices even more distributed than before, security needs have evolved beyond a simple firewall or VPN. To address this, Apple has introduced Managed Device Attestation, which helps prevent attackers from stealing a device's TLS private keys, spoofing legitimate devices, or lying about a device's properties. The device--the feature, sorry, is designed with zero trust principles in mind. Managed Device Attestation cryptographically validates that a device is a legitimate Apple device and is a legitimate device for that specific institution.

And next, we'll talk about accessory security. macOS aims to protect our customers from close access attacks. Supported on Macs with Apple silicon, the default configuration asks the user to allow new Thunderbolt or USB accessories, even when they're unlocked. Now, an approved accessory can stay connected to a locked Mac for up to three days.

But if you attach an unknown accessory to a locked Mac, it will prompt you to unlock and approve. Now, that's an overview of what's new for IT. You can quickly add Mac, iPhone, iPad to your organization with Apple Configurator to streamline your deployments. We have new identity integrations with Platform SSO, federated authentication support for Google Workspace, User Enrollment SSO, and Managed Apple ID support for Sign in with Apple.

And plus, new security features with Managed Device Attestation, software update enhancements, and Rapid Security Response to keep devices up to date. As a reminder, here are some of the resources that we've tried our best to maintain and keep available to you. The Apple Platform Deployment reference is a technical document covering topics we discussed today in much more detail and much more eloquently than I was able to, as well as supporting information about infrastructure and services integrations for deployment of all Apple products and services.

The Apple Platform Security documentation provides security information about software, hardware, and services across Apple platforms. And finally, there are, of course, user guides for Apple School Manager and Business Manager, very near and dear to my heart, to help you navigate everything you need to manage your devices, purchase apps, and create Managed Apple IDs. Thanks again for your attention today, guys, and we hope you have a great week.

2022-12-05 19:16

Show Video

Other news