Every year, veteran tech journalist Jason Snell asks a panel of Apple experts to assess the company’s product performance over the preceding 12 months. He then publishes a “report card” based on those responses on his Six Colors blog. (Here’s the 2020 edition.)
We’ve always been big fans of Jason’s work and thought it’d be interesting if he could do something similar that focused exclusively on Apple’s moves in the enterprise market. He was game, so Kandji commissioned the report and then stood back to let him do his work.
He posted the results—“Apple in the Enterprise: A 2021 report card”—in early June. It was a great snapshot of the issues that matter most to Mac admins: Service and support for enterprise customers; hardware and software innovation and reliability; security and privacy; identity management; the MDM protocol; and more.
Jason’s report came out just before Apple convened its 2021 Worldwide Developers Conference (WWDC). Now that we’ve had a few weeks to digest the news that emerged from that conference, we wanted to take a look at Apple’s enterprise announcements from WWDC, to see how they align with the issues raised in the Six Colors survey.
Hardware, Security, and Privacy
In that report card, Apple earned its best marks for “Hardware Reliability and Innovation” and “Security and Privacy.” Survey respondents particularly praised the ongoing rollout of Mac computers with Apple silicon, using words like “fantastic” and “freaking amazing.” They also cheered 2020’s reintroduction of ‘regular’ (i.e. not “butterfly-switch”) keyboards. Apple made no hardware announcements at WWDC that might have upset (or improved) those positive vibes.
The company also received praise in the survey for its user-centric approach to privacy and security—even when that approach makes life trickier for IT admins. As one fair-minded respondent put it, “The protection and comfort this provides our end user continues to be worth the tradeoff.”
Apple continued to double down on privacy and security at WWDC, announcing things like:
- Privacy protection in Mail (which blocks the use of tracking pixels);
- Reports that show users how often apps access their location, photos, camera, microphone, or contacts;
- Processing Siri audio on the device itself (rather than sending it to the cloud); and
- A new iCloud+ service that includes Private Relay (which masks online activity) and Hide My Email (which lets users create random email addresses for use when they want to keep their actual address private).
A few WWDC announcements did specifically address privacy and security in the enterprise. For example, starting in macOS Monterey and iOS 15, Apple is making the security key API available in all apps, so users will be able to authenticate using a hardware dongle (or equivalent) instead of a password. Apple also previewed its support for a new security system—based on storing passkeys in iCloud Keychain—that could replace passwords.
Declarative Device Management
Apple spoke more directly to the enterprise market on other fronts at WWDC. Several of its announcements touched on issues raised in the Six Colors report.
First and foremost: the MDM protocol itself. Several survey respondents said it hasn’t always been as reliable as they might wish and that configuration profiles don’t work for some settings, forcing admins to fall back on scripting.
Apple had excellent news about MDM at WWDC: an evolution of the protocol that the company has dubbed declarative device management. The company devoted an entire session at the conference to it, and most everyone in the Mac admin community agrees that it’s a very big deal indeed. It will allow devices to take a more active role in their own management, loosening the imperative and reactive structure of today's MDM.
While this evolution of MDM will at first be available only on user-enrolled iOS devices, its signature features—including a new channel specifically for communicating about device status—will eventually find their way into the rest of the managed Apple ecosystem.
Managing Software Updates
Another issue the survey raised: Managing software updates. Several respondents reported that commands to download and install updates often failed or produced poor user experiences. Such complaints were certainly valid for managed devices under macOS 11.01 through 11.2; Apple seems to have improved things since then.
They could improve even more this fall. At WWDC, Apple announced several new tools that will give admins greater control over when and how software updates happen. Among other things, those tools will allow admins to defer major versions while installing necessary security updates.
Apple began deprecating kernel extensions (kexts) in favor of system extensions back in macOS Catalina. But the transition has not been hiccup-free. As one survey respondent wrote, “The processes...for the deployment and installation of legacy kernel extensions and the new system extensions are complicated and incomplete.”
It is in part a chicken-egg problem: Developers need to implement the new system extensions but they haven’t rushed to do so. (That's one reason the Mac apps for popular services such as Dropbox and Google Drive are still deficient.) Also, because of Apple’s privacy policies, user intervention is often required to implement new extensions. Normally, a user has to go to System Preferences, approve the extension, then restart; an MDM solution like Kandji can take care of the approval part, but a restart is still required.
At WWDC, Apple announced updates that should make system extensions easier to implement. macOS Monterey will introduce a new configuration key (RemovableSystemExtension) that will enable apps to deactivate their own system extensions when they’re being uninstalled—no admin password required. In macOS Big Sur, you had to reboot the computer to modify a kernel extension; in Monterey, there will be a management option to tell the Mac to rebuild its kernel extension cache on reboot. And MDM solutions will be able to show users a reboot notification, allowing for more graceful restarts.
Kandji is looking at all of Apple’s WWDC 2021 announcements to see how we can take advantage of the new technologies in evolving our own MDM solution. With innovation and iteration at the core of everything we do, Kandji is constantly striving to give admins more of what they need. With Kandji, you can be confident that your Apple fleet is in safe and secure hands, from deployment to retirement.