What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

Similar documents
What s New in Device Configuration, Deployment, and Management

Integration with Apple Configurator 2. VMware Workspace ONE UEM 1902

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

Managing Devices and Corporate Data on ios

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

VMware Workspace ONE UEM Integration with Apple School Manager

Apple OS Deployment Guide for the Enterprise

Deploying ipad to Patients

Deploying ipad to Patients Setup Guide

ipad in Business Mobile Device Management

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Apple Business Manager Beta Help v1.0

VMware AirWatch ios Platform Guide Deploying and managing ios devices. Workspace ONE UEM v9.4

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Index. Guy Hart-Davis 2017 G. Hart-Davis, Deploying ipads in the Classroom,

VMware AirWatch ios Platform Guide Deploying and managing ios devices

Functionality Restriction Settings for ios

VMware Workspace ONE UEM ios Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

ios Deployment Overview for Enterprise

Mobile Device Management 101. Get more out of ipad in Education

ipad in Business Security Overview

Apple TV Management. Moving education forward

!!! ipad Support Training Student Workbook

Casper Suite Release Notes. Version

Mobile Device Management. Get more out of ipad and iphone in higher education

Systems Manager Cloud-Based Enterprise Mobility Management

Systems Manager. Endpoint Management

ios Supervised Devices

Building a BYOD Program Using Jamf Pro. Technical Paper Jamf Pro or Later 2 February 2018

ios Deployment Reference

Systems Manager. Overview. Multi-platform Enterprise Mobility Management. Datasheet Systems Manager

Apple TV Management. Moving higher education forward

Systems Manager. Overview. Multi-platform Enterprise Mobility Management. Datasheet Systems Manager

TPS ISS ipad Setup Process. Setup your mobile Device

Dell Management Portal. Apple Device Enrollment Program

QuickStart Guide for Managing Mobile Devices. Version

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

COPYRIGHTED MATERIAL. chapter 1. How Do I Configure My iphone? 2

Release Notes and Advisories Guide. BlackBerry UEM Version 12.7 and all maintenance releases

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Casper Suite Release Notes. Version 9.6

Casper Suite Release Notes. Version

ipad in Business Deployment Scenarios and Device Configuration Overview April 2010 Microsoft Exchange IMAP, CalDAV, and LDAP

Getting to know your ipad exploring the settings, App store, Mail

IPHONE DEP REGISTRATION... 4 IPHONE DEP REGISTRATION... 3

QuickStart Guide for Mobile Device Management. Version 8.7

VMware AirWatch Symbian Platform Guide Deploying and managing Symbian devices

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

VMware AirWatch Express Guide Managing your organization's mobile devices

IOS Device Setup for MDM

Default Policy Settings

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

QuickStart Guide for Managing Computers. Version

Frequently Asked Questions

Apple Device Management

Supporting ios Devices

Dolby Conference Phone 3.1 configuration guide for West

VMware AirWatch Express Guide Managing your organization's mobile devices

Zuludesk implementation. This document will guide you to configure your ipads using Zuludesk and Apple School Manager.

VMware AirWatch Express Documentation. VMware Workspace ONE UEM 1810

AirWatch Express. VMware Workspace ONE UEM 1902

AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS AN ARUBA AIRGROUP SOLUTION GUIDE

Supporting Apple ios Devices

Table of Contents. VMware AirWatch: Technology Partner Integration

Jamf Pro Release Notes. Version

Table of Contents HOL-1757-MBL-6

VMware AirWatch: Directory and Certificate Authority

ipad in Business Deployment Scenarios November 2010 Microsoft Exchange ActiveSync Standards-Based Services Virtual Private Networks

Parallels Mac Management for Microsoft SCCM. Deployment Guide and Pre-Install Checklist. v6.1

Deployment Scenarios June Microsoft Exchange ActiveSync. Standards-based Servers. Virtual Private Networks. Digital Certificates

Table of Contents... ii. GO AHEAD BRING YOUR OWN DEVICE TO WORK... 1 Requirements... 1

Go Ahead Bring Your Own Device to Work... 1 Requirements... 1

2017 NMUG CLASSES MANAGING THE IPHONE AND IPAD IN IOS 10

AirWatch Container. VMware Workspace ONE UEM

QuickStart Guide for Managing Computers. Version

Mobile Device Support. Jeff Dove February

Citrix SSO for Mac OS X. User Guide

Mobility Manager 9.5. Users Guide

The purpose of this document is to help you to get started with your ipad to access Lilly resources such as , calendar, Lilly apps and more.

MobileIron Cloud R39

Deploying. Mac. Five best practices

9L0-412 Q&As. OS X Support Essentials 10.8 Exam. Pass Apple 9L0-412 Exam with 100% Guarantee

ios 9.3 ipads & iphones What you need to know! Jere Minich, APCUG Advisor, Region 5 Program Chair, Lake-Sumter Computer Society

Apple ios Enterprise Mobility Management (cloud based)

VMware AirWatch Tizen Guide

Vodafone Secure Device Manager Administration User Guide

A COMPREHENSIVE GUIDE. Mac Management FOR BEGINNERS

Parallels Remote Application Server

Index. Symbols. 24-hour clock, enabling/disabling,

icloud History & Services Dr. Leon Chapman

IBM MaaS360 with Watson Evaluator s Guide. Version 2.2

Policy Rules: ios Device. Device Features Applications Safari Browser Ratings. Security. icloud. Management. Supervised Mode. Policy Rules: TouchDown

Cisco CTL Client Setup

Supervised only configuration Profile Key Reference

Xperia TM. in Business. Product overview. Read about the enterprise policies and features supported in Xperia devices. March 2018

ios 12 beta Release Notes

Mac Five reasons to offer OS X now

Transcription:

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services September 2017

Introduction This document is a summary of what s new in ios 11, macos High Sierra 10.13, and tvos 11 for IT system administrators. It complements the ios Deployment Reference and the macos Deployment Reference to help you understand the key technologies for deploying devices at scale and providing an optimal experience for your users. It provides information about recent updates that enhance deploying and supporting iphone, ipad, ipod touch, Apple TV, and Mac computers in a large-scale organization such as an enterprise or education institution. This guide covers the following topics: Networking Device Enrollment Configuration and Management Apple School Manager Apple Apps and Tools Learn more about Apple device deployment at: https://www.apple.com/support/business-education/ What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 2

Networking The following updates optimize how Apple devices and apps run within a network infrastructure. Wi-Fi QoS for macos The fast lane can now be applied to macos apps by IT administrators, allowing them to be prioritized for optimal performance on Cisco networks. Networking APIs New APIs allow networking solution developers to get performance insight and reporting from ios devices as they join and roam on Wi-Fi networks. Collaboration Tap to join Conference URLs are now added to the ios Calendar event schema so users can simply tap to join Cisco Spark or Cisco WebEx voice calls and video meetings directly from the event window in Calendar (and Notifications). WebRTC for Safari Safari now supports Web Real-Time Communication (WebRTC) protocols and APIs. This enables developers to create clientless solutions for web meetings and other collaboration solutions in Safari on Mac. ReplayKit Share what s on a user s ios screen with another user via video collaboration apps such as Cisco Spark and Cisco WebEx. Live stream what s on a user s ios screen from any app that supports ReplayKit. Security Content filtering APIs New APIs in ios 11 build on content filtering functionality first introduced in ios 8 to enable greater visibility of file and data used across ios devices and apps. General DNS settings DNS settings on supervised ios devices can now be configured to allow apps to verify URLs with the content filter prior to the connection being made. App trust or site trust mismatches will be stopped. S/MIME Users now have the ability to manage separate defaults independently for S/MIME signing and encrypting. This is supported for all mail accounts, not just Exchange. Modern Authentication ios 11 now supports Office 365 modern authentication, which is based on Active Directory Authentication Library (ADAL), leveraging the Open Authorization 2 (OAuth 2) standard and Multi-Factor Authentication. What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 3

Active Directory support macos High Sierra 10.13 requires a domain functional level of 2008 or greater when binding to Active Directory. Encryption Trust for SHA-1 signed certs has been removed for all TLS connections in ios 11, macos High Sierra 10.13, and tvos 11. Trust for certs using RSA key sizes smaller than 2048 bits has been removed across all TLS connections to servers in ios 11, macos High Sierra 10.13, and tvos 11. The default version of TLS used for EAP-TLS negotiation in ios 11, macos High Sierra 10.13, and tvos 11 is TLS v1.2. This can be changed using a configuration profile. What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 4

Device Enrollment The following enhancements are available to Apple devices using Apple School Manager and the Device Enrollment Program (DEP). Adding devices to Apple School Manager or DEP You can now add ios and tvos devices to Apple School Manager or DEP using Apple Configurator 2.5, even if they were not purchased directly from Apple, an Apple-authorized retailer or an authorized cellular carrier. When you set up a device that has been manually enrolled, it will behave like any other enrolled device, with mandatory supervision and mobile device management (MDM) enrollment. However, the user has a 30-day provisional period to remove the device from enrollment, supervision, and MDM. tvos capabilities tvos adds new device management capabilities that allow you to configure Apple TV for use in many common education and enterprise scenarios from a dedicated classroom or conference room AirPlay destination to kiosks running custom apps in Single App Mode. Device enrollment tvos devices can be enrolled in MDM using Apple School Manager or DEP. This includes the ability to supervise Apple TV and skip some or all of the tvos Setup Assistant panes. Zero-touch setup Apple School Manager and DEP make it possible to enroll Apple TV in MDM and fully configure it by simply plugging in power and an Ethernet connection. If Apple School Manager or DEP settings have already been configured for that specific Apple TV, it powers up and enrolls in MDM without any user input. This allows MDM commands to set its name, install enterprise apps, and install configuration profiles to fully configure Apple TV. Supervision tvos devices can now be supervised using Apple School Manager, DEP, or Apple Configurator 2. Some settings and commands require supervision. Deprecated enrollment settings While existing enrollment settings are not changed, in the future all ios and Apple TV devices added to Apple School Manager or DEP will be supervised with mandatory MDM enrollment. The following settings will be rejected, and have been deprecated: Optional MDM enrollment Preparing unsupervised devices What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 5

Configuration and Management The following updates add new device management capabilities to Apple devices. NOTE: Support for the DES algorithm has been deprecated in the SCEP payload in ios 11, macos High Sierra 10.13, and tvos 11. ios ios Payloads Cellular payload (ios 10.3) You can set the protocol to IPv4, IPv6, or both for the following: Voice protocol Default data protocol Roaming data protocol DNS Proxy payload Supervised only (ios 11) Automatically identifies the app and DNS provider that have a proxy network extension. IKEv2 configurations in the VPN payload (ios 11) Allows you to set the minimum and maximum TLS version (1.0, 1.1, 1.2) for IKEv2 connections. ios Restrictions The following restrictions can be enabled to allow or restrict the use of some features: Manual creation of virtual private networks (VPNs) (ios 11) Remove system apps (ios 11) AirPrint (ios 11) AirPrint discovery with ibeacon (ios 11) AirPrint saving authentication credentials to Keychain (ios 11) Force AirPrint to require a trusted TLS certificate (ios 11) Supervised only Dictation (ios 10.3) You can force a device to use only the Wi-Fi networks you specify in the Wi-Fi payload (ios 10.3) The above restriction now excludes Wi-Fi networks in carrier payloads (ios 11) Allow a teacher to observe a student s screen in Classroom when a student joins a class (ios 10.3) Allow a teacher to lock an app open in Classroom when a student joins a class (ios 11) Allow a teacher to perform actions in Classroom when a student joins a class (ios 11) What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 6

Supervised only in 2018 Some restrictions that were previously available to all managed devices will be available only on supervised devices in 2018: App installation App removal FaceTime Safari itunes Explicit content Multiplayer gaming Add Game Center friends icloud documents and data ios Command and queries ios Check if the ios device is network tethered (ios 10.3) Erase device now provides an option to preserve data plan for Apple SIM devices (ios 11) ios Supervised only Perform an ios update on passcode-locked devices without removing the passcode (ios 10.3) Play Lost Mode sound on an ios device (ios 10.3) Restart an ios device (ios 10.3) Shut down an ios device (ios 10.3) macos macos Payloads Smart card (macos 10.12.4) Allows you to set which smart cards to be paired. Includes certificate check and defining the number of smart cards per user. System migration (macos 10.12.4) Allows you to set if the user can specify additional custom paths, which should also be copied when migrating from a Windows PC. Security and privacy payload (macos 10.13) Updated FileVault escrow personal recovery key for APFS. You can enforce new password requirements when the screen is locked. Network payload (macos 10.13) You can configure Ethernet connection settings based on status: first, second, first active, second active, etc. Extensions payload (macos 10.13) Allow or deny extensions and extension points. IKEv2 configurations in the VPN payload (macos 10.13) Allows you to set the minimum and maximum TLS version (1.0, 1.1, 1.2) for IKEv2 connections. What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 7

macos Restrictions The following restrictions can be enabled to allow or restrict the use of some features: macos 10.12.4 icloud Mail, Contacts, Calendars, Reminders, Bookmarks, Notes (granular for each) Touch ID to unlock the screen icloud desktop and documents macos High Sierra 10.13 Content caching User can set lock message Diagnostics sent to Apple Safari AutoFill Dictation AirDrop User can modify their password Delay software update notification Game Center Multiplayer games Add Game Center friends macos Commands and queries Delay OS update for DEP-enrolled devices List users Unlock user Delete user Set Firmware password* Verify Firmware password Query Firmware password Query active extensions Query for available OS updates Restart Shut down *NOTE: If you want to update the firmware password on a device that already has one set, you ll need to provide the current password. What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 8

tvos tvos Payloads General settings (tvos 10) You use the General payload to define the name and identifier of a profile, and to specify when the user can remove the profile after it is installed. Certificates (tvos 10) You use the Certificates payload to add certificates and identities to the device. Network (tvos 10) You use the Network payload to configure network settings on Apple TV. SCEP (tvos 10) You use the SCEP payload to specify settings that allow the device to obtain certificates from a certificate authority (CA) using the Simple Certificate Enrollment Protocol (SCEP). Global HTTP Proxy Supervised only (tvos 10.2) Use the Global HTTP Proxy payload to specify a proxy for all HTTP traffic to and from the device. If you choose Manual proxy type, you need the proxy server address including its port, and optionally a user name and password for logging in to the proxy server. If you choose Auto proxy type, you can enter a proxy auto-configuration (PAC) URL. Single App Mode Supervised only (tvos 10.2) Use the Single App Mode payload to specify a single app that can be used on an Apple TV. Conference Room Display (tvos 10.2) Use the Conference Room Display payload to force a supported Apple TV into Conference Room Display mode. You can also include an optional message that is displayed onscreen. To undo a change to these settings, remove the profile from the device. AirPlay (tvos 11) Require first-time passcode, passcode, or password for AirPlay. App configuration (tvos 11) Use the App Configuration payload to provide managed app settings. Home Screen layout Supervised only (tvos 11) Use the Home Screen layout payload to configure the Home Screen layout of Apple TV. tvos Restrictions The following restrictions can be enabled to allow or restrict the use of some features: Require AirPlay passcode on first use (tvos 10.2) Supervised only Pair with ios Remote app (tvos 10.2) Modify name of Apple TV (tvos 10.2) AirPlay security passcode (tvos 11) Restrict app usage allows any apps to be placed in an approved list or in a disapproved list (tvos 11) What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 9

tvos Commands Install enterprise tvos apps via MDM (tvos 10.2) Erase (tvos 10.2) Restart (tvos 10.2) Device enrollment updates The following Setup Assistant screens can now be skipped. ios 11 Keyboard chooser Apple Watch migration tvos 11 Sign in to TV provider Set up with your ios device Certificate pinning MDM enrollment payloads can now include an approved list of trusted certificates for communication with the MDM solution. NOTE: Check with your MDM vendor to ensure that this feature is supported. Certificate trust Partial trust Partial trust of certificates was introduced in ios 10.3. MDM vendors certificates were trusted for all communications except SSL. Additionally, if the certificate was installed manually, only partial trust was enabled. The user had to manually enable full trust. Full trust If a certificate is automatically installed from a payload from an MDM vendor or installed using Apple Configurator 2, that certificate is fully trusted. If the certificate is manually installed by a profile that also contains an MDM enrollment payload, the certificate is also given full trust. The certificate payload should be in the MDM enrollment profile to remove the step of manually trusting the certificate. What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 10

Apple School Manager The following are updates to Apple School Manager, a simple web-based portal for IT administrators to manage people, devices, and content all from one place. New features Streamlined design and new user interface New activity view to log all your actions Ability to set initial temporary passwords for all Student Managed Apple IDs Support for PowerSchool (9.0 or later) New filter and search for location, classes, and accounts Ability to delete unused and inactive accounts Enhancements Increased support for up to five Administrator accounts Better error handling of activity logs via crash reporter Change your user profile under settings Export account sign-ins via PDF or CSV Password reset emails and PDFs are now localized Apply Managed Apple ID format changes to existing users Managed Apple ID format can now include a user s SIS username Ability to bulk update of Apple ID formats Emails now support mobile devices View Apple School Manager release notes: https://support.apple.com/en-us/ht207191 What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 11

Apple Apps and Tools The following updates increase the functionality of Apple devices and how they work with Classroom, Shared ipad, Apple Configurator, Profile Manager, and Content Caching. Classroom Updates Teachers can create classes without requiring any configuration via MDM (2.0). Teachers and students can share documents and URLs with each other (2.0). Teachers can mute student devices (2.0). Using the three new restrictions listed above, schools can get most of the behavior of IT-created classes for teacher-created classes on supervised student devices (2.1). Student activity view presented to teacher at conclusion of each class session (2.1). Classes Teacher-created classes allow students to control which Classroom features the teacher can use without prompting the student each time. Shared ipad Restore user quota After updating to ios 10.3 or later, you can restore user quota management in one of these ways: Delete all existing user caches from the ipad. Erase the device and reconfigure it as Shared ipad. Apple Configurator 2.5 Apple Configurator 2.5 supports all of the ios and tvos payload and restrictions updates shown in the Configuration and Management section of this document. Add through device enrollment Allows you to add ios devices and Apple TV that you have in your possession to Apple School Manager or DEP. Network pairing Use Apple Configurator 2.5 on macos High Sierra 10.13 to connect to Apple TV running tvos 11 over your network. Profile Manager Profile Manager supports all of the ios, macos, and tvos payload and restrictions updates shown in the Configuration and Management section of this document. What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 12

Content Caching The caching service is now built into macos High Sierra 10.13 and configured in the Sharing pane of System Preferences, with all of the previous caching service settings available. A new feature, called Parents, allows you to select a Mac that will serve all of its cached content to your Mac. For example, if you have a district office, you could make an imac your parent for the caching service. Locations throughout the city could use the district office as their parent caching service, allowing potential updates to flow from the district office to each location. Parents can also host other caching services, making tiered caching configuration possible. NOTE: Caching icloud content should not be done by a parent content caching service. Each location should cache their own icloud content. Tethered caching A tethered caching service is available in macos 10.12.4 or later. This service allows Mac to share its Internet connection with many ios devices connected via USB and cache-specific types of content as they are installed on each connected device. How it works Content is downloaded once to the Mac and cached before it is delivered over USB to each of the connected ios devices for installation. This can save time, local Wi-Fi, and bandwidth when using a cart or USB hub and updating several devices at once as compared with each device updating individually over Wi-Fi. It is particularly useful for installing many large apps while preparing devices for the beginning of a semester or new school year. Depending on your Internet connection, caching content may take some time. The following are required for the tethered caching service in macos 10.12.4 or 10.12.5: Running the command to enable the service requires administrator privileges. All ios devices must have ios 10.3 or later installed. Mac must have macos 10.12.4 or later installed. Mac must be connected to the Internet via Ethernet and have Wi-Fi turned off. A portable Mac should be plugged into a power source, because the tethered caching service prevents it from going to sleep. The following are required for the tethered caching service in macos 10.13: Enable share Internet connection in the Content Caching pane of the Sharing pane in System Preferences. All ios devices must have ios 10.3 or later installed. Mac must have macos High Sierra 10.13 or later installed. Mac must be connected to the Internet via Ethernet or Wi-Fi. A portable Mac should be plugged into a power source, because the tethered caching service prevents it from going to sleep. 2017 Apple Inc. All rights reserved. Apple, the Apple logo, AirDrop, AirPlay, AirPrint, Apple TV, Apple Watch, FaceTime, FileVault, imac, ipad, iphone, ipod touch, itunes, Keychain, Mac, macos, Safari, and Touch ID are trademarks of Apple Inc., registered in the U.S. and other countries. ibeacon and tvos are trademarks of Apple Inc. icloud is a service mark of Apple Inc., registered in the U.S. and other countries. IOS is a trademark or registered trademark of Cisco in the U.S. and other countries and is used under license. Other product and company names mentioned herein may be trademarks of their respective companies. Product specifications are subject to change without notice. This material is provided for information purposes only; Apple assumes no liability related to its use. The Apple Software and services provided hereunder are pre-release versions that may be incomplete and may contain inaccuracies or errors that could cause failures or loss of data. September 2017 What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11 September 2017 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback