What’s new in managing iOS 11

James RidsdaleApple, Deployment, iOS, Management

Every year iOS is updated and comprises new features and adjustments to the way you manage iOS devices. Here is a summary of the changes in iOS 11.

Device Enrollment Program

One of the biggest changes this time around is within the Device Enrolment Program (DEP). If you are not familiar with DEP, it is a program run by Apple where institutionally owned devices (both for business and education) can be automatically enrolled into your Mobile Device Management (MDM) solution out of the box. As soon as a user turns on a new device and joins a network, it automatically enrols into your MDM.

Until now, DEP has only been available for devices bought through an Apple authorised  reseller or Apple directly.

If a device was purchased through a non-DEP channel, you were out of luck, there was no way to get that device into DEP.

Thanks to iOS 11 this will change. Using a new version of Apple Configurator, you will be able to add devices to your DEP account yourself.

There are a couple of things to note with this new method:

  • All devices added this way will be supervised
  • MDM will be mandatory
  • When a device is added, there will be a 30 day provisional period. Throughout this provisional period, the lock screen and setup assistant will indicate the device is in the 30 day period, during which the user has the option to remove it from DEP. If they do, the device will be erased. If they choose not to remove it and the 30 days have lapsed, the device will be locked to the DEP account and the user will not be able to alter that.

Another change to DEP relates to supervision and MDM which, before now, have always been optional, meaning a device did not need to be supervised or managed. In future, all DEP enrolled devices will need to be supervised and MDM enrolment will be mandatory.

Volume Purchase Program with Apple School Manager

The Volume Purchase Program or VPP is another initiative from Apple which allows businesses and schools to buy books and apps in large quantities and distribute them to their end users.

A few changes are afoot for this program in with relation to Apple School Manager.

Currently, if a school is using Apple School Manager, they have to visit another web portal to buy their apps and books. By the end of the year, this will be rolled into Apple School Manager.

Another great feature coming to Apple School Manager and VPP is the concept of locations.

At the moment, an app purchase is tied to a specific VPP account. If you have multiple VPP accounts for various departments, such as multiple schools under one Academy Trust, each one has to be added to a specific MDM server for it to gain access to those licenses and each VPP account can only be added to one server. This is carried out using tokens. Each VPP account has a single token which then needs to be uploaded to a specific server.

With the update we will get the concept of locations meaning multiple VPP accounts will be able to buy and assign content to locations instead. Only one token will be required for each location, which will then be shared between the different VPP accounts. Subsequently, any associated VPP account will be able to buy and assign apps to any location.

For multiple locations you will also be able to transfer licenses between locations.

Management Changes

Here is a list of some of the new management features coming to iOS 11:

  • The ability to prevent system app removal by users
  • For supervised devices, the ability to stop users creating Virtual Private Network (VPN) configurations
  • For AirPrint, new options have been added including the ability to set custom ports and additional security features. You can also now disable iBeacon discovery of printers and block access to credentials for printers in Keychain. Finally, you can disable AirPrint completely.
  • Some restrictions are currently available for non-supervised devices, however, from a yet-to-be-announced date in 2018, if you want to restrict the following features, the device will need to be supervised:
    • App installation
    • App removal
    • FaceTime
    • Safari
    • iTunes
    • Explicit content
    • iCloud documents and data
    • Multiplayer gaming
    • Adding GameCenter friends