what's new for enterprise in macOS Sequoia?

In macOS Sequoia, several new features and updates have been introduced for enterprise management:

1. Disk Management Configuration: IT admins can now manage external and network storage more effectively. They can choose to allow or disallow external or network storage altogether or limit mounting to read-only volumes. This new configuration replaces the deprecated media management payload.

2. Platform Single Sign-On (SSO): Developers can build SSO extensions that extend to the macOS login window, allowing users to synchronize local account credentials with an identity provider (IDP). This year, the capabilities of platform SSO have been expanded to leverage information from the IDP in more places, including unlocking FileVault and requiring IDP authentication across the FileVault login window and lock screen.

3. Activation Lock Features: New features make it easier to recover organization devices that have had activation lock inadvertently left on, whether enabled by the MDM or the user.

4. Software Update Controls: IT teams can implement a phased rollout starting from the very first beta. They also have the ability to manage and enable Safari extensions directly from MDM, allowing customization of Safari for the organization right out of the box.

5. MDM Enhancements: Updates to EnvisionnOS 2.0 bring important MDM commands, payloads, declarations, and restrictions to Apple Vision Pro. Additionally, there are new MDM commands like device lock and various settings sub-commands, and popular restrictions such as managed open-in restrictions and account modification.

For more detailed information, you can refer to the session What’s new in device management (16:22).