What's new for managing MacOS at organization?

At WWDC, Apple introduced several new features for managing macOS in organizations. Here are some of the key updates:

1. Activation Lock Management: Organizations can now turn off activation lock on Macs, even if it was enabled by a user with their personal Apple account before the Mac was enrolled in MDM. This is particularly useful for recovering organization devices that have had activation lock inadvertently left on.

2. Software Update Controls: New software update settings configuration replaces legacy MDM software update management commands, profiles, and restrictions. This allows IT teams to manage all aspects of software updates on supervised devices with macOS 15 or later, including phased rollouts starting from the first beta.

3. Safari Management: IT teams can now manage Safari extensions directly from MDM, allowing for customization of Safari for organizational use right out of the box.

4. Disk Management Configuration: A new disk management configuration allows IT admins to manage external and network storage, including options to disallow or limit mounting to read-only volumes.

5. Declarative Device Management: The transition to declarative device management is complete, and older software update management using MDM is deprecated. This includes managing Safari settings and bookmarks through a new declarative configuration.

6. Identity and Account Management: Organizations can prevent personal Apple accounts from being signed into organizationally owned devices, ensuring that only work accounts are used on work devices. This includes federated authentication and domain locking to block personal account creation.

For more detailed information, you can refer to the session What’s new in device management (07:05) and What’s new in Apple device management and identity (08:04).