Systems Management
Apple WWDC25: Device-Management and Identity Changes Every IT Admin Should Know
Topics: Systems Management
There are a lot of great sessions at this year’s WWDC25 event. However, the session on Apple Device Management & Identity really caught my eye. If you missed it, I’ll summarize the key announcements and discuss their potential integration into Microsoft Intune or other MDM platforms. If you don’t know, WWDC25 is Apple’s event focused on their new releases.
This breakdown will be divided into four sections: services, device management, app management, and identity integrations.
Disclaimer: When referencing these options, they might not currently be available to current users without the proper updates in place from Apple.
Quick icebreaker: what did you think of the new Liquid Glass UI? Message me here.
New Cloud Services for Managed Apple IDs
Apple will now let admins download a report showing where managed Apple IDs have signed in to Apple web services. You can communicate with end users to update their accounts, allowing you as an IT administrator to manage those accounts effectively.
App Notarization will be used to ensure only managed Apple IDs are used to login to work devices.
Deeper Device Inventory Visibility
Admins can now view cellular IMEI and EID values, release details (who released a device and when), and the Wi-Fi MAC address for iPhone and iPad.
AppleCare coverage details now appear in Apple Business Manager (ABM) and Apple School Manager (ASM).
ABM and ASM will have APIs for your organization, so you can query information about your devices. You can create an API account inside of ABM/ASM.
Enroll Apple Vision Pro with Apple Configurator
Looking to move away from your old MDM provider to a new one? Device Management migration within ABM/ASM will help reassign devices to a new device management service, and you can also set a deadline. Once the deadline hits, end users receive a notification and are guided through the process to transition to the new management service. This allows you to switch from MDM A to MDM B without requiring factory resets. Consider making the leap to Intune—they are doing great things there!
Device Management Enhancements
Declarative Device Management updates are coming to visionOS and tvOS. If anyone has a Vision Pro headset I could borrow, let me know!
Older software update management is deprecated. It will continue to work for now but will be removed in a future release. Goodbye, old friend, inside of Microsoft Intune. Look at Software Updates with Declarative Device Management; they’ll blow you away at their speed and reliability!
Safari settings—managed bookmarks and home page—are now configurable through Declarative Device Management.
App Management Controls
iOS/iPadOS management
For mission-critical apps, you can now manage update behavior per app. IT admins have control to:
- Enforce or disable automatic updates
- Pin specific app versions
- Monitor update progress via status channel
macOS app management
You can now deploy App Store apps and custom packages through Declarative Device Management.
Both apps and packages can be deployed as required or optional.
Identity and Access Integrations
Platform SSO registration now happens in Setup Assistant during automated device enrollment. We can set up platform SSO with Microsoft Intune, but users must log in and fetch the required registration option on our macOS devices. I’m excited about this feature!
Tap to Log In lets frontline workers unlock a Mac by tapping their iPhone or Apple Watch (an external NFC reader is required).
Conclusion
I’m excited to see these features adopted within Microsoft Intune because they will truly help streamline operations and enhance the end-user experience while keeping security at the forefront. The one I’m particularly looking forward to is setting up platform SSO during the setup assistant screen for end users. Which announcement are you most excited about?
For macOS 3rd party app management and support, check out Application Workspace!
