WWDC 2018 has concluded and with it the anticipated announcement of iOS 12, macOS 10.14, and tvOS 12. This page will be the hub for preparing your devices and users for these updates as well as any further changes that may get announced until their expected general availability in Fall 2018. A lot of these updates were announced during the What’s New in Managing Apple Devices Session. For information regarding general features announced at WWDC, please review our summary from the different sessions on our public blog.
Please subscribe to this page to get notified for all changes made so your VMware Workspace ONE environments are ready for these updates.
As of June 4th, all initial beta downloads are available for Apple developers. It is highly encouraged to install these betas on several devices for each platform and test your organizations unique use cases in your VMware Workspace ONE UEM environments. It is also recommended to review the Release Notes for each release to be aware of any known issues with these platform betas. Our teams will be testing our applications and supported versions against these betas as well and provide updates for Known and Resolved Issues on this page.
Last year, Apple announced the updates that came to Apple School Manager for adding locations to VPP purchaser accounts. This year this same capability is available to the full enterprise with the release of Apple Business Manager. This is a new portal for managing your DEP and VPP accounts in a single view. Just like its support for Apple School Manager, VMware already supports Apple Business Manager and all accounts migrated will continue to function as expected. Please reference the knowledge base article here to use recommended practices when migrating to ensure optimal setup of your accounts.
Additional Resources and Known Issues
- Migrating VPP Accounts to Locations Best Practices
- VMware Supports Apple Business Manager
- Recommended Migration from macOS Device Profile Dock Payloads to User Profile
- VPN App Support for Apple Fall OS Release
- End of General Support for Legacy AirWatch Tunnel for iOS
- Ensuring your SDK applications have the latest Compromised Protection updates
- Apple Business Manager or Apple School Manager might require customer action with iOS 12
- ISDK-172497: iOS 12 Devices incorrectly reported as compromised during wired backup
- Tunnel Proxy compatibility patch for upcoming Apple devices
- Update: Compatibility patch for upcoming Apple devices
- AAPP-5931: Device Wipe fails in environments with Advanced Remote Management enabled and the new hardware compatibility patch applied
New iOS 12 features are available as part of the latest Workspace ONE UEM Console 9.7 release. Further information can be found in the release notes here. In addition, the latest seed script for iOS 12 can be found here.
The first is with SMIME encryption for Exchange and Email payloads. This is new collection of keys to provide enhanced customization options for the native mail client. Some of these keys are replacements to existing keys. It is important to know that no keys previously released will break on iOS 12 devices so existing profiles will continue to function. If both the legacy key and the new key are sent down to the same configuration on an iOS 12 device, the mail client will use the new key’s value and ignore the legacy key.
Modern Auth for Native Mail
Another change to the Exchange payload is to allow the option to specify the connection to use OAuth for authentication to the mail server. If this is enabled, do not specify a password to use.
The second update is with the Notifications payload to provide the option to hide notifications in CarPlay or disallow critical notifications to ignore Do Not Disturb and ringer settings.
As is customary, there were several new restrictions announced this year for iOS 12. The first prevents users from editing the Date & Time settings so that the date and time is always set automatically based on location. It is important to note that the date and time can only be set automatically if the device has access to cellular data or Wi-Fi with location enabled). Also, there were restrictions added around allowing password sharing, auto filling passwords, and requiring authentication prior to a password share.
DEP Skip Screens
There is also an additional key for skipping Setup Assistant screens for iMessage and FaceTime. Upon support for this key, be sure to enable skipping this screen during setup.
Another change to iOS 12 is that FTP and File URL schemes for Proxy Automatic Configuration (PAC) are deprecated. HTTP and HTTPS are the only supported URL schemes for PAC. This includes PAC URLs configured by a user in Settings, or by a configuration profile.
User Data Privacy Protections
MacOS 10.14 brings improved security and transparency for the end-user. In the past, applications or processes could potentially access sensitive data without the user being aware. Mojave has new MDM controls to enable IT to embrace the added security for end-users, but also enable approved corporate apps to run without interruption. The AirWatch Agent will need to be whitelisted with this new MDM control to continue functioning on 10.14 without interruption. Refer to the knowledge base article here for additional information.
Consistent DEP onboarding experience
macOS 10.14 or macOS Mojave is expected to provide a more iOS-like enrollment approach especially for devices that are part of DEP. Please monitor this page for updates regarding this change as more information is uncovered.
Restrictions & Modern Auth for Native Mail
It’s great to see parity with configuration options with iOS, where macOS also the gets the ability to can force the managed account to authenticate with OAuth as well as the password autofill restrictions with macOS 10.14
Managed Software Updates
tvOS 12 continues Apple’s trend of adding existing iOS functionality into the tvOS platform. With tvOS 12, devices can now be updated using the scheduleOSUpdate command implemented for iOS and macOS. It appears that with the initial beta that the new capability to target a specific OS version to upgrade a device to is not available. This means sending a scheduleOSUpdate command will update the device to the latest supported version. As a reminder, the defer OS update restriction to hide updates from a user for up to 90 days is not supported on tvOS.
VPP for tvOS
Also, with tvOS 12, there is support for the installation of VPP apps. It is expected that this will include all current device & user based VPP functionality currently on iOS. Please check the VMware release notes for when this will be available.
Certificate Authority Supportability Updates
Apple has announced a few changes regarding its trust of some Certificate Authorities (CA) coming as part of their Fall releases. The first is with Symantec CAs scheduled to partially fall out of trust on August 1st with full distrust potentially coming in Fall 2018.
The second is the Federal Common Policy Root CA has been removed from the iOS Trust Store as of iOS 12 beta 3. Organizations which require the Federal Common Policy Root CA can distribute it in a profile payload.
Please review Apple's knowledge base article here for additional information.
Support Contact Information
The VMware Workspace ONE Team
Other Languages: 日本語