Apple WWDC 2020: The challenges IT must prepare for

The countdown is on for IT departments to prepare for iOS and iPadOS 14, macOS Big Sur and Macs running on Apple silicon.

wwdc 2020

With Apple’s first virtual Worldwide Developers Conference in the rearview mirror, the countdown is on for IT departments to prepare for iOS and iPadOS 14, macOS Big Sur and Macs running on Apple silicon.

Related: WWDC 2020: Why Apple must go virtual for this year's show

Let’s start with what might be the more challenging consideration Macs running on Apple’s ARM processors. This poses challenges for allocation of funds and procurement policy. Apple has been pretty explicit that Intel Macs aren’t being immediately abandoned and that the company still has some in its product pipeline. But with the overall timeline of the transition being about two years, this has to be a consideration.

Developing a purchase policy requires understanding your inventory:

  • What’s your current upgrade cycle?
  • How many Macs are due to be retired this year?
  • Can upgrades be delayed until Apple silicon equivalents are on the market (the challenge being that we know these will be introduced by year-end but we don’t know what Mac models will kick it off)?
  • Do you need to make additional purchases of new machine’s outside your upgrade cycle for new staff, expanding offices, or larger student populations?

The simplest option is, of course, to simply stop procurement completely and wait until Apple has released enough new models to meet your upgrade needs. This isn’t realistic for a lot of organizations, but it may be worth considering – again this can only be based on speculation about which of the Mac product lineup will be released first.

Related: WWDC 2020: Yes, Apple is dumping Intel, gently

When Apple made the transition to Intel in 2006, it started with the iMac and MacBook Pro – a combination of the consumer-focused iMac and the pro portable. If that is indeed the pattern and I’d expect the iMac at least to be the first desktop updated as opposed to the new Mac Pro that has a very narrow market or the Mac mini, which was recently updated and which isn’t a show stopper or flagship product. On the notebook side, there’s less clarity. Apple’s naming scheme has changed enough around MacBooks that there isn’t a clear distinction between consumer and professional. The MacBook Pro is definitely a Pro model, but the MacBook Air exists in a bit of a blurred space since it is typically the cheapest Mac laptop but also one that is quite often deployed in the workplace.

And there’s another cautionary thought about even moderately sized deployments, do you want to roll out first generation hardware at scale? Or do you want to try to avoid what is an entirely new form of computing through the shakedown phase where Apple works out the glitches and bugs that made it past all the testing processes? Or do you want to try to split the difference and have a pilot phase?

My personal preference is that last one. A pilot project, particularly one that leverages both IT and general users, allows you to get to know any major issues and develop a solution or workaround for them. As I often say, it’s important to get a slice of your user base to test under real work circumstances, because IT doesn’t understand the requirements or workflows anywhere near as well as the people living with them on a daily basis. The challenge being that this will extend how long it takes for your organization to replace some aging Macs.

Another enterprise concern is that Apple is giving up its ability to run Windows and Windows applications natively.

One big advantage of Apple adopting intel is that it that it silenced a lot of criticism about Mac users always needing their own sets of software and certain commercial and enterprise apps that simply didn’t (and were never going to) run on anything but Windows. Intel Macs, from a hardware perspective, were PCs.

They had all the same components and could be literally turned into PCs using Boot Camp or run Windows and apps natively on Intel processors alongside macOS and Mac apps using virtualization software.

Related: WWDC 2020: Apple to announce move to ARM-powered Macs

Apple has said that this is an unfortunate side effect of where it wants to go with its product line and that emulation software will be able to support PC software. How well that happens is yet to be seen. Certainly software to run Windows under emulation on Power PC Macs fifteen or twenty years back were slow, buggy and required serious hardware to run at all. Not a good solution at the time.

There are signs of hope, however, in that Apple is building its own emulation engine, Rosetta 2, in order to support running Intel Mac apps on Apple silicon machines during the transition. If Rosetta 2 can be used as the basis of PC emulation, the idea might be completely viable. Or it could just forestall the inevitable when Apple deems that transition complete in a couple of years and no longer has a need to develop or include Rosetta 2 as part of macOS.

Related: WWDC: Everything Apple shared at its big developer event

Not just about new hardware

While the shift to Apple silicon is a major milestone, there are other changes in macOS Big Sur that are specific to Macs in enterprise and education environments. The biggest of these is how IT can use Apple’s MDM framework to manage Macs. First up is a feature that many IT departments will love.

When Apple created its Device Enrollment Program, known as DEP, it delivered the ability for zero touch employment. A new shrink-wrapped Mac booted, checked in with Apple’s activation service, and responded to a flag that marked it as being assigned to DEP and to the appropriate MDM service. The Mac enrolled itself in management and, because it was designated as a work machine right out of the gate, it could be designated as supervised. Supervised Macs are company-owned Macs that offer IT a superset of Apple’s management system that allows more restrictions, remote commands and workflow assignments.

The big drawback of DEP has always been that it is limited to Macs sold directly by Apple to a company or school, or sold through certain third parties. This meant that Macs purchased from another entity couldn’t support a zero-touch deployment and that they would have to be set up by a tool called Apple Configurator if they were to be supervised.

Apple is now letting Macs that may not have been eligible for DEP in the past to be added to an organization’s Apple records.

The reason not all Macs can or should be supervised

Supervision allows management of virtually every aspect of a Mac including Apple’s kill switch for lost/stolen hardware known as Activation Lock. Because of the observational capabilities supervision allows, it is only allowed on machines that are explicitly company-owned and cannot be used with BYOD programs.

Part of the supervision setup process in Apple Configurator was that the device would be wiped of any personal content. A personally owned device would need to be handed to IT to be wiped and supervised and the user would be aware of that fact and any privacy implications.

The key point in fact, is that the user knows that supervision is in place and that means IT has greater management and query capabilities. Big Sur breaks with tradition and allows user enrolled Macs to be supervised.

Alongside DEP, Apple has also removed the requirement for wiping a Mac when enrolling it as supervised. To ensure that the user understands that the device they’ve been given will be supervised, the user must accept the MDM service. This means the user should be aware of supervision and its implications. For IT it means that virtually any managed Mac can be configured as supervised much more simply, relieving a number of headaches.

Apple also includes a feature known as Autoadvance that allows IT to designate specific screens and portions of the macOS setup process. The idea is to simplify set up as much as possible and get the user to the login screen faster.

Managed apps

Alongside these changes, Apple has also brought the concept of managed apps (and other features) to the Mac. Managed apps have been an iOS feature for several years. They are essentially company apps and are installed either automatically based on an IT-specified profile or command, such as during initial setup, or are later installed by the user from a company app store. If a user had previously installed the app from Apple’s App Store without it being managed, it can be converted to a managed app via MDM.

Managed apps can be deleted by MDM commands and users can now be prevented from deleting them. The big feature of managed apps, is that they allow IT to preconfigure the app’s settings if needed and prevent users from changing them.

Related: WWDC: 12+ announcements for the Apple enterprise

Appleseed and public beta

In years gone by, Apple allowed only developers access to beta versions of macOS and iOS. That changed a few years ago with the introduction of public betas that allow end users to try out the pre-release software. Additionally, Apple is allowing IT a similar functionality known as Appleseed for IT.

The first thing to consider here is that the programs are not identical. The betas that are released to the public, for example are fewer than for developers and center around specific parts of the development process. Similarly, Appleseed can match up to either beta stream or not. This is important both for IT and for early adopting employees because it means that there will be times where Apple’s betas are out of sync across programs and can cause confusion.

Apple’s public betas can be a thorn in IT’s side or an unexpected blessing depending on how you want to look at it. Obviously having users using pre-release software raises red flags, especially if those users bring them into the office (and with the pandemic keeping people out of the office, they may be more inclined to join the beta program).

Bugs, issues with existing apps, and confusion about new or altered functionality are often part of the beta testing experience. If users install betas on the primary device they use for work, it can cause support calls as well as employee downtime if they can’t access core tools.

The best approach is to actually connect with early adopters in your organization that are using the public beta stream. First to advise users that want to sign up as beta testers that they should do so using a secondary device instead of one they rely on for critical work and personal tasks.

Ultimately, most organizations will encounter the public betas at some point this summer. Ideally it will be on a secondary device, though some people will probably still install on their primary device.

This can be turned into advantage in that you can recruit these users as beta testers.

IT needs to be ready to support the new releases with the added challenge of the ticking clock in the background over much of the summer -- you have a limited window of opportunity to vet them, test enterprise and key third-party apps with them, and build a knowledge base of issues that your support teams may encounter.

If you recruit beta users, they can do much of that testing for you. They can see which apps have issues, which workflows need to change, and report to you any general support issues. That gives you a greater ability to prepare, both in terms of updating apps and in terms of developing support and user-facing resource material.

Mandates for the summer

Apple’s announcements leave IT a lot of work to do over the summer.

IT teams must develop plans for Apple silicon Macs, review management capabilities and policies for Mac users (now more directly in line with management on iOS and iPadOS) and update policies where relevant, work with DEP to implement wider zero touch deployment options, determine if supervision should be broadly implemented across your organization, implement an upgrade policy for Big Sur, and develop communications and messaging to user about how changes and about your Apple silicon strategy, and get your support/success teams ready to support Big Sur as well as Apple’s other platforms at release this fall.