Blog Post

Intune Customer Success
4 MIN READ

Day zero support for iOS 16, iPadOS 16, and macOS 13 Ventura

Intune_Support_Team's avatar
Sep 13, 2022

On September 12th, Apple released iOS 16, which will be followed by the iPadOS 16 and macOS 13 Ventura releases in October. We’ve been working hard to ensure that Microsoft Intune is prepared to provide Day zero support for Apple’s latest operating systems (OS) so that all existing Intune features that are currently available for managing Apple devices will continue to work seamlessly as users upgrade their devices. We’ll continue to upgrade our service and release new features that integrate elements of support for the new OS versions.

 

Declarative Device Management (DDM)

With Intune’s 2208 service release, we announced support for DDM for User Enrolled devices running iOS/iPadOS 15 and higher.

 

We will be releasing DDM support for all enrollment options, including on iPadOS 16+ and macOS 13+ devices as Apple releases support for these new OSes. Intune enrolled devices will automatically use the new DDM protocol when being targeted with a new policy, allowing for more reliable and efficient device check-ins. Note that this will not impact the current experience, and devices that don’t meet the DDM requirements will continue to use the standard mobile device management (MDM) protocol.

 

Troubleshooting tip: DDM is automatically enabled when creating policies with the settings catalog for User Enrolled devices running iOS/iPadOS 15+. If you come across issues while configuring policies, the device configuration “Templates” can be used as a workaround. In some cases, un-targeting and retargeting devices may also help.

 

User Enrollment and Enrollment SSO

We’ve been working on providing full support for Apple’s Account-Driven User Enrollment flow and Enrollment SSO. This will bring us to our vision of requiring a user to perform only one authentication on a device to become fully enrolled. A public preview for the new Account-Driven User Enrollment flow and Enrollment SSO will be released after we roll out our Just-In-Time Registration. Keep an eye out on Intune’s What’s new and In development documentation for updates.

 

Device configuration and settings

We’ve added Day Zero support for Apple’s new skip keys for Automated Device Enrollment for devices running iOS/iPadOS 16 and higher and macOS 13 and higher. These settings are critical for our customers to be able to customize their users’ onboarding flows and properly configure their devices. Support will become available on each platform as the OS versions release.

 

The TermsOfAddress setting in all Automated Device Enrollment profiles will allow admins to hide or show the Setup Assistant screen that shows the Terms of Address pane.

 

In addition to Apple’s new skip keys, we’re excited to provide support for the following new Apple settings and features available with the latest OS releases:

 

Cellular

  • Enable XLAT464 can be used to enable or disable XLAT464 on devices. If this setting isn’t specified, then the system default is used.

 

Privacy Preferences Policy Control

  • System Policy App Bundles allows specified applications to update or delete other apps.

 

Restrictions

  • Allow Universal Control can be used to allow or prevent users from using a single keyboard and mouse between a Mac and an iPad.

  • Allow UI Configuration Profile Installation requires a supervised device and can be used to allow or prohibit users from installing configuration profiles and certificates interactively.

  • Allow USB Restricted Mode requires a supervised device and can be used to bypass or require authorization when new USB accessories are connected.

  • Allow Rapid Security Response Installation can be used to allow or prevent rapid security responses from being installed.

  • Allow Rapid Security Response Removal can be used to allow or prevent rapid security responses from being removed.

 

Support for these settings on devices running iOS/iPadOS 16 and higher and macOS 13 and higher will be available following Apple’s OS release in October.

 

Device Information

Earlier this year, Apple announced that cellular device related keys in the Device Information response were deprecated and would not be returned in a future version of iOS and iPadOS. These keys were duplicates of those returned in the Service Subscriptions response and we’ve migrated our inventory to use the Service Subscriptions response. In addition to the migrated settings, this response also contains slot-specific information, which we hope to use to improve reporting for situations when multiple SIM cards are available on devices.

 

Known issues

 

Keep us posted on your favorite new feature and as always let us know if you have any additional questions or feedback. You can comment on this post or reach out to us on Twitter by tagging us at @IntuneSuppTeam.

Updated Dec 19, 2023
Version 5.0
  • pbarnhart2010's avatar
    pbarnhart2010
    Copper Contributor

    From the article above and conversations I have had with 2 different Microsoft Support representatives, I know that iOS 16 is having issues applying device configuration - restrict profiles. I am having this issue right now on devices that I have which are enrolled with User Affinity and were enrolled after iOS 16 came out on September 12th. I See that Microsoft is waiting for an update from Apple and Microsoft has applied everything they need.

     

    How long are we waiting for Apple to update their side?
    Since Microsoft removed the article from the service Health, Are we (the customers) supposed to keep our eyes on this post and look for an update?

    I am wondering how we will be informed once this is resolved.

  • When will the New Restrictions for iOS 16 be configurable in Intune, do I understand it correctly that it will be introduced with the next Intune Service Release in October?

  • cheekynandos456's avatar
    cheekynandos456
    Copper Contributor

    "We will be releasing DDM support for all enrollment options, including on iPadOS 16+ and macOS 13+ devices as Apple releases support for these new OSes."

    As far as im aware all enrollment options are supported on iOS 16 from launch? So when can we expect support for device enrollments?

    Lots of words but a bit light on the actual "when is this coming to Intune"