Microsoft Intune is excited to support Apple in their launch of iOS 14, iPadOS 14, and watchOS 7. We are delighted to deliver new functionality alongside Apple’s launch – ensuring you can be at the cutting edge to support your users wherever they are working or learning this fall.
Here are the new Apple scenarios we support and updates we’ve made to provide the best MDM and APP experience:
Disable iOS/iPadOS App Clips
4096 bit SCEP certificate keys
Custom maximum transmission unit (MTU) values for IKEv2 VPN connections
Per-account VPN routing for the native Mail app
Prevent users from disabling automatic VPN
Associated domains for per-app VPN connections
Excluded domains for per-app VPN connections
Apple Business Manager and Apple School Manager have been updated with a new view for all devices and Custom Apps functionality for distributing apps internal to your organization. Last year’s integration with Microsoft Azure Active Directory to enable Federated Authentication for Managed Apple IDs now works alongside SCIM (System for Cross-domain Identity Management) to help keep account data in sync.
There have been improvements to the Apple Push Notification service (APNs) to improve communication, which Intune supports.
In upcoming releases, we plan to add even more features to support your Apple management journey, including skipping Restore Completed and Update Completed panes during Automated Device Enrollments on iOS and iPadOS 14.0+.
With iOS and iPadOS 14, devices will automatically present a randomized MAC address for enhanced privacy when connecting to networks rather than defaulting to physical MAC addresses. If you rely on static MAC addresses in your environment, which may be used for network access control (NAC), you can disable MAC address randomization on a per-network basis in your Wi-Fi profile configuration for iOS and iPadOS 14 in our September release.
If you update an assignment from “Required” to “Available for enrolled devices”, new app installations will be installed as removable. Existing apps that are installed originally as “Required” continues to remain non-removable until the user requests to install the app from Company Portal. Then it updates the installed app’s property to removable.
Based on the customer feedback, iOS 14 apps deployed as “Required” will become removable when the November update of Intune is released. Managed iOS devices need to sync with Microsoft Endpoint Manager to reflect the change in required apps.
In iOS 14, users can set their default mail and browser apps. The latest Outlook version (4.55.1) supports this functionality and Edge is live with the functionality to set their default mail and browser apps as of version 45.8.9.
iOS and iPadOS 14 offer the ability for app developers to provide widgets that present key information from apps on users’ home screens. If an app creates a widget, that widget will show up on the user's device. Microsoft Endpoint Manager will not obscure the information displayed in widgets. If a widget from a protected app contains any links, APP will apply to protect that link as links within the app are protected.
In iOS and iPadOS 14, there are some updates to how pasteboard works. Here’s what this means for your apps protected with APP:
In 2021, Apple will update the format of serial numbers for products to a randomized string of 10 characters. This should not impact your Intune enrollments.
We have fixed an issue on iPadOS 14, where Shared iPads could not complete enrollment and continue to show “awaiting final configuration from company”. The fix will be available in the October update of Microsoft Intune enabling you to successfully enroll Shared iPads running iPadOS 14.
We’re investigating an issue with iOS and iPadOS 14 and OneDrive where users cannot access OneDrive files through the Files app or FileProvider API when the device is enrolled with the following device restrictions:
We have recently made changes to our iPadOS enrollment service that are live for public cloud tenants already. These changes are rolling out to the government cloud in the next week. In the meantime, if you would like to enroll a device running iPadOS 14 through the Company Portal, you can follow a few simple steps:
Apple has posted updated versions of operating system software license agreements for both Apple Business Manager and Apple School Manager on September 16, 2020. Your organization won’t be able to enroll devices or deploy new apps until an administrator has signed into either Apple Business Manager or Apple School Manager and have accepted the new terms.
For more information see the Apple Support article If Apple Business Manager or Apple School Manager asks you to approve new terms and conditions.
MAC address randomization is on by default for both iOS 14 and iPadOS 14 which breaks network access control (NAC) for Wi-Fi where MAC address is being used as the lookup key.
We’re releasing the ability to turn this feature off within the 2009 service release. As this feature will be rolling out gradually over the next few days, there will be a gap where these devices won’t be able to connect to NAC-enabled Wi-Fi until the user turns off MAC address randomization.
As a workaround, impacted users will need to manually turn off "Private Address" for the Wi-Fi Network they are connected to within the Settings app after they upgrade to iOS 14 and iPadOS 14. Note that this is a per-network setting and will need to be applied to each impacted Wi-Fi network on the device.
Keep us posted on your favorite new feature and as always let us know if you have any additional questions or feedback. You can comment on this post or reach out to us on Twitter by tagging us at @IntuneSuppTeam.
Thank you for all the feedback you have been providing regarding how you want to use the new app property in iOS and iPadOS 14 to mark an app as non-removable. We are actively investigating how we can best address your feedback. Stay tuned to In development and What’s New in Microsoft Intune to see future updates regarding this.
9/16/20: Included a known issue section.
9/17/20: With an update to clarify the Known Issue section, and an update to note that both Apple Business Manager and Apple School Manager administrators will need to accept the updated versions of operating system software license agreements to be able to enroll devices or update new apps.
9/24/20: With an update to clarify the “Required” assignment type scenario for apps on iOS and iPadOS 14 devices where apps are marked as non-removable.
10/6/20: With an update to to Shared iPads - We have fixed an issue on iPadOS 14, where Shared iPads could not complete enrollment and continue to show “awaiting final configuration from company”. The fix will be available in the October update of Microsoft Intune enabling you to successfully enroll Shared iPads running iPadOS 14.
10/21/20: We previously communicated that when using the “Required” assignment type for apps on iOS 14 devices, apps are marked as non-removable. As communicated in MC224749, based on the customer feedback, iOS 14 apps deployed as “Required” will become removable when the November update of Intune is released. Managed iOS devices need to sync with Microsoft Endpoint Manager to reflect the change in required apps. We are currently working on the ability for admins to toggle the setting in the UI and expect that feature to release in December.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.