Home NewsX Day zero support for iOS/iPadOS 18 and macOS 15

Day zero support for iOS/iPadOS 18 and macOS 15

by info.odysseyx@gmail.com
0 comment 1 views


Since Apple recently announced iOS/iPadOS 18.0 and macOS 15.0 Sequoia, Microsoft Intune has been working hard to provide day zero support for Apple’s latest operating systems, ensuring existing features work as expected.

We will continue to upgrade our services and release new features that integrate support for new operating system (OS) versions.

Registering Apple users through the company portal

Starting with iOS/iPadOS 18, Apple no longer supports profile-based user enrollment. As a result of this change, Intune is ending support for: Registering Apple users through the company portal You will need to use an alternate management method to enroll your device immediately after iOS/iPadOS 18 is released. We recommend that you enroll your device. Account-based user registration For similar functionality and improved user experience. If you want a simpler registration experience, try the new Web-based device enrollment for iOS/iPadOS.

Please note. Registering your device through the company portal These changes will not affect you.

Impact on existing devices and profiles:

After Intune ends support for user enrollment in the Company Portal:

  1. Existing registered devices will not be affected and will continue to be registered.
  2. Users targeted by this registration type profile will not be able to register new devices.
  3. Intune technical support is only available for existing devices enrolled this way. Technical support is not available for new enrollments.

New settings and payloads

We have continued to invest in the data-driven infrastructure that powers the Settings Catalog, enabling us to provide Day Zero support for new settings released by Apple. The Apple Settings Catalog has been updated to support all newly released iOS/iPadOS and macOS settings for Declarative Device Management (DDM) and Mobile Device Management (MDM), enabling teams to prepare their devices for Day Zero. The new settings for DDM include:

Disk Management

  • External storage: Controls the mount policy for external storage.
  • Network Storage: Controls the mount policy for network storage.

Safari Extension Settings

  • Allowed domains: Control which domains and subdomains the extension can access.
  • Denied domains: Controls the domains and subdomains that the extension cannot access.
  • Private Browsing: Controls whether extensions are allowed in private browsing.
  • Status: Controls whether users can allow, deny, or configure the extension.

Software Update Settings

  • Allow standard user OS updates: Controls whether standard users can perform major and minor software updates.

Software Update Settings > Automatic Updates

  • Allowed: Specifies whether users can control automatic downloads of available updates.
  • Downloads: Specifies whether users can control automatic downloads of available updates.
  • Install OS updates: Specifies whether users can control the automatic installation of available OS updates.
  • Install security updates: Specifies whether users can control the automatic installation of available security updates.

Software Update Settings > Postpone

  • Merge Period (Days): Specifies the number of days to postpone major or minor OS software updates on the device.
  • Major Period (Days): Specifies the number of days to postpone major OS software updates on the device.
  • Minor Period (Days): Specifies the number of days to postpone minor OS software updates on the device.
  • System Period (Days): Specifies the number of days to delay system or non-OS updates. When set, updates will only appear after the specified delay time after they are released.
  • Notifications: Configure notification behavior for forced updates

Software Update Settings > Rapid Security Response

  • Enable: Controls whether to provide users with a rapid security response when available.
  • Enable Rollback: Controls whether Rapid Security Response rollback is available to users.
  • Recommended Frequency: Specifies how the device displays software updates to the user.

The new settings for MDM are:

Scalable Single Sign On (SSO) > Platform SSO

  • Authentication Grace Period: The amount of time an unregistered local account can be used after receiving or updating a ‘FileVault Policy’, ‘Sign-in Policy’, or ‘Unlock Policy’.
  • FileVault Policy: Policy to apply when using Platform SSO to unlock FileVault on Apple Silicon Macs
  • Login Policy: Policy to apply when using Platform SSO in the login window.
  • Non-Platform SSO Accounts: List of local accounts that are not subject to any ‘FileVault Policy’, ‘Sign-in Policy’, or ‘Unlock Policy’
  • Offline Grace Period: The amount of time that a local account password is available offline after the last successful platform SSO login.
  • Unlock Policy: Policy to apply when using Platform SSO when unlocking the screensaver.

Scalable Single Sign-On in Kerberos

  • Allow Password: Allows the user to switch the user interface into password mode.
  • Allow Smart Card: Allows the user to switch the user interface into smart card mode.
  • ID Issuer Auto-Select Filter: A string containing wildcards that can be used to filter the list of available smartcards by issuer. For example: “*My CA2*”
  • Start in Smart Card Mode: Controls whether the user interface starts in smart card mode.

limits

  • Allow ESIM outgoing transmission
  • Allows personalized handwriting results
  • Allow remote control of video conferences
  • Allow Genmoji
  • Allow image playground
  • Allow image wands
  • Allow iPhone mirroring
  • Allow writing tools

System Policy Control

  • Enable XProtect malware upload

The upcoming Intune September (2409) release includes the following new DDM settings:

math

  • calculator
  • Basic mode
  • Add square root
  • Science Mode – Enabled
  • Programmer Mode – Enabled
  • Input Mode – Unit Conversion
  • System Behavior – Keyboard Suggestions
  • System Operations – Math Notes

New MDM settings in Intune 2409 (September) release are:

System Expansion

  • System extensions that cannot be removed
  • Unremovable system extension UI

Web Content Filter

More information on how to configure these new settings using the Settings Catalog can be found here: Create policies using the settings catalog in Microsoft Intune.

Updates to the ADE Settings Support screen within the registration policy

The September (2409) release of Intune introduces six new setup assistant screens that administrators can choose to show or hide when creating Automated Device Enrollment (ADE) policies. These include three iOS/iPadOS and three macOS skip keys that can be used for both existing and new enrollment policies.

  • Emergency SOS (iOS/iPadOS 16+)
    • IT administrators can choose to show or hide the iOS/iPadOS Safety (Emergency SOS) settings window that appears during the Setup Assistant.
  • Action Button (iOS/iPadOS 17+)
    • IT administrators can choose to show or hide the iOS/iPadOS Action Button configuration window that appears during the Setup Assistant.
  • Intelligence (iOS/iPadOS 18+)
    • IT administrators can choose to show or hide the iOS/iPadOS Intelligence Settings window that appears during the Setup Assistant.
  • wallpaper (macOS 14 or later)
    • IT administrators can choose to show or hide the macOS Sonoma wallpaper settings window that appears after the upgrade. If the screen is hidden, the Sonoma wallpaper is set by default.
  • Lock mode (macOS 14 or later)
    • IT administrators can choose to show or hide the macOS Lockdown Mode settings window that appears during the Setup Assistant.
  • Intelligence (macOS 15 or later)
    • IT administrators can choose to show or hide the macOS Intelligence settings window that appears during setup assistance.

For more information, see Apple. SkipKeys | Apple Developer Documentation.

Updates to supported and allowed versions for userless devices

Previously, we introduced a new model for enrolling userless devices (or devices without a primary user) for supported and allowed OS versions to keep enrolled devices safe and efficient. The support description has been updated to reflect changes in iOS/iPadOS 18 and the upcoming macOS 15 release.

  • Support descriptions for supported and allowed macOS versions for devices without a primary user.

If you have any questions or feedback, please leave a comment on this post or contact me at X. @IntuneSoupTeamStay tuned for more Intune features and functionality coming soon!





Source link

You may also like

Leave a Comment

Our Company

Welcome to OdysseyX, your one-stop destination for the latest news and opportunities across various domains.

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

@2024 – All Right Reserved. Designed and Developed by OdysseyX