Blog Archive

Device Management Updates from WWDC 2020: What Mac Admins Need to Know

Iru Team

•

12 min read

Device Management Updates from WWDC 2020: What Mac Admins Need to Know

Every year, Apple releases all of its major device management updates at its Worldwide Developers Conference (WWDC) event — and WWDC 2020 has been packed with big news. In this article, we’re going to break down some of the biggest announcements that came out of the conference. Here’s a quick overview of what we’ll cover: macOS Big Sur: Device Management Changes New macOS Security Features iOS & iPadOS: Device Management Changes New iOS & iPadOS Security Features

New Apple Business Manager Requirement: Verify Managed Apple ID Domains

Apple now requires administrators to verify any domains associated with their Apple Business Manager account. In this quick article, we’re going to talk about what this new domain verification requirement is, why verification is now required, and how you can verify domains associated with your Managed Apple IDs. What Changes with the Domain Verification Requirement? With the new domain verification requirement put in place, whenever you create a Managed Apple ID using a domain, you have to prove that the domain is owned by your company. This is accomplished by adding a specific TXT record to your domain name service’s (DNS) zone file. We’ll break down how this is done later. Domain verification is also required for federated domains — so if you have federated authentication configured, you’ll want to verify the associated domains right away.

Guide for Apple IT: Threat Detection and the Endpoint Security Framework

Editor's note 5/1/23: This post has been deprecated and replaced by an updated guide to endpoint detection and response (EDR). In macOS 10.15 Catalina, Apple released new frameworks that have big implications for the future of macOS threat detection and the development of security solutions: the Endpoint Security framework and the System Extension framework. Beyond expanding the safety and security of macOS, Apple is using these frameworks as userspace alternatives to kexts (kernel extensions). In the future, if a Kernel Extension feature has an equivalent system extension, the kext feature is considered deprecated, and the developer should work to migrate those features to a system extension. A list of deprecated kexts is available in this Apple support article. In this guide, we’ll look at what these releases mean for Mac security and development and explain how they work.

The Future of Mac Device Management with macOS Catalina 10.15

Apple for business is growing. Modern businesses are choosing to run on Apple, and they are redefining how work gets done on iPhone, iPad, and Mac. For Mac specifically, there are many things we are excited about in this release of macOS Catalina 10.15. We’ve noticed a thoughtful commitment to macOS in the workplace by ongoing support of the MDM ecosystem, investment in growing the MDM protocol, identity and SSO innovation, and nods to BYOD. The common thread through many of the changes was a balance of values between security and manageability, woven together to create a delightful user experience. We’ve spent the last few months in the weeds with the new device management documentation and beta software (and the last decade living and breathing Apple device management). This post will explore what’s new in 10.15, why it is a testament to the growth of Apple for business, and specific ways that Kandji is fully supporting it.

FedRAMP Compliance for macOS

Editor's note: This post was originally published in 2019. For the latest updates on Apple MDM and related topics, check out our Recent News blog page. For more information on compliance in Kandji, check out our compliance product page. The Federal Risk and Authorization Management Program, or FedRAMP, is a government program designed to provide, as they put it in their FedRAMP Security Assessment Framework document, “a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services.”

CIS Compliance for macOS

Editor's note: For the latest updates on Apple MDM and related topics, check out our Recent News blog page. For more information on compliance in Kandji, check out our compliance product page. These days, implementing a minimum level of security protections on your organization-owned devices is expected by your customers, suppliers, and employees. Whether you leverage an outsourced IT group (such as an MSP or MSSP) or have an internal team, best practices around endpoint security should be taken seriously.