This year’s WWDC announced a host of changes that will affect macOS Catalina management. The news raised questions about how macOS Catalina will interact with MDM solutions such as Jamf. In this article we’ll review those changes and discuss what they mean for macOS Catalina MDM.
Do you need to boost or refresh your Apple MDM skills?
macOS Catalina MDM Features
Here are some of the most pertinent new features that Apple is introducing in October.
- Customised Enrollment: this will enable an MDM server to set an authentication web page for Apple Business Manager or Apple School Manager, during initial configuration.
It’s important to note that Customised Enrollment can show any type of authentication during initial configuration. However, macOS does not require the user to use the same password as their identity provider. In effect this means that macOS authenticates a username while the user has two passwords.
- Managed Apple IDs for Business: from now on you’ll be able to use Apple services such as iCloud Drive and Notes with one set of existing credentials. This also includes support for Federation through Microsoft Azure AD.
- Single Sign-On App Extensions: this framework will allow employees to log in to websites and apps seamlessly, provided the cloud identity provider they use has built a supported app.
- Kerberos authentication: a first-party extension will be included to support this as well as password syncing to a local account.
Organisations that use a cloud identity provider and want one set of credentials across all experiences may benefit from Jamf Connect. This collection of apps works alongside MDM solutions such as Jamf Pro. In this case, it’s useful for providing a consistent username and password throughout provisioning and then for its security management functions post-provisioning.
Looking for official Jamf training in the UK?
Jamf and macOS Catalina
Below is a summary of the benefits Jamf Connect has for macOS Catalina management.
- synchronised cloud identity and Mac account credentials
- one set of credentials per user
- multifactor authentication with each login
- tracking and monitoring of who is accessing which devices where
- multiple IT admin accounts using admin permissions from the IdP, removing the risks of a single IT account
- enforcement of password policies through the identity provider
- by forcing a user to have the same cloud IdP and Mac account credentials, Jamf Connect keeps those credentials in sync through a single identity for everything needed to be productive (besides Google Cloud Identity)
If you’d like to learn more about macOS Catalina and Jamf, don’t hesitate to get in touch.