Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/articles/mdm-just-got-better.md
Brock Walters 15d0bba842
Update mdm-just-got-better.md (#32303) 
Removed line regarding "preservation" of settings.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [ ] QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed

## Database migrations

- [ ] Checked table schema to confirm autoupdate
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled

## fleetd/orbit/Fleet Desktop

- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-08-26 10:07:40 +02:00

4.4 KiB
Raw Blame History

MDM just got better: Apples biggest IT updates at WWDC25

macOS 26 Tahoe, iOS 26, iPadOS 26, watchOS 26, and visionOS 26 bring powerful changes for Apple admins and IT teams. Hidden in the WWDC25 documentation are updates that quietly transform how organisations onboard, migrate, and manage Apple devices at scale.

Setup Assistant & Platform SSO just leveled Up

Platform Single Sign-On (SSO) is now fully integrated into Setup Assistant on macOS, bringing major enhancements to enterprise provisioning:

  • Authenticate with your Identity Provider (IdP) during Automated Device Enrollment
  • Automatically create local accounts with synced IdP details (photos, display names)
  • Enable silent enrollment using Managed Device Attestation
  • Skip setup screens for a faster, more consistent experience
  • Support for Guest Mode with authentication on shared Macs
  • Tap-to-login using iPhone or Apple Watch Access Key
  • Improved Managed Apple ID sign-in

This delivers the most frictionless macOS authentication experience to date — secure, seamless, and optimised for large-scale deployment. New devices now onboard faster, with fewer steps and stronger identity controls.

Managed device migration

You can now move macOS devices between MDM servers in Apple Business Manager or School Manager. No need to erase, rely on scripts, or use a vendor migration app. For iOS and iPadOS, MDM migration is also available without erasing devices.

Whether youre switching providers, consolidating tools after an acquisition, or moving from cloud to on-prem (or vice versa), device migration is now native, scalable, and user-driven.

Apple Business Manager and Apple School Manager introduce:

  • Enforced migration deadlines with persistent user prompts
  • Full-screen modals or reboot requirements if migration is delayed
  • Preservation of Activation Lock and FileVault keys
  • Prompt to reconnect if the device is offline during migration

The barrier to change your MDM solution has never been lower.

Declarative management expands

Apple is continuing its shift to declarative device management, with big gains for automation and compliance:

  • Declarative App Management now on macOS
  • DelayOSUpdates supports business-hour deferral windows
  • Apple TV and Vision Pro gain declarative software update support
  • Status reporting now includes app update states and more

DDM is faster, more reliable, and requires fewer round trips to your MDM server.

Small features, big wins

These updates may be under the radar but they make a real difference:

  • Remotely clear Mac passcodes without wiping
  • Return to Service now preserves apps as well as the OS
  • Battery health reporting arrives on iPad
  • Configurator and Shortcuts now work together for automated staging
  • Privacy-first content filtering using PIR and OHTTP
  • Safari settings management: bookmarks, homepages, private browsing
  • Restrict messaging and calling apps to approved services
  • Temporary AirPods pairing that automatically clears
  • Export lists of unmanaged Apple IDs for review

Why this matters for IT teams and how Fleet helps

Apples WWDC25 updates point to a future of frictionless onboarding, declarative management, and user transparency.

Fleet delivers that today, supporting declarative MDM on macOS, iOS, and iPadOS, with zero-touch provisioning via Apple Business Manager and Windows Autopilot.

Fleet lets you manage macOS, Windows, and Linux devices from one open, cross-platform system. Its open source, scalable to millions of devices, and trusted by enterprises with 5,000+ endpoints. With Fleet Desktop, end users can see exactly whats being managed and what data is collected—helping IT teams build trust through visibility and manage everything as code.

Fleet doesnt believe in vendor lock-in. And based on Apples direction, neither should you.

Rethink Mac management with Fleet

Fleet is open source, fast to deploy, and aligned with the way device management is evolving.

Apple made switching MDMs simple. Fleet makes it stick.
Welcome to your last MDM migration.