You are currently viewing Apple WWDC25: What’s New in Apple Device Management

Apple WWDC25: What’s New in Apple Device Management

Exploring the latest updates from Apple’s WWDC25. Apple continues to evolve its ecosystem to simplify Device deployment, App management, Identity integration, and Enterprise Security. Here’s a simplified walkthrough of the most impactful updates from Apple.

Managed Apple Accounts & Identity

Last Year’s Updates (2024)
  • Apple introduced the ability for IT teams to lock their domain and take ownership of Apple accounts created using that domain.
  • Once domain locking is initiated, users are guided through a process to update their Apple accounts.
  • This process helps organizations transition personal Apple IDs into Managed Apple IDs for improved oversight and access control.

Apple has enhanced Managed Apple IDs to help IT teams take ownership of user accounts and data. Organizations can now:

What’s New This Year (2025)

Admins can now download a list of personal Apple accounts associated with their domain.

  • This enables direct communication with users to help them update their accounts.

Once the account update is completed:

  • Users gain access to all services provisioned by the organization.
  • This includes a new service: App Notarization, enhancing security and compliance.

Expanded Access Management:

  • IT can now prevent personal Apple IDs from being signed into organizationally owned devices.
  • Only Managed Apple IDs will be allowed on company devices.

This restriction applies universally:

  • Including Setup Assistant and System Settings.
  • There are no MDM requirements or dependencies for this enforcement.

Goal of These Changes:

To help organizations seamlessly adopt Managed Apple IDs and strengthen security by clearly separating personal and work accounts across all devices.

Device Inventory Enhancements in Apple Device Management
Expanded Device Information:

Apple has been adding more details to devices in your organization, such as:

  • Activation Lock status
  • Device storage

Cellular Information Added

Earlier this year, they added:

  • IMEI
  • EID

(Useful for identifying and managing cellular-connected devices.)

Release Device Details

Apple has expanded information for released devices, including:

  • Who released the device?
  • When was it released?

Upcoming: MAC Addresses on iPhone & iPad

Later this year, they’re adding:

  • Bluetooth and Wi-Fi MAC addresses for iPhone and iPad

(This is helpful for organizations managing network access based on MAC addresses.)

AppleCare Coverage Visibility

➤ AppleCare coverage information will now be available:

  • Helps IT teams track coverage
  • Aids in repair and replacement decisions

API Access to Inventory Data

➤ With the initial API set, you can:

  • Access device inventory data
  • Manage MDM server assignments

List of Supported API Endpoints

  • Query information about a list of devices
  • Assign devices to a device management service
  • Get batch activity status, and more

Getting Started with the API

  • Begin by creating an API account
  • API accounts can only be created by Administrators and Site Managers

Private API Key Generation

  • Apple will generate and allow you to download a private API key
  • This key is to be used with your app or service
Automated Device Enrollment in Apple Device Management
  • Automated Device Enrollment is Apple’s core approach to simple device management.
  • It allows for just-in-time delivery of hardware without IT physically handling each machine.
  • Not all organizational devices are purchased through regular channels.
  • Now, all MDM-capable devices can be added to organizations with Apple Configurator.

(Note: visionOS now supports skipping panes in Setup Assistant.)

Account-Driven Enrollment: A Privacy-Focused Alternative

When Automated Enrollment isn’t available, Apple provides Account-Driven Enrollment as a simple, privacy-focused method. Users enroll using their Managed Apple ID.

Service Discovery via MDM Server:
  • You can now use the MDM server to configure the Service Discovery URL.
  • If the device can’t find the endpoint, it will check with Apple Business Manager (ABM) or Apple School Manager (ASM).

Configuration Steps:

Once the MDM server sets the redirect URL:

  • Log in to ABM or ASM to specify the default device management service assignment.
  • This applies to each device supporting Account-Driven Enrollment.

Easier for COPE and BYOD Environments

  • Corporate-Owned Personally Enabled (COPE) devices
  • Personally Owned Devices (BYOD)
Moving Devices Between MDM Servers

Organizations often move devices between MDM servers due to:

  • Acquisitions
  • Shifting from on-prem to cloud-based MDM
  • Switching MDM solutions
Device Management Migration

Organizations can now migrate devices between MDM servers—without wiping or manual re-enrollment. A deadline can be set, and users are guided through the process. Once migrated, the new MDM takes control and rotates critical security keys like FileVault.

Device Management Enhancements:

  • Software updates via Declarative Device Management (DDM) are now available on all platforms, including Apple TV and Vision Pro.
  • DDM replaces traditional update methods with better control over deferrals, scheduling, and deadlines.
  • Safari management allows IT to configure bookmarks and default homepages using declarative settings.
Apple Intelligence Controls

Apple Intelligence features like writing tools and notification summaries now extend to Vision Pro. This can be managed how these tools are deployed to comply with privacy and policy requirements.

Return to Service

Apple now allows apps to persist after a device reset—user data is wiped, but managed apps remain. This reduces setup time and helps in bandwidth-constrained environments.

App Management Improvements

  • Manage update behavior per app.
  • Pin specific versions or disable auto-updates.
  • Monitor update progress via a status channel.
  • For macOS, declarative app management supports both App Store and custom package apps.
Identity Integration & Platform SSO

Platform SSO now starts directly in Setup Assistant, improving Mac enrollment with:

  • Federated sign-in using work credentials.
  • Synchronized local account creation.
  • Secure Enclave-backed key authentication.

Apple’s focus on security, automation, and declarative management is both inspiring and practical. These tools are empowering IT teams—large or small—to streamline workflows, improve security posture, and elevate the end-user experience.

At TexArxs, we help organizations adopt these innovations seamlessly—whether you’re managing 10 devices or 10,000. Our expertise ensures your IT team stays ahead, your users stay productive, and your business stays secure.

 Let’s talk about how TexArxs can future-proof your Apple ecosystem.

Leave a Reply