Apple @ Work is proudly sponsored by Mosyle, the exclusive Apple Unified Platform. Mosyle is the only solution that consolidates all the essential tools needed to effortlessly and automatically deploy, manage, and secure Apple devices in the workplace. With over 45,000 organizations relying on Mosyle, millions of Apple devices are made operational seamlessly and affordably. Request your EXTENDED TRIAL today to discover why Mosyle is the ultimate choice for managing Apple devices.
WWDC has passed once more, and there’s much to absorb and experiment with throughout the summer. However, notable improvements for IT teams managing Apple device ecosystems are set to roll out this fall. In my view, the most significant announcement is a streamlined process for transitioning between device management vendors.
About Apple @ Work: Bradley Chambers has overseen an enterprise IT network from 2009 to 2021. Drawing from his experience in deploying and managing firewalls, switches, mobile device management systems, enterprise-grade Wi-Fi, thousands of Macs, and iPads, Bradley shares insights on how Apple IT admins manage Apple devices, build networks, train users, recount real-world stories, and propose enhancements for Apple’s products aimed at IT teams.
Platform SSO Integrated into Setup Assistant
Platform SSO has greatly improved identity integration across macOS, and Apple has taken it a step further this year. Platform SSO is now embedded directly within the Setup Assistant during Automated Device Enrollment. As a result, users will need to log in with their identity provider during the initial device setup, even before reaching the macOS desktop.
After signing in, Platform SSO manages authenticated enrollment into the device management system. If the identity provider is federated, it can also facilitate signing into the user’s Managed Apple Account. Subsequently, a local account is created, with the password either synced from the identity provider or established by the user using a Secure Enclave-backed key. Users can even select their account profile photo from their IdP.
This is a significant advantage for IT teams aiming to simplify Mac deployments. Users enjoy a familiar login process, devices are enrolled seamlessly, and everything connects back to the organization’s established framework. This reduces the number of steps, minimizes setup confusion, and enhances the zero-touch deployment experience.
Safari Configuration, DDM, and More
With updated Safari configurations, software update timing, and app version control transitioning to the declarative device management model, the shift is evident. Traditional update commands are on the decline. For IT teams still relying on older processes, this summer serves as an ideal time to strategize a transition. The benefits, particularly in reliability, are apparent. DDM provides enhanced visibility into fleet operations, reduces update delays, and streamlines policy enforcement.
Easier Transitions with Managed Apple Account Enhancements
This year’s overlooked update focuses on easing the management of Managed Apple Accounts for IT teams. For years, personal accounts on company devices have posed challenges. WWDC25 introduced changes aimed at alleviating this issue.
Admins can now download lists of personal accounts linked to their domain using personal Apple IDs, offering IT visibility into which users created personal accounts with their work email. Additionally, Apple will equip IT with the tools needed to assist users in transitioning their accounts to Managed Apple Accounts.
The update also introduces an option to restrict personal accounts from using company-owned devices, operating independently of a device management system and addressing essential areas like Setup Assistant and System Settings.
These changes facilitate a smoother shift towards a secure identity model. Apple encourages organizations to implement Managed Apple Accounts and is providing IT with more control over this transition without adding complexity.
Device Management System Migration
This year’s spotlight announcement by Apple focuses on resolving a persistent challenge for IT teams: device management migration. This enhancement, while not headline-grabbing, significantly alters how organizations navigate transitions. Whether switching vendors, consolidating systems, or managing mergers, the ability to migrate devices without wiping them is a substantial advantage.
“2025 saw significant enhancements to Apple MDM, including app preservation for Return to Service, limited sign-in to Managed Apple Accounts, and Declarative Management expansion. Notably, Apple introduced Device Management service migration, eliminating the friction and pain of switching MDM providers for better products, support, and price. This feature empowers organizations to easily migrate devices to different MDM providers, fostering competition and benefiting organizations leveraging Apple devices.” — Alcyr Araujo, CEO at Mosyle
Updates for Vision Pro
Apple is streamlining the integration of Vision Pro into enterprise workflows by introducing support for device management. Previously, if a Vision Pro was acquired outside standard channels, it couldn’t be managed. This fall, Apple Configurator for iPhone will support incorporating Vision Pro into your organization, similar to a Mac or iPad. This enhancement offers IT teams greater flexibility in device acquisition outside conventional procurement procedures.
Additionally, Return to Service will be available for visionOS, along with iOS and iPadOS. This feature introduces a quick reset option accessed from Control Center or the lock screen, designed to facilitate device turnover without a full wipe. This is particularly advantageous for shared-use settings where Vision Pro may change hands frequently.
Apple is clearly positioning Vision Pro as more than just a personal device. With continued investment in the right tools, potential applications in training, simulations, or fieldwork could become increasingly viable.
Enhancements for Shared Mac
Authenticated Guest Mode will also debut on Mac this fall. When combined with Platform Single Sign-On, users can log in via their cloud identity, use the Mac, and ensure all local data is erased upon logout. This is ideal for environments such as healthcare, retail, or training where devices are shared frequently.
Moreover, the Tap to Login feature offers one of the most practical upgrades for shared environments in macOS recent updates. This feature enables users to log in by tapping their iPhone or Apple Watch on a Mac, utilizing a badge stored in Apple Wallet. No local accounts are necessary—ideal for healthcare staff transitioning between machines during shifts or retail teams swapping registers. When paired with Authenticated Guest Mode and Platform Single Sign-On, you achieve a full login flow that deletes user data post-logout and signs users into applications with a single credential.
It does necessitate an external NFC reader, which may limit deployment locations, but it aligns with how organizations currently utilize physical ID badges.
Enhanced Inventory Data for IT Visibility
Accurate inventory data is critical for IT teams, and Apple has introduced several new details that simplify device fleet management. While Activation Lock status, device storage, and cellular information like IMEI and EID were available previously, WWDC25 adds more benefits.
Later this year, both iPhone and iPad will include Bluetooth and Wi-Fi MAC addresses, which is advantageous for organizations employing network access controls or needing compliance tracking by MAC address. IT administrators will also receive AppleCare coverage information directly within the device inventory, facilitating better tracking of support eligibility with fewer manual lookups.
Additionally, Apple aims to enhance inventory visibility for released devices, capturing details on who released them and when. This is particularly beneficial in environments where devices frequently transition between users or are reissued.
This improvement connects with the new APIs for Apple Business Manager and Apple School Manager, allowing IT teams to access this inventory data via an API for enhanced automation, simpler reporting, and more accurate records.
Improvements in App Control
App management has finally received some long-awaited updates. IT can now pin app versions, prevent automatic updates, and monitor real-time install status. Although these changes may seem minor, they grant admins greater control without increased complexity. Additionally, macOS is now aligning more closely by supporting the deployment of both App Store and custom packages using the same declarative approach.
Conclusion
This year’s WWDC may not have showcased any extravagant moments for IT teams, but significant victories are evident. Declarative device management continues to emerge as the optimal path for managing device communications. The enhancements to Apple Business Manager and School Manager provide IT with greater control and improved automation. I anticipate that API access will lead to compelling integrations with existing IT solutions.
Ultimately, the most impactful improvement is the introduction of tools for device management system migration. IT teams can transition devices between systems without requiring users to perform a wipe, easing the process and empowering organizations to select the ideal solution for their needs without feeling trapped.
While Vision Pro may still be in its infancy for enterprise applications, Apple is laying the groundwork with the right tools for potential growth in sectors like training, healthcare, or fieldwork. The Tap to Login feature for Mac stands out as one of the most valuable updates for shared-use workflows recently, and Apple is enhancing IT visibility into device management like never before.
It’s essential to begin testing. This is the time to identify any bugs within your enterprise workflows and provide feedback to resolve them before the major OS releases roll out this year.
