Apple shipped the latest point upgrades to its operating systems for Macs, iPads, and iPhones this week, with the inclusion of 31 new emojis suggesting all the benefits are aimed at consumer users. That’s not really the case.
You need to get people updating
Part of the reason Apple likes to spice each patch with a few fillips for most users is because it knows how important it is to convince people to upgrade in timely fashion. In the context of intensifying attacks against all its platforms, ensuring everyone’s devices are as secure as they can be makes sense for platform security.
If it takes a few more emoji to convince people to upgrade, so be it. But the latest patches also carry significant tweaks for IT admins managing fleets of devices.
What follows is a selective list of some of the improvements IT will find in iOS 16.4, iPadOS 16.4. and macOS 13.3.
Improvements for iPads and iPhones
The big improvements for managed iPads and iPhones mean that MDM systems can now query the model number of managed devices. That’s good, as it helps avoid spoofing and other attempts to get inside security protection and should help improve endpoint management. Apple also claims to have resolved a known, but infrequently discussed, issue in which some users with Managed Apple IDs may find themselves prompted to Update Apple ID Settings, even though they don’t need to do so.
Another potentially positive improvement sees profile-based Wi-Fi networks prioritized above any local manually known networks when seeking a connection.
That’s a useful boost to security, particularly when IT wants to ensure users are (or are not) protected by MAC Address Randomization. The benefits of the latter are enhanced privacy, but network administrators often need to be able to track usage on corporate networks, so prompting users to join a company’s preferred network may sometimes make more sense.
Improvements for Macs
For IT, Macs had the most to gain in the latest software updates. Many of the highlights involve improvements in MDM handling of these systems. Not only can MDM tools now query the model number of Apple Silicon Macs, but Apple also claims to have fixed a deeply annoying problem in which a small number of Macs enrolled in MDM systems would sometimes startup in Recovery Mode following a software update.
I’m told a lot of admins have lost a little too much sleep over that problem, and I imagine most will be waiting to see how effective Apple’s fix turns out to be.
Another useful improvement (along with giving the same priority to auto-join profile-based Wi-Fi networks as given to iPhones) is enhanced protection against presence-based data exfiltration; Accessory Security now also includes SD cards, further closing that line of attack.
One big problem that isn’t fixed relates to what to do with old Apple Silicon Macs when they reach EOL. Recent reports explained that many M-series Macs are being sent to landfill because companies removing them from their fleets forget to turn off Activation Lock.
While Activation Lock is a powerful protection for data held on enterprise machines, it has a cost in that if it is not properly removed there’s no easy way for a subsequent owner to use the system. This may get worse before it becomes better, as MDM Lock on Macs carrying the T2 Security Chip has been made even harder to undermine. That’s good most of the time, bad at those times I mentioned.
There are a handful of other small highlights for Macs, including more reliable software update scans for remote machines and improvements when using Xsan volumes of Cisco AnyConnect.
Some of the additional improvements in include the addition of Safari Web Push Notifications, the capacity to add pages to the Home Screen from third-party browsers, and tighter control around beta installations.
But I’m still quietly thrilled at the welcome reintroduction of page-turning animations in the Books app and, of course, the return of Matter support.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Copyright © 2023 IDG Communications, Inc.