WWDC 2025: Apple's Big News for Device Management (and what it means for your Intune!)

Apple continues to improve its device management framework, making it more powerful and flexible. Let's dive into the most relevant points that will impact your MDM operations.

1. Apple Business Manager (ABM) & Apple School Manager (ASM) – More Control and Automation!

Apple's service platforms, ABM and ASM, received significant enhancements that promise to simplify day-to-day operations.

• Blocking Personal Accounts on Corporate Devices: One of the biggest and most anticipated new features is the ability to prevent personal Apple Accounts from being used on organization-owned devices managed via ABM or ASM. This is a huge win for security and compliance, ensuring that only work accounts are used on work equipment. Best of all: this applies to all devices in your organization and has no MDM dependency!

• New Service APIs for ABM/ASM: Get ready for more automation! Apple introduced APIs for ABM and ASM, allowing you to programmatically interact with device inventory data and MDM server assignment. This opens doors for custom integrations and automation of tasks that previously required manual intervention or complex scripting outside of MDM.

• Simplified MDM Migration: No more headaches! It's now possible to move an iPhone, iPad, or Mac between different MDM servers directly via ABM or ASM without the need for a full device wipe. This is a game-changer for mergers, acquisitions, or when you need to migrate from one MDM to another (e.g., consolidating to Intune!). You can even set a deadline for the migration, and the user will be guided through the process.

• Enhanced Account-Driven Enrollment: Registering BYOD (Bring Your Own Device) or COPE (Corporate-Owned, Personally-Enabled) devices just got easier. Intune will be able to configure the service discovery URL, which means that if a device cannot find an endpoint on your domain, it will check with Apple Business Manager or Apple School Manager to complete the enrollment.

2. Declarative Device Management (DDM) – The Future is Now!

Apple continues to push Declarative Device Management (DDM) as the primary way to manage configurations, and WWDC 2025 expanded its reach.

• Software Updates on Vision Pro and Apple TV: The robust software update functionalities via DDM, already loved on iOS/iPadOS/macOS, now come to Vision Pro and Apple TV. This includes controlling update deferrals, cadence, and deadlines for updates. The older MDM software update management method is being deprecated, reinforcing the need for MDMs (like Intune) to adopt DDM.

• Safari Management with DDM: All Safari settings (bookmarks, default homepage, etc.) are now managed via DDM. This simplifies browser configuration management across your device fleet.

• Return to Service with Preserved Apps: Great news for shared device environments (retail, healthcare)! Now, when using "Return to Service" on iPhone and iPad, managed apps can be preserved while user data is wiped. This significantly reduces downtime between users and saves bandwidth in network-constrained environments. Vision Pro also gained a new "Reset for Next User" option in Control Center and from the lock screen.

3. App Management – Granular Control!

Control over apps is sharper than ever.

• Per-App Update Control: On iOS and iPadOS, managed app configuration now offers options to define update behavior on a per-app basis. You will be able to enforce or disable automatic app updates and even pin apps to a specific version. This is crucial for mission-critical apps that require validation before being updated.

• DDM for Apps on macOS Tahoe: The deployment of App Store apps, custom apps, and packages on macOS can now be done using Declarative Device Management. This ensures real-time installation status.

4. Identity Integrations – More Simplicity and Security!

Authentication and access are increasingly integrated and frictionless.

• Platform SSO in Setup Assistant: For Macs in one-to-one deployments, Platform SSO (PSSO) is now integrated into the Setup Assistant during Automated Device Enrollment. This means users are prompted to authenticate with their identity provider (like Azure AD for Intune) right at the beginning, drastically streamlining the initial setup process.

• Authenticated Guest Mode for Shared Macs: For shared Macs, a new "Authenticated Guest Mode" allows users to log in with their cloud identity (Azure AD) directly from the login window , and all session data is wiped upon logout.

• Tap to Login on Mac: Imagine your users tapping their iPhone or Apple Watch on the Mac to log in instantly! This is possible with "Tap to Login" for Macs configured with Authenticated Guest Mode. Perfect for environments like education, retail, and healthcare.

What does all this mean for Intune?

These WWDC 2025 updates represent a significant advancement in Apple device management. For us, Intune administrators, this means that Microsoft will have the opportunity to integrate these powerful new functionalities into its solution. Keep an eye out for future Intune updates, as the adoption of DDM, the new ABM/ASM APIs, migration capabilities, and identity improvements promise to make managing Apple devices even more efficient, secure, and automated.

Apple is clearly investing heavily in tools that empower IT teams, and these new features are a big step in that direction!

Useful Resources:

• Apple Developer Documentation: https://developer.apple.com/

• Official Apple Newsroom coverage: https://www.apple.com/newsroom

• What’s new in Apple device management and identity: https://developer.apple.com/videos/play/wwdc2025/258/

Subscribe to our newsletter

Stay in the Loop – Join Our Newsletter