Published 2026-01-29 by TechNet New England
Apple's Worldwide Developers Conference 2025 included substantial updates to device management capabilities. For IT administrators managing Apple devices, these changes affect deployment workflows, security policies, and daily operations.
Platform SSO in Setup Assistant
The most significant change for enterprise deployments is deeper integration of Platform SSO into the Setup Assistant. Users can now authenticate via their company identity provider during initial device setup and are automatically enrolled in the organization's management infrastructure.
This means new employees can unbox a Mac, enter their work credentials at first boot, and have a fully configured, compliant device without IT needing to pre-configure anything. The authentication flow works with major identity providers including Okta, Azure AD, and Google Workspace.
Declarative Device Management Expansion
Apple's Declarative Device Management (DDM) framework received significant updates:
macOS Application Distribution
macOS apps and packages can now be distributed via Declarative Device Management - previously this was limited to iOS and iPadOS. Administrators can mark applications as required or optional on Macs with full feedback and control through MDM.
App Version Pinning
DDM now supports version pinning for App Store applications. Organizations can specify exact versions of applications to deploy, preventing automatic updates until IT has validated new versions.
Safari Configuration
Safari management expanded with declarative configuration for bookmarks and homepage settings, allowing IT to push consistent browser configurations across managed devices.
Apple Business Manager API Enhancements
Apple Business Manager received new service APIs providing structured access to:
- Device inventory data
- AppleCare status for individual devices
- MDM assignments
- Audit trails for device releases and reassignments
These APIs enable third-party tools to access device data directly from Apple, improving automation and reporting capabilities for IT teams managing large device fleets.
macOS 26 Tahoe Security
The upcoming macOS 26 (codenamed Tahoe) includes Platform SSO improvements:
- Authentication with Automated Device Enrollment during Setup Assistant for initial account creation with IdP credentials
- Platform SSO sign-in at the FileVault unlock screen
This means the corporate identity becomes the device identity from first boot through daily operation, simplifying password management and improving security.
visionOS Device Management
Apple extended MDM systems to visionOS devices, enabling organizations to manage Vision Pro with the same compliance standards as other Apple devices. This includes security policies, app deployment, and remote management capabilities.
Implications for IT Teams
These updates reduce the manual effort required for device deployment and ongoing management. Organizations should review their MDM solution's roadmap for supporting these features and plan updates to deployment workflows.
TechNet New England can help organizations take advantage of these new capabilities as they become available in MDM solutions.
Sources: Apple WWDC 2025 Platform State of the Union, Cortado Enterprise Blog, Apple Developer Documentation