Today, I will explore the details of Intune Fully Supports iOS iPadOS 18 and macOS 15 New Features. Day-zero support, also known as same-day support, confirms that software solutions are compatible with the latest operating system versions when those updates are accessible to the public.
According to a recent Apple announcement regarding the release of iOS/iPadOS 18.0 and macOS 15.0 Sequoia, Microsoft Intune has made significant attempts to ensure day-zero support for the latest operating systems. They are committed to revising their service and introducing new features to support the latest OS versions.
After the release of iOS/iPadOS 18, Intune will not support Apple User Enrollment with Company Portal. In iOS/iPadOS 18, Apple will no longer support profile-based User Enrollment, and Microsoft will end support for Apple user enrollment with Company Portal.
As a result, an alternate management method for enrolling devices is suggested to achieve similar functionality and an improved user experience. This post will discuss the alternate management methods for Day-Zero Support for iOS/iPadOS 18 and MacOS 15, as given below.
Table of Contents
What are the Consequences of Existing Devices and Profiles?
After Intune ends support for User Enrollment with Company Portal, existing devices will not be affected and will continue to be enrolled. However, users will no longer be able to enrol in new devices if targeted with this enrollment type profile. With this method, Intune technical support will be available only for existing devices enrolled, and no support will be provided for new enrollments.
Alternate Management Method for Enrolling Devices
Account-driven user enrolment and web-based device enrollment are the two alternate management methods for enrolling devices. Account-driven user enrolment offers a quicker and more user-friendly enrollment experience than the Company Portal enrollment.
The new web-based device enrollment for iOS/iPadOS offers a more straightforward and efficient process, ensuring a continuous onboarding experience.
- IOS IPadOS ADE Enrollment Profile Authentication Method Company Portal Removal From Intune
- Best Enhancements in Microsoft Intune to Manage Apple Devices
- How To Get Intune Environment Ready For IOS Mac OS Devices
Intune Fully Supports iOS iPadOS 18 and macOS 15 New Features and Enhancements
Microsoft has supported data-driven infrastructure to provide day-zero backing for new settings released by Apple. The Apple settings catalog now supports the latest iOS/iPadOS and macOS settings for declarative device management (DDM) and mobile device management (MDM). This ensures your team’s devices are ready for Day-Zero Support for iOS/iPadOS 18 and macOS 15.
Declarative Device Management (DDM)
Declarative Device Management enhances device management. It agrees that devices should apply settings and report status to the MDM solution without regular polling. It also ensures data security with no internet connectivity.
Let’s check what are the new settings available for DDM:
New settings available for DDM | Specifications |
---|---|
Disk Management | External Storage Network Storage |
Safari Extension Settings | Allowed Domains Denied Domains Private Browsing State |
Software Update Settings | Allow Standard User OS Updates |
Software Update Settings > Automatic updates | Allowed Download Install OS Updates Install Security Update |
Software Update Settings > Deferrals | Combined Period In Days Major Period In Days Minor Period In Days System Period In Day Notifications |
Software Update Settings > Rapid Security Response | Enable Enable Rollback Recommended Cadence |
In the forthcoming September (2409) release of Intune, new DDM settings will be established:
- Calculator
- Basic Mode
- Add Square Root
- Scientific Mode – Enabled
- Programmer Mode – Enabled
- Input Modes – Unit Conversion
- System Behavior – Keyboard Suggestions
- System Behavior – Math Notes
MDM (Mobile Device Management)
Apple has always presented tools for businesses and schools to meet organisational needs. The MDM (Mobile Device Management) is necessary for controlling devices and is combined directly into macOS, iOS, and TVOS. The current MDM protocol is reactive and imperative.
New settings for MDM, including
- Extensible Single Sign On (SSO) > Platform SSO
- Authentication Grace Period
- Login Policy
- FileVault Policy
- Unlock Policy
- Non-Platform SSO Accounts
- Offline Grace Period
- Extensible Single Sign On Kerberos
- Allow Password and SmartCard
- Start In Smart Card Mode
- Identity Issuer Auto Select Filter
- Restrictions
- Allow iPhone Mirroring, ESIM Outgoing Transfers, Image Wand, Personalized Handwriting Results, Writing Tools, Video Conferencing Remote Control, Genmoji and Image Playground.
- System Policy Control
- Enable XProtect Malware Upload
In the upcoming September (2409) release of Intune, new MDM settings will be introduced:
System Extensions | Web Content Filter |
---|---|
Non Removable System Extensions | Hide Deny List URLs |
Non Removable System Extensions UI |
Updates to ADE Setup Assistant Screens within Enrollment Policies
ADE, which stands for Automated Device Enrollment, was formerly known as the Device Enrollment Program (DEP) by Apple. ADE enables you to enrol multiple iOS/iPadOS/macOS devices without a user interface and configures the devices to be in supervisory mode. After enrollment, users cannot remove the enrollment profile, and the only supported method to exit enrollment is to wipe the device.
In the September release (2409) of Intune, administrators can display or hide six new Setup Assistant Screens when making an Automated Device Enrolment (ADE) policy. These screens will involve three macOS Skip Keys and three iOS/iPadOS, and they will be available for existing and new enrollment policies.
Six New Setup Assistant Screens | Description |
---|---|
1. Emergency SOS (iOS/iPadOS 16+) | The IT admin can show or hide the iOS/iPadOS Safety (Emergency SOS) setup pane demonstrated during Setup Assistant. |
2. Action button (iOS/iPadOS 17+) | The IT admin can show or hide the iOS/iPadOS Action button configuration pane displayed during Setup Assistant. |
3. Intelligence (iOS/iPadOS 18+) | The IT admin can show or hide the iOS/iPadOS Intelligence setup pane displayed during Setup Assistant. |
4. Wallpaper (macOS 14+) | The IT admin can show or hide the macOS Sonoma wallpaper setup pane displayed after an upgrade. If hidden, the Sonoma wallpaper is set by default. |
5. Lockdown mode (macOS 14+) | The IT admin can show or hide the macOS Lockdown Mode setup pane displayed during Setup Assistant. |
6. Intelligence (macOS 15+) | The IT admin can show or hide the macOS Intelligence setup pane displayed during Setup Assistant. |
Updates to Supported vs. Allowed Versions for Devices without a Primary User
Microsoft has updated the model for enrolling devices without a primary user (user-less devices) in supported OS versions to preserve the security and productivity of enrolled devices. The support statements now include the iOS/iPadOS 18 changes and the upcoming macOS 15 releases.
Resources
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.