Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Healthcare & Biotech
Startup
Growth
Enterprise
Resources Hub
Kandji Blog
Customer Stories
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
WWDC 2025: What Changed for Apple Device Management
Kandji Team
Each year, Apple’s Worldwide Developers Conference (WWDC) offers a glimpse into the future of the Apple ecosystem. For IT and security teams managing Apple devices at scale, the real value of WWDC lies beyond the keynote - in the developer sessions and enterprise updates that chart the path forward.
To help IT teams understand what these updates mean in practice, Kandji’s Principal Solutions Engineer Arek Dreyer hosted a discussion with Kandji product leaders Mike Boylan (Principal Product Manager), John “JR” Richards (General Manager, Device Management), and Adam Henry (Senior Product Manager). Together, they unpacked Apple’s announcements and identified what matters most for teams managing Apple devices. Watch their reactions below.
Let's dive into a closer look at the themes and features shaping Apple management in the year ahead.
A New Era of Consistency: Unified OS Versions
One of the most visible changes this year is Apple’s move to unify version numbers across platforms. With macOS, iOS, iPadOS, and others now sharing the “26” label, conversations about compatibility, scripts, and support workflows are poised to get simpler.
Paired with the debut of the “Liquid Glass” design language - the first major visual overhaul in more than a decade - this update marks a clear generational shift across the Apple ecosystem.
Platform SSO Comes to Setup Assistant
For organizations pursuing zero-touch deployment, Apple’s changes to Platform SSO are some of the most consequential in years. Identity workflows that once required multiple steps post-enrollment are now being pulled into Setup Assistant itself.
This includes:
- Single-use IDP authentication during initial setup
- Automated local account creation
- Platform SSO registration before reaching the desktop
That full-stack experience transforms Platform SSO from a promising concept to a practical solution for modern Apple identity. “It’s almost like a triple sign-on,” said Boylan. “You’re able to register for Platform SSO, sign in to your managed Apple account, and get into your Mac.”
The update also introduces Authenticated Guest Mode and Tap to Login, both of which open new possibilities in shared-use environments such as healthcare, labs, and education.
Declarative Device Management: Now the Default
Apple made it clear that Declarative Device Management (DDM) is no longer just a forward-looking framework but the future of Apple device management. While past updates gradually introduced DDM support across platforms, this year’s announcements position DDM as the path to many of Apple’s most powerful new capabilities.
Key upgrades include:
- Version pinning for App Store apps
- Arbitrary app configuration key-value pairs
- Managed identity support in apps
- Expanded platform support for tvOS and VisionOS
- First-party app deployment with DDM parity—and enhancements
DDM now exceeds the capabilities of legacy MDM in many areas, offering improved reliability, reduced server-side logic, and greater flexibility. With this update, Apple has officially deprecated the legacy MDM software commands and queries, marking a full transition to DDM for software update workflows across all major platforms.
The move is not just technical. It reflects a shift in philosophy: giving devices more autonomy and making management more resilient by design.
Return to Service: Reprovisioning, Reinvented
Apple’s Return to Service (RTS) enhancements are another major development. Admins can now wipe a device, maintain Wi-Fi connectivity, and restore apps from a snapshot - all without manual intervention.
For high-turnover environments or devices that need frequent reprovisioning, this reduces downtime and support effort significantly. RTS now supports:
- Preserving Wi-Fi profiles post-wipe
- Automatic MDM re-enrollment
- App persistence and redeployment from a pre-staged snapshot
- Now supported on visionOS, enabling RTS workflows on Apple Vision Pro
RTS also plays a role in Apple’s new migration capabilities, enabling device moves between MDM platforms with minimal disruption.
Migrations and ABM
Device migration is now supported natively within Apple Business Manager (ABM) and Apple School Manager (ASM) for devices running version 26 or later.
Admins can initiate MDM migrations directly from ABM, using a first-party flow that integrates with Setup Assistant. It’s a development that benefits the entire ecosystem and underscores Apple’s commitment to enterprise-grade management.
Additional ABM improvements include:
- New APIs for device attributes and AppleCare warranty data
- Federated authentication visibility—know which users have managed Apple IDs
- Granular RBAC controls for the device manager role
- MAC address availability for iOS devices
Identity and Security: A Step Closer to Passwordless
In addition to streamlining login flows, Apple expanded its investment in identity and security. Support for Secure Enclave-backed authentication and phishing-resistant credentials moves Apple closer to a passwordless future.
While passwords remain part of the equation for now, the shift toward hardware-backed, low-friction identity is clear. And it’s increasingly first-party.
Audio Accessory Management for Shared Devices
New in iOS and iPadOS 26, supervised devices can now temporarily pair AirPods and Beats accessories using a new MDM configuration - without syncing to iCloud.
- Pairing info is auto-removed daily with customizable timing.
- Users can convert temporary pairings to permanent ones via a new setting.
This feature supports shared-device environments like classrooms and shift work without compromising personal accessory use.
Safari, Spotlight, and User Experience Updates
Apple also introduced several quality-of-life improvements that, while not strictly enterprise features, have implications for IT:
- Safari management at scale, including bookmarks and extensions
- Spotlight enhancements, with context-aware results and clipboard history
- Spam call and message filtering to reduce distractions and risks
- Messaging, calling, and browser app controls via MDM, with new restrictions to prevent user overrides
These updates contribute to better user experiences and potentially fewer help desk tickets.
Apple Intelligence and Management Controls
Apple Intelligence, Apple’s on-device AI suite, was a keynote highlight. For IT admins, the key takeaway is control: nearly all Apple Intelligence features will require supervision, and Apple has provided corresponding MDM restrictions.
Organizations concerned about data use, security, or user access to AI features will have the tools to configure Apple Intelligence appropriately for their environments.
Looking Ahead
With so many high-impact changes - especially around identity, DDM, and migration - this year’s WWDC may be one of the most admin-focused to date.
The Kandji team will continue to explore these updates in greater depth in the coming weeks. For now, it’s time to test the betas. As Dreyer emphasized in our Kandji panel, early feedback is critical:
“This is the most important time to test. Don’t wait for beta 4, Apple wants to hear from enterprise IT teams early in the process.”