WWDC 25: What’s new for Apple and the enterprise?

Beyond its new Liquid Glass UI and other major improvements across its operating systems, Apple introduced a hoard of exciting-seeming changes, tweaks, and enhancements for IT admins at WWDC 2025. These include updates and improvements for Apple Business and School Manager, device and identity management, device enrollment, identity, and shared devices.

It’s important to understand the extent to which all these enterprise-focused changes show that Apple understands it is an enterprise player and wants to ensure its devices are both enterprise ready and consumer simple.

[ Related: Apple WWDC 2025: News and analysis ]

For most people using an Apple device at work, the only interaction with device management will be when they first login to the device. After that, the process is more or less invisible. Here’s my cherry-picked collection of important changes the company introduced at this week’s developer show.

What’s new in Apple Business Manager and Apple School Manager?

Apple Business Manager (ABM) and Apple School Manager (ASM) are foundational services that work with MDM solutions, enabling IT to configure and manage devices, accounts and apps. Apple delivered a few improvements, principally around Managed Apple Accounts. It also introduced new ABM and ASM APIs for organizations that enable additional device management features.

Managed Apple Accounts are like any other Apple account, with the exception that they are managed by IT. Apple introduced the ability for IT to lock their domain and take ownership of Apple Accounts created with that domain at WWDC 2024. This year, the company promised admins they will soon be able to download a list of personal Apple Accounts held on a domain, which can help them more easily contact users to get them properly authorized and provisioned.

Apple also expanded Access Management so it’s now possible to prevent personal Apple Accounts from being used to sign into organizationally owned devices. The intention here is to attempt to limit data leakage by ensuring only work accounts are used on work devices.

What’s new in device management?

The company has been widening the information IT can yield from across their managed device fleets. In the last few months, Apple has made it possible to review Activation Lock status, device storage, and cellular information including IMEI and EID. At WWDC, execs said Apple would expand the information to show when devices are released from MDM and will add Mac addresses for Bluetooth and Wi-Fi on the iPhone and iPad later this year. The latter is of major importance for organizations that must manage network access. 

In another fine tweak Apple got me into, AppleCare coverage information is also now available to device management, meaning admins will be able to review that information from their remote management console.

Together, these improvements mean IT will be able to query information about groups of devices, assign them to MDM services, get activity status and more — all thanks to those newly-introduced ABM and ASM APIs. Additional device management updates include the ability to set default apps for messaging and calling, ways to limit use of FaceTime and Messaging to a SIM, an allowance to enable temporary use of AirPods or Beats headphones, and a few more tweaks.

Automated Device Enrollment

Apple has extended Automated Device Enrollment to its Vision Pro headset and made it possible to add Vision Pro devices to your managed device stack using an iPhone and Apple Configurator. For other devices, Apple has added a feature that lets IT admins use their MDM server to enroll devices into their fleet via ABM or ASM. Finally, Apple now permits management of Apple TV and Vision Pro devices (including app and software updates) using Declarative Device Management.

Migration songs

The device management market continues to expand, and as it does, customers have begun moving between different MDM providers. Until now, moving to a different partner was a pain, requiring devices be fully wiped or that the end user engage in a troublesome manual process.

Apple felt your pain point and has introduced device management migration support in ABM and ASM, which lets IT reassign an Apple device to a new service. IT can also set a deadline by which migration must be completed (and migration can be automated if the user does not). While a few hurdles still exist, including app and device configurations, Apple’s improvements should make it much easier to shift between different device management providers.

Shared devices

Apple’s Return to Service system makes it much easier to share devices between users, with default apps and configurations re-applied each time a device is passed across. Apple has improved this in a few ways: Return to Service now also supports shared use of Vision Pro, including app preservation and deployment, making this useful for shared work; similarly, the iPhone and iPad can preserve managed apps when they are reset, though user data is wiped.

Do you share your Mac at home? You might at work, so Apple has introduced Authenticated Guest Mode; it lets users log into a Mac using their cloud identity. Once they finish their session, personal data is wiped, and the Mac ready for the next user. Apple has taken this a step further, enabling users to securely login to a shared (and properly configured) Mac with a tap of their iPhone or Apple Watch, or by using an NFC reader. I expect this will work well in schools, universities, healthcare and retail environments.

App Management

Turning out focus to some of the enhancements to app management: the new Managed App framework for iPad, iPhone, and visionOS lets organizations deploy app configurations, including certificates and identities, on managed devices. Among other improvements, IT can now limit apps to specific app versions if they want to control the update cadence. On macOS Tahoe, App Store apps, custom apps, and packages can be deployed using Declarative Device Management. (Developers can also use a new ManagedApp framework when building apps.) IT can now manage Safari to ensure bookmarks are in place and an employee or school portal can be set as the Safari start page.

Identity, it’s the answer don’t you see?

Apple has improved Platform SSO, bringing this into Setup Assistant during Automated Device Enrolment. This means that when a user is setting up a new Mac, they will be asked to authenticate using SSO. Once signed in, they will be enrolled into device management and can also be enrolled in their Managed Apple Account, depending on how IT has set things up.

The result is that a user can receive a Mac, start it up, login with their provisioned ID, and watch as the Mac is configured, device management put in place, and approved apps downloaded to their machine — including all their email IDs.

Bit by bit, year by year, WWDC by WWDC, setting up a Mac for work seems is getting even simpler than setting up a brand new Mac at home. That’s a big deal — one that will probably keep those hard-working business teams at your local Apple retail store busy.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.