The new macOS 10.15 Catalina is now available for Mac computers, bringing new MDM capabilities to Mac Admins and System Administrators. If you manage your corporate Mac computers using Mosyle Business, you are ready to go with all the new Apple mobile device management features made available with the new operating system.
If you prefer to delay the software update at your company in order to prepare your digital environment or even to run some tests, learn how to proceed with delaying the OS update on Mac computers here.
Read on to learn more about the new MDM capabilities made available with the macOS 10.15 Catalina.
Set up Customized Setup Assistant for Automated Device Enrollment
With the Customized Setup Assistant, you can now configure screens that will be displayed for the end-user before completing the Automated Device Enrollment process. This feature allows you to create web view screens with important information such as Welcome, Passcode, Agreement and Login pages. This will further enhance the user experience when the user is logging into the new Mac computer for the first time.
Along with iPadOS and iOS 13.1, the macOS 10.15 Catalina also supports the new lightweight form of managing Apple devices called User Enrollment. It’s designed for Bring Your Own Device (BYOD) as a way to give IT the ability to manage a limited set of configurations and policies associated with a user instead of managing the entire device. It also secures corporate data.
With User Enrollment, the IT department can install apps, configure accounts, and require a passcode per-app VPN, and enforce certain restrictions. Unenrolling the device will remove all organizational data and apps.
When selecting this option, the employee needs to access the Enrollment URL on Safari and use their Managed Apple ID to login to the device. The user then has access to both personal and school data without the possibility that their personal data will be viewed or modified by the IT administrator.
You can manage your BYOD program using Apple's User Enrollment and Mosyle. To learn more about what User Enrollment is, access our portal about this revolutionary enrollment method. You can also learn the step-by-step to get started using Mosyle and User Enrollment here.
New Features for Managing Mac Computers with macOS 10.15 Catalina
Allowed Bootstrap Token
The Bootstrap Token facilitates the process of login to the Mac computer for the first time while ensuring the device security. It eliminates an additional step when a network user is creating a Mobile Account on a Mac computer with an encrypted volume.
You can now choose to enable MDM-initiated Activation Lock, allow User-Initiate Activation Lock or Disable Activation Lock by navigating to the Device Info area. When choosing to Wipe Device using Mosyle, you can now choose to select the Disable Activation Lock when the device is enrolled in Apple Business Manager. By checking this option, the Activation Lock will be disabled on the device and the device will not be locked in the Activation Lock Screen asking for the user's Apple ID credentials.
Important note: Activation Lock on macOS only applies to Macs that have an Apple T2 Security Chip.
New Management Profiles for macOS 10.15 Catalina
Associated Domains profile
The Associated Domains management profile allows IT administrators to configure the domains to be associated with the application. You can configure the Associated Domains management profile, using this feature along with other MDM capabilities such as Extensible Single Sign-on, Universal Links, and Password AutoFill. This feature will allow the end-users to automatically login to different apps and websites.
Extensible Single Sign-On profile
You can now configure the Extensible Single Sign-On management profile, which can be used to log users into native apps as well as websites that support the new Extension authentication method.
Heads up: macOS domains should be managed with the Associated Domains management profile.
Now you can remotely install fonts on Mac computers using the MDM solution. Available for macOS 10.9+.
System Extensions profile
Now you can configure System Extensions configurations to be applied on your Mac computers, similar to how you configure Kernel extensions. Available for macOS 10.15 (Catalina) and later.
New Advanced Options on Management Profiles for with macOS 10.15 Catalina
Now you are able to configure new advanced options when creating the VPN management profile. You can select the options for the Encryption Algorithm and also the Diffie Hellman Group available now. You can also select the type of the server certificate with the Security options available for macOS 10.15 Catalina.
There's also the option to enable Fallback. By checking this option, you will be able to enable a tunnel over cellular data to carry traffic that is eligible for Wi-Fi Assist and also requires VPN. When configuring the management profile, you can now also set up the applications that can be accessed using the VPN.
Skip New Steps of Setup Assistant in Login Window
Now you can select to skip new steps of the Setup Assistant when the end-user is logged into the Mac computer.
You can configure new options when creating the Dock profile to be applied on Mac computers, such as double clicking a window’s title bar to none, maximize or minimize.
Software Update profile
With macOS 10.15+ Catalina you are able to select two new options when configuring the Software Update management profile. These include automatically installing app updates from the App Store (macOS 10.15+) and automatically installing macOS updates (macOS 10.15+).
With macOS Catalina, you now have a new option on the Restrictions management profile in which you can select to lock "Show recent applications".
With macOS Catalina, you are able to select more services when configuring the privacy of a selected application. These services include Desktop Folder, Documents Folder, Downloads, File Provider Presence, Listen Event, Media Library, Network Volumes, Removable Volumes, Screen Capture and Speech Recognition.
Now you can configure Wi-Fi security standard WPA3 when creating WiFi Authentication profile within Mosyle.
Content Caching profile
With macOS Catalina, you can allow new configurations for the Mac computer when setting up Content Caching, which include removing content from the cache when the system needs disk space for other apps, displaying status alerts and preventing the computer from sleeping while caching is on.
Security Info on Device Info
Now you can view the status of Security Info such as Secure Boot, External Boot and Microsoft Boot in the Device Info area to make sure that your Mac always starts up from a legitimate, trusted Mac operating system or Microsoft Windows operating system.