Apple is notorious when it comes to sharing information, but there is no hiding the fact their enterprise market is growing year after year. In 2015 Apple announced the enterprise market was worth $25 billion , by 2019 this had grown to $40 billion . In recent years they have established partnerships with IBM , Cisco  and SAP . So it comes as no surprise that macOS Catalina, the latest version of macOS, contains a host of new features that help the enterprise.
In this article we’ll take a look at three of them.
macOS Catalina and user enrollment bring a new level of control for BYOD environments.
An organisation can create managed Apple IDs for their users and have them enroll their device into Mobile Device Management using those Apple ID. This allows them to use both their Apple ID and the managed Apple ID on their device.
It goes well beyond that too. Device information such as the serial number MAC address or IMEI number, is kept private.
When apps are issued to the user, they are separated from the user's own apps, allowing the IT team to manage only the apps they issue.
When the device is unenrolled, the apps are removed from the device along with any data associated with them.
The coolest feature, when user enrollment is used, is that a separate APFS volume is created for the MDM managed apps. This keeps the company’s data and user’s own data separate; including mail, contacts, keychains and iCloud data. When the user unrolls the device the APFS volume used for the organisation data is erased, thus ensuring the integrity of the company-owned data.
Read-Only system volume
macOS now supports a read-only system volume. Well, when I say ‘supports’, it’s actually mandatory! Having a read-only system volume provides an extra level of security on your Mac. This is done by only ever allowing macOS to change the core operating system. For those who know System Integrity Protection, you can think of this as SIP 2.0.
When you upgrade to macOS Catalina or perform a clean install, two APFS volumes are created. The first is the volume for the operating system and built-in apps. The second is used for user data, downloaded apps and anything else that is that is not part of the core operating system.
The operating system volume looks like any other macOS volume. Assuming you follow the Apple tradition of naming it ‘Macintosh HD’, that’s exactly how it will appear. The second volume will be named after the system volume with '- Data’ appended. So don’t be alarmed if you see ‘Macintosh HD’ and ‘Macintosh HD – Data’ in disk utility.
This of course could become very confusing for the user if they had to work out where they are supposed to store data. But it’s a simple solution – macOS handles it all for you! In Finder you’ll only see a single volume, most likely named ‘Macintosh HD’. This will appear exactly as it has before on macOS. Users will still store their data in their home folder and apps still get installed in Applications. macOS manages the files using 'Firm Links‘. This means a file stored in the ‘Data’ volume will appear as if it’s stored on the read-only volume, meaning the user does not have to learn a new way to manage data.
Find My is one of the best new features of macOS, and its best feature is one you’ll hopefully never have to use.
Find My merges Find My Mac and Find My Friends in to one app, but that’s not the best part. Find My allows you to find the location of a device even if it’s not connected to a network and, if it’s a notebook, even when the lid is closed.
All Macs running macOS Catalina, iPhones running iOS 13 and iPads running iPadOS 13 will be able to take advantage of the Find My features. When enabled, Find My generates a Private Key and shares that key with all other devices signed in to the same iCloud account. Once running, Find My uses Low Energy Bluetooth to send out the Public Key to nearby Apple devices. Those devices will wrap their location with the Public Key and send it to Apple. Should you ever lose or misplace your device, the Find My app allows the devices location to be discovered. It will do this by downloading the encrypted location ‘tokens’ from Apple and decrypt them using the Private Key.
People will have initial concerns when they read their devices are transmitting its location to Apple. This could be concerns about privacy, data usage or even battery usage. Apple have ensured that no personal information is transmitted, only the location of the device. The amount of data transmitted to Apple is so small it will not make a dent in any data allowance. As it’s using Low Energy Bluetooth, there will be no noticeable difference in battery life.
Knowing you can find your Apple device even when that device has no internet connection is a great feature.
With Find My, User Enrollment, and Read-Only system volume, businesses can protect their data and devices in ways never possible before macOS Catalina.
At QA we have written our Apple courses with the enterprise in mind. Attending a QA authored Apple course equips IT staff with the tools needed to support Apple in the enterprise.
Scott has been in the IT service industry for over 30 years (including with QA for over 20 years) and since 1998 as a technical instructor specialising in Client/Server environments, mobile device management and network Infrastructure. As QA’s Principal Technologist for Apple, Scott heads up QA’s Apple technical training ensuring we are able to offer training in the latest Apple environments, authoring QA courseware in the Apple space and presenting at seminars on subjects such as Apple in the enterprise and Mobile device deployment strategies. As an IT specialist he spends a great deal of time looking at where the IT industry is going and what major changes are on the horizon from the Client/Server, mobile device & network infrastructure point of view and see how this will affect the industry. As a trainer he spends time looking at the latest training ideas and how they could fit within QA, that latest of which includes extending QA’s Attend from Anywhere to Apple training. Areas of expertise: Apple Client/Server, Apple Mobile Device management, Microsoft Client/Server & Network infrastructure.