Apple in the Enterprise: The complete 2025 commentary
Every year we ask the Apple IT/Mac admin community for their opinions about how Apple fared in past 12 months. You can read our 2025 Enterprise report card for the average scores and some juicy quotes. But if you want to read all the comments from the panelists who were willing to share in public—all 25,000 words of it—who are we to stand in your way? They wrote it, you read it. That’s how this works.
Onward.
Programs
Andrew Laurence: Apple School/Business Manager’s next frontiers are: granularity in rights apportioned to roles, custom roles, the ability to auto-assign rights to members of federated identity groups, the ability to create saved device groups, and the ability to auto-assign device groups to specific MDM tokens.
John Wetter: I think we’ve continued to see improvements here, though many changes in these services this past year were nomenclature updates. The big improvements were in continued rollout of DDM, though odd decisions like not utilizing DDM for Apple Intelligence settings were out of place. If your organization hadn’t moved to federated Apple Accounts yet, more roadblocks were removed to help make this happen. Platform SSO continues to progress, likely as one of the biggest “under the radar” moves in some time, though it is still baffling why as a large organization purchasing devices directly from Apple, we can’t require device enrollments the first time through, and require and restrict Apple Account domains on an organization owned Mac.
Robert Hammen: It’s been an up-and-down year for Apple in the Enterprise. Apple Business/School Manager got some great features (the ability to remove activation lock for devices in ABM/ASM), but there’s still no API for getting info/assigning/managing/releasing devices. And it’s had its share of outages/downtime/things not working.
Joel Housman: My experience is primarily with Apple Business Manager. I have noticed small ways they’ve continued to make improvements and appreciate their improvements.
Casey Jensen: Apple still struggles with considering the enterprise in approach to new features and controls. Often, their response is to release a feature, realize enterprises are disgruntled about the gaps presented by the feature, and then deliver subpar controls to disable the feature altogether at a later time, although generally, they at least build controls during a beta release cycle. Apple had a major miss with the release of Sequoia and bugs in the re-architecture of the macOS Firewall with network extensions. These bugs were prevalent up until the maximum deferral timeline, and left enterprise scrambling about what to do regarding the experience up until the release. They provided no release notes throughout the release about the re-architecture of the firewall or to suggest to enterprises to focus on testing this change. They are still too hidden/guarded about what they’re changing, which poses real risk to enterprises that rely on their OSes.
Gabriel Sterritt: Key time saving efficiency improvement by allowing activation lock to be removed in AxM!
Brian LaShomb: Apple’s Business Manager and it’s reseller and MDM integrations work well, but it would be nice to have customer facing APIs for removing and adding company-owned assets. Apple Configurator and physical access to devices are still required to add devices into ABM, one at a time.
Mark Lynch: I feel like little positive movement has been had on the pain points and nice-to-have wishes of Apple device management, with some serious key regressions.
Chris Carr: Managed Apple ID is almost there. Maybe close enough for us to consider adopting (cause it can be a hassle or so I understand)
Fluffy Bunny: the lack of tools for enterprise with Apple AI is a joke
Johnathan Brown: Apple’s track record for not providing any enterprise functionality, ignoring feedback, and then reluctantly (when they want to) giving permissions feels half baked. Enterprise management over certain features needs to be a priority consideration and not an after thought if they want more confidence in leadership to approve Apple purchases in the future.
Alex M: Device enrollment and VPP continue to “just work”. Our organization moved to genuine zero touch deployment for devices – it works, every time, on macOS. Windows, not so much.
Martin Piron: Being able to turn off “find my” from ABM is great.
TJ Draper: As a manager of an all Mac team working on web technologies, the enterprise management of our Macs can be a little weird and clunky and leaves something to be desired. However, it’s actually better in many ways than the Windows side of the world, so, it gets a middling grade from me.
Chris Pommer: We were mostly in a holding pattern this year (not much new hardware or employee churn), so we didn’t have a lot of interaction with ABM and MDM (Jamf).
Rod Christiansen: Apple School Manager continues to be limited but useful. The biggest gap for me is the lack of a proper API so I can connect to my operations and create automations. Everything is GUI based. Migrating device(s) between MDMs is all done in the GUI only. I would love to have that when a device is added to my ASM with ADE I could have the serial number, order number, supplier info, everything that is available in ASM sent to my own inventory system (Snipe-IT) with API calls. I had to create a system for that with my vendor CDW. Apple School/Business Manager should have this capability.
Karsten Macweazle Fischer: Fine
David McMonnies: The T&Cs change around byod devices for education with ASM was a good one, and will help facilitate movement towards fully managed devices in education scenarios. The changes to allow greater functionality with managed apple accounts is also a net positive.
Anthony Reimer: Still no Apple Business Essentials outside the US.
Luke Charters: Being able to disable a device’s Activation Lock from Apple Business Manager/Apple School Manager is a much-welcomed feature that has saved us a lot of time and inconvenience already. However, I do have to say ABM/ASM really needs an API at this point. Being able to programmatically change a device’s assigned MDM server, move App licences between locations, and renew MDM and Content tokens would be a major benefit to many organisations. We can automate an incredible amount of our device workflows now and the fact that all of the steps involving ABM/ASM need to be manual really stands out, and not in a good way.
Michal Moravec: We appreciate the new features in Apple Business Manager, such as the visibility of IMEI and EID identifiers, the ability to turn off Activation Lock, and the actual migration of Personal Apple Accounts to Managed Apple Accounts when claiming a domain for federated authentication. We are still awaiting the first-party integration with Okta, which was announced almost two years ago. It is possible to integrate ABM with Okta via a custom integration but it is almost certain Apple will release their own integration shortly after we implement the custom one. It would be beneficial if ABM could serve as a user and group directory for the Apple Developer Program. In our environment, it would make perfect sense to manage users and roles from a single location.
Craig Cohen: This year feels like an evolution not a giant leap. Managed Apple account changes strategically makes sense but the implementation has left a lot of organizations unprepared, ill informed, and frustrated.
John Mahlman: Some welcome changes in the last year for enterprise customers. The updates with ABM and Apple Accounts have been a long time coming. I would like to see a little more options for automation and filtering.
Marian Albers: Still left a lot of space for improvements but clearly the focus isn’t enterprise environments
Chris Chipman: What I see from Apple is very incremental improvement. Its slow but more and more they are acknowledging the need for Enterprise deployment, management and procurement services. Apple still remains very much consumer centric and frankly still way behind the world in providing enterprise tools for mac management. One case in point is Apple Remote Management, which effectively only works inside a private network and so requires things like Teamviewer and other third party apps. While they are dipping their toes into MDM, services like Kandji and JAMF are light years ahead. Better integration (user syncing) with popular SSO platforms like Okta and Jumpcloud are still just gleams in our eye.
John Welch: Apple IDs are much improved, but still a bit of a mess. I would love to see an enterprise IT documentation site, even if it means duplicating information from the dev site, it would improve the organization of that information.
Jeremy Bodokh: Still a great experience but DDM was not really improved with iOS 18
Christopher Cook: Apple has added long-requested features like Activation Lock removal to Apple School/Business Manager, and continues to push ahead with making managed ID’s more practical, even adding the ability to migrate existing accounts with institutional domains (@campus.edu) to managed accounts during the transition. However, App/book management remains neglected. Deploying managed apps purchased through the App Store is still a major pain point. There remains a shroud of mystery around when apps will trigger to install, and there are no patch management controls for these apps.
Tom Bridge: Apple’s Enterprise Programs — and especially Apple Business Manager – remain critical for IT Admins everywhere. The work to make ABM a stronger and more reliable platform has definitely paid off. Apple’s published another strong round of device management APIs in the summer of 2024, however it’s difficult to see how th
Dennis Wurster: I’d like to see a first-party training track for sysadmins.
Mike McLean: I did not see any significant improvement or progress.
W. Andrew Robinson: This year seemed to be mostly a ‘solid’ if uneventful one for Apple’s Enterprise efforts, and I would have bumped up one more number for that except for a continued struggle MDM vendors seem to have with Managed Apple Accounts (neé ‘Apple IDs) on macOS — a still-shocking contrast to how this is implemented on iOS in my opinion. ABM saw some welcome improvements but in other areas I feel the year was more flat or ‘maintenance-y’ with respect to new advances, which informed my evaluation. There were some improvements for Apps & Books (aside from the still-silly name), MDM improvements like Declarative Device Management (DDM) and others. Really wish they’d do some more work on MAAs though!
Morgan Schönberger: It is a welcoming change to see the if Activation Lock is enabled from within Apple Business Manager, and also the possibility to change that setting (if it gets enabled after the feature released). Having to answer a four page questioner every year for a renewal for the Developer Enterprise Program brings unnecessary uncertainty. This brings a lot of stress to departments whose main purpose is to support the core business instead of keeping up with what Apple is doing these days.
Erik Kramer: Seeing improvement in functionality in managing Apple Accounts, Federating, etc, but still run into hiccups time and again.
Justin McMahan: Apple Business Manager and its integration with MDM providers like Jamf Pro make it really important for app deployment and updates in our organization’s environment.
Nicolas Wendlowsky: Apple is continuing to show signs of better Enterprise support and feature enhancements, though I don’t think they are prioritizing the most-asked for features (API for Apple Business/School Manager?). Their cloak-and-dagger approach to upcoming features is endlessly frustrating; there’s no customer benefit to hiding literally everything until release day.
Trevor Sysock: The new ABM features for migrating Personal to Managed Apple Accounts as well as the Activation Lock removal were much needed. Fantastic additions.
Dennis Logue: The mandatory switch to using Claris as an intermediary for the sync between our Student Information System and Apple School Manager was a big negative this year. I haven’t seen anything benefit to our organization for the extra complexity this change created.
Guillaume Gete: There have been really great improvements, especially in managing Activation Lock from Apple Business Manager which was a huge win. Also, the fact that now it’s possible to migrate standard Apple Accounts to Managed Apple Accounts is a good thing. However, I still find incredible that it’s still impossible to order in-app purchases with VPP, making many apps unavailable. The lack of APIs to communicate with Apple Business Manager is sometimes stingy, too.
Mike Wells: Apple’s enterprise programs are robust, built out, and supported well, but key limitations of these programs (such as the prohibition of Quick Start device-to-device transfers for managed devices, as well as limitations of what users can do with managed Apple Accounts) continue to make acceptance and rollout in small-to-medium organizations such as my company difficult.
Bryan Heinz: I can’t rate Apple more than a 3 here since we still can’t purchase in-app purchases and subscriptions using the volume purchase program. This is decade old low hanging fruit.
JD Strong: After years of requesting improvements to ABM/ADM, we are finally seeing them with the ability to disable Activation Lock and control over default MDM server assignments. There’s still a long way to go.
Bart R: More control over devices in ABM like being able to unlock devices without needing to contact Apple is a huge improvement. The year over year incremental improvements in this area is a welcome trend.
Toby Riding: ABM – It’s still not easy to add multiple domains. We have hundreds under the umbrella of our company! It’s also not super simple to add Okta as the iDP, you can do it but it’s a lot of hassle!
Andy Jelagin: Improving but still a long way to go when compared to other vendors
Cameron Kay: Apple keeps re-breaking existing features and delivers little new
Adam Tomczynski: Apple Enterprise Support is listening.
Jeff Richardson: Virtually everyone at my law firm has an iPhone, and it works very well due to Apple’s robust support for Mobile Device Management and other technologies, even though we don’t use Macs.
Service and Support
John Wetter: The Appleseed & documentation teams should be applauded, their work has been noticed, along with the enterprise workflow team.
JD Strong: Documentation still lags woefully behind. A great example of this is documentation around DDM OS Update cadence was published months after the initial release of Sequoia, leaving admins to guess at how this new feature worked.
Marcus Rowell: I see the feedback between Enterprise customers via the AppleSeed for IT Program and the associated community on the Mac Admins Slack is working really well. It now feels like filing feedback is getting changes to happen, especially around Enterprise controls for new features. Apple’s Enterprise Team here in Australia, even though we lost a few core members, continues to provide fantastic support to help the community with presentations at local meetups. I think many of us admins now see the importance of making sure schedule time to test early betas and file feedback. I’ve certainly booked time this year. The documentation is great. Enterprise Release notes are a fantastic improvement and very much appreciated.
Trevor Sysock: The documentation teams have been doing a consistently good job for a few years now.
Alex M: Stop me if you’ve heard this before: Apple’s documentation could be better.
Robert Hammen: AppleCare OS support is actually really good and worth the investment, if you have enough Macs. As someone who periodically has to deal with Microsoft Support, I get far better/more competent/timely responses from Apple than I ever do from Microsoft. The reps you interact with are knowledgeable and tend to understand your concerns/issues.
Michal Moravec: Best interactions occur through unofficial channels where Mac admins directly engage with individuals at Apple. This type of communication is highly valued within the community. The Feedback Assistant is still poorly managed. Most of the time, there is zero visible engagement from Apple on submitted feedback, which discourages users from investing time in creating detailed reports. Kudos to all the exceptions from the general rule! Apple Seed for IT provides very good release notes for betas. Regular release notes for Enterprise have also improved and become more detailed.
Johnathan Brown: I know a certain slack channel that has fill out plenty of feedback over the recent year of beta cycles, and a lot of frustration regarding the communication or lack there-of from Apple. More transparency and feedback to these communities that put up with so much would be beneficial from apple.
Luke Charters: I have to take my hat off to the engineers at Apple who liaise with us admins and get our feedback actioned. It feels slow going but Apple do listen and make changes to address the most critical concerns. I do think it would save a lot of time for everyone involved during the beta cycles if every new feature released came with an MDM policy to turn it off by default, rather than admins spending time explaining why their regulatory framework, security compliance policy, or data sovereignty laws don’t allow them to use it. I also must say that the Managing software updates for IT white paper was excellent and much appreciated. More documentation like that will always be welcome.
Andrew Laurence: Apple’s teams for Enterprise Workflows, and documentation for Platform Deployment and Platform Security, are saintly agents doing the Lord’s work. They bridge the gap between the enterprise customer base and internal development priorities — in which “the enterprise” is likely an afterthought, if it exists at all. Their laudable and sysiphian efforts yield material and actionable results.
W. Andrew Robinson: It may only be a subjective impression but documentation and training seems to have improved over the year, and therefore deserves recognition. Feedback programs still feel like tossing a ball over a tall wall in hopes of hitting something we can’t see, though. I also feel like Apple’s response to security issues, while still good, experienced some ‘bumps in the road’ with respect to how effective updates to address things like MDM-managed software updates were handled.
Chris Pommer: It feels like the technologies are there, but finding good documentation on what they are and how to use them can be frustrating, and likely limits usage.
Gabriel Sterritt: Documentation continues to improve; there are some grey areas still like with pSSO.
Chris Chipman: Feedback Assistant is great but also very opaque.
John Welch: Apple’s enterprise docs are solid. Not quite as good as Microsoft’s but good. The training programs are good, but a bit hard for people who aren’t already in a situation where they have ABM et al. Some improvement there could be a huge help for people trying to self-start, as it creates a chicken/egg problem. The certs are valuable in getting a job, but you almost need the job to get the certs. Another weak spot is around in-depth documentation. Having 100% of it be web-page or the occasional PDF causes things to be shallow. There’s a real need for technical IT pubs that can go into depth on the why of a topic and provide in-depth examples, along with the design goals of a given technology and its implementation.
Tony Young: Apple’s AppleSeed Notes for the IT Beta program continue to provide valuable information as to what is coming, and current known issues. In the age of Apple Intelligence, I’ve been able to not only plan for changes but keep key stakeholders well in the know of what to expect and not expect.
Casey Jensen: Our overall experiences and responsiveness with Apple’s Enterprise Support has been great, but they still often struggle to debug complex interoperability network issues. They often require very complex logging processes to try and capture problems that may not be easily repeatable, and then following those requests, ask for more log sets with different data. In some cases, we’ve had to provided 50-80 different sysdiagnoses, and Apple points the finger at two different vendors, themselves, before actually getting to the root cause of the problem. Apple has opportunities to improve the log gathering and collection process, as well as the engineering <-> support discussion pathway for quicker and better analysis.
John Mahlman: Beta documentation has been very good and lots of welcome updates to online documentation has been wonderful. Personal experience with feedback and support tickets has been less than stellar.
Toby Riding: Needs WAY more Enterprise documentation, or it needs to be rewritten with people who actually work in Enterprise, partner up maybe‽ What is written and what happens in the real world can sometimes be so far removed from reality y’know‽
Erik Kramer: We rarely open cases with support, and when we do the assigned tech doesn’t seem to give us much attention, but as soon as I email our regional SE, it’s fireworks!
Justin McMahan: I’ve sent a few devices in for repair and they’ve been fixed quickly and thoroughly.
Tom Bridge: Look, there’s no way for us to talk about the Feedback program and not have this go poorly for Apple. We hear a lot of stories that the Feedback pool is voluminous — though no one says how deep it is — but the way that Mac Admins bust their butts to file feedback only never to hear more about things getting fixed? That’s gotta get fixed. Apple has a major credibility problem with the Feedback systems. I’m fairly sure I’ve had prayers answered from On High. I’ve never had a Feedback closed as fixed in the next release. You tell me which one is more likely.
Nicolas Wendlowsky: Again, steady progress in Enterprise features and fixes. But Apple disregarding vocal feedback about feature changes (Data Transfer pane in Setup Assistant?) is not a good look.
Karsten Macweazle Fischer: Got less responses this year, and really had to have my whole org sending feedback for Apple to recognise a particular issue.
Guillaume Gete: The few issues we had with beta versions of macOS were fixed quite diligently before GM, so quite pleased on this one. Also, release notes for enterprise for macOS releases are quite comprehensive.
Mike McLean: My company does not have a support contract, and we have not had the need to use a pay-for-support instance this past year.
Cameron Kay: Feedback Assistant is still ignored so why bother, AppleCare Enterprise has no sway over the Apple’s Engineers to get bug fixes into releases.
Adam Tomczynski: Big Shoutout to Eric Boyd and the team behind supporting us. It is very welcoming to see notifications and detailed updates from the group on Slack. I’ve noticed a much heavier emphasis on this than in years prior.
Anthony Reimer: Documentation for Mac Admins continues to be a strength, although they are slow to correct older documentation when I file Feedback (yes, I file Feedback on documentation errors). Speaking of which, providing Feedback continues to be a black hole. I checked on the Feedback I created since September and found that I have about the same number of resolved and unresolved items, with the unresolved items receiving no comment or status change from Apple. Enrolling devices in Beta programs has settled in to a good, predictable state. On the staffing front, Apple has reinstated Education reps in Canada after a number of years without them, which is a welcome change.
Craig Cohen: Appleseed and specially the Mac Evaluation Utility has been paramount in preparing organization for Apple as a choice. It allows us a very measured approach before device has been deployed. The Feedback assistant feels like a placebo. No real response. We want to be part of the solution and part of change but this feels useless.
Rod Christiansen: Mostly a confusing black box over emails only. But it’s fine. We have to every year justify our MDM CSR (we run our own open source MicroMDM instance so we’re considered an MDM vendor) and they send a survey and we hope we can keep it. We had a terrible time last year when we began federating our domain for Managed Apple ID Accounts and all our notarization workflows for .apps and .pkgs broke notaryutil doesn’t support MAA and there is zero documentation on this. It still doesn’t work. We have a work around in place. After many many emails a senior engineer replied and gave an actual helpful answer. Until you get to communicate with someone at that level, you get the biggest non-sense answers that sound like as if they came from a robot…..
Shamir Mohammed: Apple Enterprise Support should improve their trouble shooting methods. Every time we raise a ticket, we are questioned about basics and worst of all, asked for screen recordings for every issue. There are some intermittent issues that we don’t know when they will occur, but Apple has a standard template of asking for screen recordings and logs. After submitting logs, we are asked for more logs, and then even more. They don’t share what they found from the previous logs that we submitted, nor what they are looking for in the next set of logs. I’ll give you an example: we recently opened a ticket for Microsoft Teams calls dropping intermittently. Since opening the case, we have submitted 10 to 20 logs from different Macs, but still, they keep asking for more logs.
Brad Chapman: Documentation has improved significantly, especially in the Deployment guides. We still don’t understand why Apple has changed the URL of the AppleSeed program from /it to /for-it. “Slash four dash eye tee.” Really rolls off the tongue, doesn’t it?
Bryan Heinz: I’ve seen year over year improvements here and I love it. Please keep it up Apple friends.
Joel Housman: I haven’t had to make use of support much in the past year. I think things have improved but cannot offer much insight.
Christopher Cook: Two specific things come to mind: Apple began a series of “System Engineer Office Hours” in 2020 that successfully demonstrate new technologies, provide insights into best practices, and educate device management professionals. While primarily aimed at education and healthcare, most of the content is universally applicable. On a scale of 1-5, I rate this a six. It’s Apple at its most transparent and helpful. On the other hand, Apple’s feedback assistant can be hit-or-miss. We receive a much higher response rate from Apple when submitting issues through feedback assistant with Appleseed than we do in our personal lives, but nine times out of ten, it’s questionable if the responder bothered reading the feedback in the first place.
Morgan Schönberger: While I’m very glad to have AppleSeed for IT, with this release cycle we had some rather surprising changes. If it wouldn’t be for 3rd party documentation (mainly the MacAdmins Slack) there would be some changes that caught me by surprise, like the changes in the macOS 15.4 Setup Assistant. But, to Apples credit, they made some meaningful changes after the initial feedback they got.
Bart R: Enterprise support is excellent as long as you can get a hold of an actual person to talk to. Feedback Assistant continues to feel like shouting into the void.
Martin Piron: Documentation is good, feedback is poor.
Hardware reliability and innovation
Christopher Cook: Reliability remains stellar. Innovation is harder to quantify, but I will say this: whatever your opinion of Apple Intelligence in practice, it’s mere existence prompted Apple to finally raise the base RAM for Macs across the lineup. This is a huge relief for cash-strapped universities with modest technology standards. We can also finally drive two external displays with the M4 MacBook Air. Are “more RAM and external display support” innovations? No. But I’d take progress like this over innovations like the Touch Bar any day.
Dennis Logue: Our school district uses a mix of iPads and PC laptops for student & staff devices. There is simply no comparison between the two. Apple is far ahead in hardware reliability and increasingly becoming competitive on price.
Martin Piron: Small and welcome improvement to the range, no real game changer.
Trevor Sysock: The M4 MacBook Air and the new Mac Mini are two of the best Apple products ever made. The minimum increase to 16gb of RAM across the board is a game changer.
Jonathan: MacBooks are just perfect for every nearly company’s needs
Richard Glaser: Wish Apple would offer a cheaper and more competitive warranty for larger environment’s like education and comparable to major PC vendors. Due to cost and system volume in our environment we skip extended Apple warranty as it overall cheaper to replace or repair hardware.
Brian LaShomb: Traditionally Apple’s strongest suit, even amidst new competition from Windows ARM devices. RAM increases across the lineup were welcome.
W. Andrew Robinson: No issues with reliability that I saw this year which is a continuing value-add for Apple customers in the enterprise. ROI and hardware reliability are still excellent. Innovation in hardware saw both amazing highs and disappointing mid-to-lows in my estimation, particularly with Vision Pro — we started out 2024 with this amazing thing, and I was glad to see it move to Japan and other regions fairly quickly, but the 2nd half of the year saw limited progress I think. To me now in 2025, I get the impression Vision Pro has suffered from a lack of attention or innovation past the initial release. Given Apple’s attitude that this is more of a ‘shape of things to come’ product compared to the other hardware lines, maybe this shouldn’t be so surprising to me. In the ‘Highs’ category is — again — the amazing progress of Apple Silicon with iPad and Macs continuing to see M3 being used well across hardware, and of course with M4 being released and deployed to both iPad and Mac hardware lines. It’s hard to remember to give them credit where it’s due because we’ve come to expect Great Things from these processors, and so I want to remind myself to be impressed with this area of Apple’s ongoing (and frankly incredible) progress! Kudos! For iPhone as well — we expect great things and for the most part Apple delivered on iPhone both in the main product lines of ‘pro/max’ models alongside the ‘regular’ ones, with the 16e revising the ‘more affordable’ (we can’t really say ‘budget’ here) model finally being delivered. MacBook Air continues to amaze me as a go-to business machine, replacing the MacBook Pro for most employee roles except software development, graphic design and other roles that have high-performance tasks. I am impressed with Apple’s desktop models but frankly, we never will deploy them in our infrastructure.
Andy Jelagin: Apple’s HW leads the pack when to comes to reliability and performance, and has been out front for years in our shop.
John Welch: Their hardware story has been phenomenal.
TJ Draper: Apple’s hardware is so much better than anything they’re doing in software right now. Their hardware is honestly incredible. I have a 2021 M1 MacBook Pro and honestly an upgrade is not even something I’m considering. This is the first time I’ve been 3.5 years in on any computer and not started feeling the itch to get something newer and faster. I’ll say too, that, in my personal life I keep handing down iPhones (I have a 16 Pro, my wife has my old 14 Pro, my daughter has my old 12 mini, my little use my old 6S as a WiFi device), because the hardware is really good and lasts forever.
Nicolas Wendlowsky: Reliability has been solid. Vision Pro knocks the ranking down, it’s another VR/AR gimmick that almost no one wants or finds useful, not to mention the very late support for it with MDM/DDM made it drop off of many radars.
Mark Lynch: Apple hardware since Apple Silicon continues to be reliable, and has not had any losses in this area.
Adam Tomczynski: The M4 lineup brings a very welcome set of upgrades across the board, with top-tier hardware reliability. Apple continues to deliver products that perform exceptionally well at competitive prices. However, it would be great to see more transparent and easily accessible deep dives into technical specifications—especially when it comes to distinguishing between default and build-to-order (BTO) configurations. For example, larger storage options often come with faster speeds, and memory throughput can vary. Providing clear, detailed data helps customers make informed decisions, which is especially important for large-scale purchases.
Toby Riding: It’s the same, just faster.
Joel Housman: M4 MacBook Airs that can run dual displays in clamshell mode. Enough said. Finally, indeed.
Chris Carr: Apple Silicon computers have been pretty solid for our small team
Guillaume Gete: I still find the evolutions and pricing of Vision Pro disappointing. On the Mac side, the M4 was a hit, and it’s great to see even the MacBook Air gain dual display support with M3 (though it’s only with the M4 that the MBA became the almost-perfect machine for anyone). About reliability… Apple products have never been so reliable. Very few hardware repair programs now, and the Macs have been incredibly resistant to failure, thanks to smaller, less heat-constrained motherboards, again thanks to Apple Silicon architecture. Now, if only Apple was eager to add a 5G modem in its laptops…
Grant B: All the M4 class of devices are stellar, even if they are mostly iterations on the same products that have been released the last few years. I was most excited by the M4 MacBook Air starting under $1,000 again, and the nano texture glass and OLED coming to the M4 iPad Pros.
Peter Thorn: Reliability 5, innovation 3
Bart R: I don’t think Apple’s hardware has ever been better. Only exception is the ongoing omission of an iPhone Mini in the lineup. Vision Pro has a lot of potential and the current hardware is serving to kick the tyres and work out what use cases are going to stick.
Michal Moravec: Apple has released several solid hardware iterations this year, and we appreciate the reliability of current Mac and iPhone models. Aside from the introduction of the Apple cellular chip in the iPhone 16e, there were no groundbreaking innovations in the Mac and iPhone device families. In the coming years, we expect Apple to further reduce its dependence on other companies for chip design.
Jeff Richardson: Modern iPads are incredibly useful for attorneys. They just work.
Morgan Schönberger: Hardware still is and seems to stay Apples strength. With a device count in the thousands (Mac, iPhone, iPads) the number of reliability problems is exceptionally low, leaving physical damage such as dropped devices the main cause of outages. I’m very glad Apple worked on increasing the number of external displays supported by MacBook Air, which was a main holdback for the deployment of those devices.
Alex M: In a fleet of 3000 macOS devices, two had failures that were not user error.
Karsten Macweazle Fischer: Nothing to complain about, No surprises either.
Shamir Mohammed: I’m answering this from a Mac perspective. I have an M2 through M4, and so far I don’t see any massive improvements in performance. I believe they just change the numbers in the specs, but the performance remains the same. Another issue is battery reliability. The M4 is less reliable than the M2. And dropping more models as you release the new OS is a such a pain, and it is nothing but a marketing statergy to keep enterprises buying more Macs and generate ewaste.
Craig Cohen: The introduction of the MacBook Pro and MacBook Air with M4 has added wonderful features at a palatable price point.
Brad Chapman: Battery life and performance of the Apple Silicon hardware is astounding, and we are actively refreshing all of our 2020 Intel MacBook Pro users to the latest 15″ MacBook Air—an excellent value for general productivity. Wearables are a mature market category and the innovation in this area has plateaued. We tried the Vision Pro headset last summer, but just couldn’t find any good use cases for general office work. There are small teams within our company that are using them for design and prototyping. The steep import tariffs on China are the 800-pound gorilla; they have become a frequent subject in procurement discussions. Unless the situation deëscalates, it could impact our device spend. I also worry that Apple might scale back ambitions and features on future devices to keep costs down, which would hurt consumers and their overall ability to continue innovating.
Johnathan Brown: repairs outside of accidental damage have been extremely low , so good job. Also well done on allowing m4 devices to support 2 displays without going pro.
Bryan Heinz: Apple’s hardware is amazing. Throw a dollar in any direction and you’re buying great hardware. The only thing holding me back from a 5 is the amount of dollars one has to throw for any RAM or SSD upgrades.
Gabriel Sterritt: The M4 class CPU really makes the M3 seem like a stopgap. Wish that Apple would adopt the drive modules used in the M4 mini across the board and provide possibility of expandable storage. I haven’t yet seen a Mac turn into a brick due to failed SSD but the day is coming.
Marcus Rowell: The new M4 MacBook Air with 16GB of ram is great value for a laptop that is wonderful for most people, we can now finally buy off-the-shelf instead of custom orders. The entire Mac hardware line is great. Apple Silicon has been a great investment.
Edward Munn: We have had 0% hardware related issues with our fleet of Apple Silicon devices. We had issues with 20% of our T2 MacBook Pro (2016-2019) from broken logic boards, display ribbons, touchbar and keys.
Cameron Kay: Hardware is good, though over priced. Especially storage upgrades which are not only exorbitantly priced but also inferior in performance
John Wetter: While the AVP continues to search for its market outside of a very narrow niche space, there is no question that Apple’s hardware is the best available.
Robert Hammen: I have few complaints about Apple hardware, and am especially glad they finally boosted the base RAM for all Macs to 16 GB. That was beyond time, and now more easily allows us to use standard SKU’s rather than resorting to build-to-order.
Dennis Wurster: Other than VisionPro, most Apple product lines are relatively mature at this point. I’d like to see Apple branch into offering cellular data as an option for its laptops.
Barry Caplan: Hardware is well built and requires little maintenance. Vision Pro demonstrates Apple’s innovation chops.
Justin McMahan: Some of our older Macs have had issues this last year—more than usual. Most of them have been battery or thermal issues. Overall reliability remains high, though.
Rod Christiansen: Oh man the hardware is incredible these days. Last year we refreshed our last lease of Intel machines from 2019 (we do 4 year leases) and my entire fleet is Apple Silicon now. Our hardware issues or tickets for repairs are down to 1 or 2 a year from a fleet of 700 Macs.
Chris Pommer: Apple’s hardware continues to excel, with Macs in particular lasting years longer than comparable PCs. The USB-C transition is proving to be paying off now that the older machines have all (mostly) migrated out.
David McMonnies: the M4 multi screen changes are a net positive, however the remainder of the product set has otherwise been fairly static. Silicon remains a great product however and overall reliability and performance is excellent. Wifi chipset performance is something to be looked at in enterprise environments.
Luke Charters: I was happy when the M3 MacBook Air supported two external displays when the built-in display was off. Seeing the M4 MacBook Air support it with the built-in display on is a dream come true. We also must thank Apple Intelligence for forcing 16 GB of RAM to be the minimum across the Mac range. The MacBook Air is a true enterprise workhorse now. The combination of speed, build quality, and reliability at its price point can’t be beaten.
Tom Bridge: Apple’s firing on all cylinders with their hardware operation. The M4 MacBook Air is an absolutely incredible product and we’re going to buy a whole lot of them. The Vision Pro was a long shot, and an impressive tech demo, but hasn’t penetrated our organization yet.
Chris Chipman: THIS IS WHY WE WANT APPLE IN THE ENTERPRISE. The ROI is awesome.
Andrew Laurence: Apple’s hardware game is the best it’s ever been.
Jason Smallwood: I’ve been using Apple products since 2007, and I rarely can think of a time when my device was not reliable. I’ve held on to some devices for 7 years when it comes to laptops and desktops, and have seen in my environment some devices that are 12-15 years old still running perfectly fine.
Erik Kramer: Reliability and innovation are two different things, but the MacBook Air, Mac Mini, and iPad we use are fantastic workhorses. We expect 5-6 years of use out of these devices.
Software reliability and innovation
Adam Tomczynski: The rapid pace of software releases is starting to show its downsides -we’re seeing increasingly buggy software. The days when a .3 release felt rock-solid seem to be behind us. As Apple’s ecosystem continues to expand, there’s concern that these issues will only become more frequent. More internal testing resources should be allocated to improve stability. For instance, I’ve experienced with multiple major and minor version releases where my fleet of Apple TVs updated their Operating System despite proper deferral settings being in place. Support tickets with both my MDM vendor and Apple led to finger-pointing, with no clear resolution.
Barry Caplan: Frequent updates keeps OSes in good shape. Vision OS is very innovative and suggests Apple’s future “look and feel” objectives
Jonathan: Better iPad, Multi Account iPad outside of schools, !! allow purchases in managed Apple IDs !!
Craig Cohen: The quality assurance feels like it slipped. Too many announced features that stay beta/preview. It feels like a bait and switch.
John Mahlman: I’ve not been happy with Apple’s hard focus on AI tools instead of making the core products better. This is a trend with lots of companies, not just Apple. I feel that other aspects of their software development have suffered from this focus (QA and innovation).
Shamir Mohammed: Again, I am answering this question from a Mac perspective. The latest macOS 15 was a real mess. We had everything working in the developer beta and release candidate. However, since the GA version was released, it has been entirely backward. Enterprise users were impacted the most with this latest OS, and we have not seen many updates released in such a short time span for a macOS. Things were unstable until 15.3 was released, which addressed many major bugs, but even today we still have issues with this OS.
Justin McMahan: Apple’s OSes continue to be the best fit for our organization. The features they offer tend to work together well, and our users utilize them extensively.
Bart R: I was going to answer 3 but in the context of how OS releases used to be (the old “never update until x.3 rule”) I think a 4 is more appropriate. Things are good but they could be better. In most cases “better” just boils down to better communication whether that’s disseminating release notes, documenting deprecations with appropriate lead times or responding to issues resulting from changes in OS behaviour.
Jeff Richardson: Modern iPads have great hardware but the software should be better for allowing more sophisticated tasks: better multitasking, more ways to use audio, etc.
Martin Piron: No real innovation some painfull bugs in macOS.
W. Andrew Robinson: The software situation is slightly less impressive. While macOS is still by far a great OS and platform, this past year saw multiple rough rollouts of both the larger full release and ‘dot’ updates in features and security. The elephant in the room is, of course, Apple Intelligence, which has been the most disappointing ‘rollout’ of a subset of features I can remember. It goes without saying that 2024 will be remembered for Apple over-promising and vastly under-delivering (at least as of this survey) in this space. “”Is Apple a software or a hardware company?”” has always been an interesting debate with my peers… well, 2024 tells me that as a software company, Apple needs to do some work.
David McMonnies: Apple intelligence has not been a positive experience, most organisations do not want to use it and the overall feature set is limited when they do. Some new functions like iphone mirroring are nice to have, but have little realistic impact in enterprise environments where this could be considered a compliance violation.
Casey Jensen: Apple’s Intelligence release was not great from an enterprise perspective, with controls and information often lacking throughout the releases, to which enterprises basically had to make demands to Apple for controls, and some of them followed feature introductions. Lack of clarity, lack of roadmap visibility, was frequently evident throughout the release.
Karsten Macweazle Fischer: I got the impression that there are more issues than last years.
Marcus Rowell: Repeating myself from last year: Notifications are still confusing and easily ignored. PPPC needs a rethink. It needs to be simpler and allow Apps to ask for approval in one dialog.
Guillaume Gete: 3, because Apple Intelligence is quite a disappointment at this time. However, I find the software incredibly stable these days, very few bugs in apps, and macOS finally became again rock-solid (even if there are always some annoying bugs). Another issue with software is iPadOS. Apple still seems hesitant to go in a direction with this product, and so far it’s impossible for me to consider moving to an iPad for my daily work.
Michal Moravec: While there has been good progress in making certain enterprise features more reliable (e.g., Software Update on macOS), Apple’s performance in software reliability and innovation has not been strong. macOS Sequoia has been affected by several issues related to network and endpoint security extensions. Apple Intelligence features on macOS appear to be implemented superficially. SwiftUI for macOS remains far from its potential due to a lack of dedicated focus and resources for the Mac platform.
Christopher Cook: For the most part, the rollout of macOS 15 and iOS 18 (and its variants) has been smooth this year. There have been no major incompatibilities and while the usefulness of new features is up for debate (image playground? Really?) we’ve not encountered any software issues until macOS 15.4 caused all of our 16″ MacBook Pros with an M1 Max chip to boot-loop and require a DFU restore.
Toby Riding: It’s getting harder to get macOS to work in the Enterprise, SO much more hassle almost with every point release now. Again, partner up Apple, ASK US first maybe? Surprises aren’t nice, us Mac Admins are overworked as it is 🙂
Grant B: Mac OS Sequoia has been mostly stable for our org, and that is a very welcome change. The MDM/DDM update process has also gotten more consistent with each update. However, the change for permissions to local network access has been a constant thorn in the side. We have had constant trouble with that permission setting clashing with local network filters through our MDM. Weighing the options between “”business apps functioning”” and “”business content filters enabled”” is not an enjoyable task.
Mark Lynch: The unfortunate trend of unreliability has picked back up.
Dennis Wurster: Overall, operating systems have been very stable, even in early releases. This has allowed us to deploy with confidence.
Fluffy Bunny: still an effort to keep macOS updated
Dennis Logue: As an education institution, many new OS features targeted for the average Apple customer are irrelevant for us. That makes sense and is expected. This year, there was so much focus on not-quite-ready AI features, that has only made this more magnified.
Tom Bridge: Apple Intelligence is a huge miss for me due to the way the restrictions were built. Starting something new is always a challenge, and offering granularity of control on new things is a really critical way to let people dip their toes in the water with confidence. Couple that with features that just never arrived, it feels like a lost year, especially when coupled with a lot of the challenges with restrictions rollout. They’re not all gonna be winners, but it feels like this was a particularly lamentable change.
Chris Chipman: A little late to the game on AI, but they got there. The marketing behind the iphone was infuriating though – “Supports Apple Intellgence – but you are going to have to wait for it
Brian LaShomb: Trying to block Apple Intelligence is messy, with keys to control these features sprinkled throughout every minor release in the Sequoia release cycle. And trying to control Apple’s notifications and messaging around it add another layer of frustration for IT teams.
Chris Pommer: The last few major releases have been pretty stable, with most of our major software vendors keeping up pretty well. The evolution of the UI on macOS, and the “get out of your way” philosophy, creates more work for support staff, as what should be simple functions to find are often buried behind mouse/swipe gestures. My feelings about recent UI decisions definitely skew towards the Siracusa-ian, so I have some dread about what may be coming in the next year.
Brad Chapman: Not long after the release of iPad OS, Apple launched a heavy-handed marketing campaign featuring a child using an iPad and pondering aloud: What’s a computer?” The answer to that question, dear child, remains thus: not an iPad.” iPad OS is still hamstrung by quirks and limitations of iOS’ memory and performance management algorithms. It lacks a full-fledged file management app; Files is NOT Finder. It lacks a windowing system like WindowServer on a Mac. Containerization and sandboxing of apps makes it an absolute pain to do any meaningful work. As for the Mac: macOS Sequoia was a suboptimal choice of a codename. First: the previous OS name also started with an “S,” leading to confusion. Second: many people have trouble spelling it reliably compared to Sonoma. Third: it is phonetically similar to, and has the same number of syllables, as Sonoma. MacOS Redwood or MacOS Eureka would have been better names that still evoke strong images of the mighty trees of California.
Tony Young: We’ve experienced or have seen other organizations organizations report issues to third party vendors only to have those vendors confirm problems with very specific versions of macOS Sequoia. While often times Apple has fixed these various bugs, it has made us more hesitant to quickly push/enforce updates.
Trevor Sysock: macOS 15 has had some rough update cycles. Apple Intelligence is a hot mess. The slow trickle rollout of AI features and limited/confusing MDM controls made every minor patch into a pain.
Johnathan Brown: this year feels extremely frustrating with all the bugs related to firewall, screen sharing apis, or mdm keys for managing private addresses. and those are just the ones that i remember. they really dropped the ball this year on that one
Alex M: There have been worse years, and we are getting closer to being able to ship .0 releases to our users. But we aren’t there yet. Too many changes or intractable errors; too many issues with industry-standard security tools. Which we hate too, but a customer contract is a customer contract.
JD Strong: If DDM is the new hotness, then why are new features being released with legacy MDM profiles for management? I’m looking at you, Apple Intelligence controls. (The obvious answer is that MDM platforms are not adopting DDM fast enough.)
John Welch: They’re better than most, they could be better. In particular, the documentation of some utilities is extremely hit and miss. The over-reliance on man pages, especially given the lack of consistency is unhelpful. Man pages are great for “what does this option do again, or what are the options”, but they are not good for details and helping one get a deeper understanding of things. Man pages are good for how and what, they are really bad for why. There’s also some glaring weaknesses that make no sense. For example, with unified logging, you’re either spending a lot of time figuring out the perfect predicate search, or teaching yourself Swift(UI). The lack of detailed documentation on what is logged for each subsystem makes figuring out what to look for is even worse. And again, the complete lack of an OS-wide automation framework (since MacOS 9) makes everything harder, and no, shortcuts are not the answer. When you look at things like PowerShell on Windows and what you can do with it, the problems of “shortcuts or shell” really become apparent. Apple desperately needs to fix this. A decade ago.
Gabriel Sterritt: Transition from Sonoma to Sequoia was almost seamless; wish that iPadOS could be swapped for a touch-enabled macOS, even at an extra cost. Still miss Snow Leopard, but many of the rough edges from High Sierra through Ventura seem to finally be getting ironed out, with one key exception – macOS System Settings app is still a spaghetti piled mess with terrible discoverability and confusing placement of some items. Also, I’m still frustrated with Apple as one of the wealthiest companies on earth, and they can’t be bothered to back-port and test so much of their software. “”Have everything updated to the latest version”” is not robust, reliable, and does force users onto a never-ending upgrade cycle that creates a lot of unnecessary churn and work where problems have been long solved save for that new feature that’s being shoehorned into sell this release.
Morgan Schönberger: Software is pretty stable and with no major drawbacks. As a European based company we haven’t had to bother with Apple Intelligence for most of this years release cycle, making this a pretty unexciting release. Which is good in enterprise.
Anthony Reimer: Apple seems to be focussed on adding features to their apps and OSes more than fixing bugs. Mail is probably the app that I use the most and whose quality has deteriorated over the years. For example, my Unread Smart Mailbox used to populate almost instantly after email had been downloaded. Now, I often need to wait 5–10 seconds for it to update when I can see that the Inbox already has new messages. And then there are apps that I use all the time, like Keynote and Numbers, that seem to be well-maintained. It’s puzzling.
John Wetter: This continues to be a weaker area for Apple, as I include iCloud services and collaboration in this. At this time, I just don’t understand why collaboration within applications is just so bad, so difficult, and so uneven. Apple has had chances like Schoolwork, where they could integrate the Apple ecosystem into world-class learning management systems and they’ve done nothing with it. This is a huge missing link for Apple in education. For being such strong creative devices, iPads are trapped in sub-par native collaboration capabilities. Add an MS365 account and you’re set but you shouldn’t have to.
Erik Kramer: Updated mostly fix things, so that is good. They mostly don’t break things. But innovations…? Not so much.
NC: Hardware: Notch. Software: Oh no maybe it’s under the notch hope you don’t need it.
TJ Draper: While overall I’d rather be in Apple software than, say Windows, the gap is narrowing. This is largely due to Apple’s continued downward spiral in software quality and care. The constant bags from macOS about permissions I’ve already granted are infuriating. IPadOS’s inability to do much of anything, and certainly not anything well, is despair inducing, and iOS feels pretty uninspired these days.
Nicolas Wendlowsky: macOS 15 and iOS 18 have had a lot of hiccups this last year: multiple issues with upgrade failures, black screens, and AI features being gradually rolled out where admins have to block them on-the-fly since there’s no single Off switch for a feature that most security-focused orgs will not allow.
Luke Charters: It feels like the EU regulations and focus on Apple Intelligence caused some disruptions to their normal roadmap. macOS Sequoia has felt buggier than Sonoma so far, particularly when it comes to network extensions and software updates. Also, every second or third minor release of tvOS makes AirPlay laggy and unusable and then the next release fixes it. For those of us with hundreds of them deployed to classrooms and presentation spaces, we’d really love it if that could stop.
Rod Christiansen: We are an art and design school and heavily on Macs, iPads make a tiny percentage of the fleet, macOS is doing great. We’re all just happy we can keep doing what we’re doing in terms of management and running our processes. We deploy software with Munki and it is still doing its job great. The security and privacy payload are a disaster though to manage or find out what is happening sometimes. Oh I see that is the next question….
Luke: I want stability, not beta features that no one needs. Please fix the bugs that already exist before trying to implement half-baked features that bring more bugs.
Andrew Laurence: Sequoia’s holistic changes in across networking, firewall, system extensions — and their eventual MDM affordances — were chaotic. Apple needs to do better at cross-populating communications of changes between their developer and enterprise channels; too often changes in the former create unexplained problems in the latter. The Apple Intelligence rollout has been a FOMO-fueled own goal; we expect better.
Bryan Heinz: I’m giving this a 1 because when I think of Apple today and software innovation on macOS, the first thing that comes to mind is the obscenity of Vista-esque security prompts. Apple’s hardware is so good I’d love to run virtual servers and services on it, but I’d be constantly fighting the OS during setup and again with each update and new prompt added mid-OS lifecycle. Setting the Mac aside, the iPad hardware is begging for an OS that can do it justice.
Cameron Kay: Software reliability has gotten a lot worse in macOS 15 and iOS 18. They’re just flinging stuff a walls and hoping it sticks. No innovation for Enterpirse customers in the last 12 months, Apple’s been too busy keeping EU regulators at bay and the less said about Apple Intelligence the better.
Robert Hammen: Simply put, macOS 15 has been brutal. Whether it was: 1. transitioning the built-in macOS firewall from a kernel extension to a system extension, but not documenting it at all for both developers and IT folks (and the fact that Apple knew it was broken really badly in 15.0, but shipped the OS anyway, didn’t help – I know 100% for a fact that they knew, because I told everyone I knew on the Enterprise team). There should have been test plans for this change, and it should have been documented. 2. Apple also changed in macOS 15 the way VPP app updates work (and never documented it) – apps are no longer updated if they’re open, but the user never gets a notification that a VPP app update is available. It’s been a disaster for my employer, and we’re finally migrating away from VPP apps on macOS wherever possible. 3. The enrollment workflow changes in the 15.4 release – Apple needs to stop doing these UI changes mid-stream. If a change Apple makes in the middle of an OS release cycle will affect every org’s user-facing documentation, the change shouldn’t happen until a major OS release, period 4. All of the update bugs and WebKit bugs in 15.4.x have also been a huge pain point. 5. iOS has also not been a paragon of stability, either (and don’t get me started on the new Photos app on that platform). At my previous employer, pain points revolving around non-mandatory smartcards continued onwards from macOS 14 and well into 15. It’s been readily apparent to me that Apple doesn’t perform adequate testing with non-mandatory smart cards and using Yubikeys in lieu of PIV cards. Many of these bugs or cosmetic issues would be apparent to Apple if they did.
Security and privacy
Joel Anderson: Security and Privacy on Apple devices is great, but this still needs to be balanced with Enterprise needs. For example, if an enterprise deploys Zoom, our end users should NEVER see scary warnings about using Zoom and allowing Zoom to launch and do what Zoom does.
Barry Caplan: Apple releases timely updates to help users avoids data and loss of personal information to hackers, etc.
W. Andrew Robinson: Normally a great category for Apple, the security updates and privacy performance took some hits this year. Apple’s struggles in the EU, and in markets outside the US in general, saw embarrassing apologies for privacy mishaps and ‘software releases followed immediately by security / bug fix releases’ multiple times over the year. Again, this is usually a solid area for Apple. This year, not so much, though still ahead of others in the industry.
Craig Cohen: Privacy and Security comes with level setting usage and management expectations for the end-user and the IT teams. I applaud Apple’s approach to transparency BUT sometime that impacts usability. Some features need a better balance for the teams managing Apple devices.
John Wetter: Top notch security and privacy abilities, even at the apart cost of improvements to Apple Intelligence settings. I’m willing to make this trade for now. There’s no doubt that Apple is the safest and most secure platform available to the enterprise market. Tools like Platform SSO add Identity Protection to this with the “without equal” of the Secure Enclave’s presence.
Richard Glaser: Wish Apple would review and better streamline UI and admin management of privacy sevicea and allowances. IMHO, too complicated for end users.
Gabriel Sterritt: Disappointed but not surprised to see that side channel exploits similar Spectre/Meltdown are possible, hope that Apple implements solutions that do not kneecap performance too much. I suspect part of the relative performance advantage of ASi has been that it hasn’t had to employ the same performance reducing mitigations that the x86 architectures suffered in the late 2010s. I still wish that Privacy & Security were separate settings areas, and on managed devices admins ought to be able to set certain apps to use certain privacy bits when automatically enrolled via ABM/ADE such as Zoom for the camera, mic, and screen sharing. I love the PPPC idea but it’s complicated and at the end of the day our users are suffering notification overload and just blindly clicking things away. In this regard macOS truly ought to be named Vista. Shame, Apple! Shame. Shame. SHAME!
Rod Christiansen: I appreciate and understand Apple’s commitment to security and privacy on macOS. I am absolutely in favor of it. But not like this. Payloads that are only MDM managed, great I’m on board, makes sense. Taking away profiles —install ? We found the way to deal with that. It was being exploited years ago by adware (tricking users to install user level profiles that would hijack browsers homepages or search engines for example). I’ll give you an example this year, we have a Mac mini that handles a fabric loom software in one of the labs, after Sequoia it completely lost internet connectivity because of the new ‘local network access’ privacy payload. The thing is the software is not terribly updated often, its 64 bit, signed, and notarized, but it has no knowledge of this new privacy payload, it doesn’t pop up a warning, and macOS told us nothing about it. It took quite a number of visits for the Mac Admin on my team to figure out it was this. We looked at the networking first, the wall jack it was connected to, etc before hand. We wrapped it up in a profile now and it’s all fine, but still. The per privacy payload prompt is bad for consumers and for enterprise users.
Robert Hammen: More prompts (network discovery, etc.) that cannot be suppressed by profiles.Having to write end-user facing documentation to explain what these cryptic messages mean, and why they are appearing. The Windows Vista-fication of macOS continues. I’d absolutely love someone plopping an enterprise-managed Mac in front of Tim Cook and have him see the experience first-hand.
Bart R: Points deducted for caving into demands and disabling features like Advanced Data Protection in certain geographical areas. I’m sure there’s a lot of complexity being glossed over in that assessment but the outcome is a reduction in security potential for the platform and a message to consumers that despite intentions, Apple will bend when told to. That said,
Anthony Reimer: I generally like Apple’s stance on security and even how they give users agency. I would like to see Apple stop using users as pawns to try to influence developer behaviour through warning dialogs, particularly when Mac Admins can’t manage those dialogs.
Peter Thorn: Not so well in the UK, when removing the opportunity to fully encrypt
Toby Riding: It’s good BUT sometimes it’s not great at being flexible within Enterprise environments in reality.
Justin McMahan: I really value Apple’s Gatekeeper in our environment, and we recently integrated Jamf Protect into our environment as well. These first-party and third-party tools are very helpful and give me a lot of peace of mind.
Martin Piron: As strong as ever.
Mark Lynch: While Apple is usually able to tout wins in security and privacy, there are some key losses in some ways, particularly in the enterprise space. For example, user-owned iPhone application stubs becoming visible and available on enterprise-owned macOS devices merely due to the same AppleID being used, introducing a privacy and legal concern.
Cameron Kay: Apple keeps breaking thrid-party security software and their own software update system so its becoming increasinly hard to keep our Apple devices secure.
David McMonnies: Rapid Security Responses are a vaunted feature however have seen little actual usage. Device and overall software security remains generally fine overall.
Henry Stamerjohann: It’s amazing how many CVEs are closed with the regular OS updates. Kudos to all the researchers who report responsibly to Apple.
Morgan Schönberger: While some privacy initiatives can be challenging for an IT department, I’m very much in line with Apple on their efforts here. While I’d like to set up the computer for my users completely correct and with no checkboxes to click, we have found it’s a good thing to empower users a bit more and giving them more ownership over “their” computer. This makes for people that care more about their tools and be better coworkers as well, as they learn how to use the tools at their disposal.
Luke Charters: Apple’s commitment to security and privacy continues to be consistant year on year when their competition feels like they’re getting worse.
Jeff Richardson: I have virtually zero concerns about hackers gaining access to to our attorneys’ iPhones and iPads because of inherent security advantages and frequent operating system updates to address potential flaws.
Michal Moravec: Apple has been keen on making app access in macOS more transparent to reduce shady behavior by third-party developers. This even includes “”shaming”” developers with user-facing alerts when a deprecated framework is used (e.g., Screen Recording). The problem is that enterprise customers are not really considered during the development of these features, and some are introduced late in the beta cycle, leaving little time for feedback and changes. Organizations are forced to complain loudly through every possible channel to push Apple into implementing controls around new privacy features later in the OS release cycle. In our opinion, privacy features should have corresponding enterprise controls (when applicable) from the moment they are introduced.
Andy Jelagin: Apple is still a front-runner for out of the box security, but their enterprise support falls short when it comes to the availability of more advanced tools.
Andrew Laurence: As an enterprise IT administrator, I often curse that Apple’s hard lines on privacy conflict with the business needs; as a user and employee, I appreciate that they often find their way to the correct balance.
Grant B: The documentation on the security content of new updates seems to have improved over the last few years. Even if details are delayed, there often are at least lists of the number of vulnerabilities addressed in an update. This can make it easier to sell an update in our org. “Patch to get new emojis” is far less convincing than “Patch to fix 120 CVEs”.
Chris Chipman: The best.
John Welch: Watching infosec people who are only used to Linux/Windows see how much more seriously Apple takes security and privacy than anyone else is always amusing.
Brian LaShomb: The number of user prompts are beyond ridiculous at this point. ‘Dialog fatigue’ is now a first-party feature of macOS. Please let us manage the ‘local networks’ prompt via MDM.
Marcus Rowell: Apple’s continued mishandling of the App Store has led many governments to introduce laws, legislation, and even fines. These actions only diminish the platform’s privacy and security. Governments have been forced to see the App Store and Apple’s operating systems as “gated,” where Apple decides what is available and what can be set as defaults based on opaque rules. Apple should have done everything they could to ensure governments didn’t feel the need to intervene. This situation will only worsen, impacting the reliability, security, and privacy we expect from Apple.
Trevor Sysock: Unlike many others, I appreciate the privacy addition of restricting apps from scanning my local network. The implementation was clunky and the user experience isn’t great. I am dinging points for the awful handling of the Screen Capture prompt debacle.
Erik Kramer: Thank you, federated Apple Accounts and the Passwords app. It would still be nice for managed Apple Accounts to have Managed Passwords, but… someday…
Adam Tomczynski: Apple is leading in Security and Privacy foremost. I very much appreciate this trend continueing. There is always room for improvement. Sequoia screen share notifications anyone? Apple needs to provide a native way to help users audit their privacy settings in an easily to understand way. One suggestion mentioned was to make certain settings as defaults across the board, and if users want to tweak, they can in an easy method, not at app launch. Think of a new setup assistant like screen(s).
Edward Munn: Improvements to XProtect have been welcomed.
TJ Draper: Nag dialogs lead to banner blindness and actually make security worse. Preventing 3rd party competition leads to major blind spots in Apple’s own security game.
Alex M: I can shut off ChatGPT support in Apple Intelligence and had the ability to do so as soon as it shipped. Thank you, Apple.
Deployment
David McMonnies: The ability to enforce versioning at enrolment time is a great and long demanded feature. Overall patching frameworks still require further improvement to reliability. macOS 15.4 changes to enrolment have had significant negative effect, it would be nice if these in-line changes and consequences could be better communicated to vendors and partners in advance to allow for more proactive responses.
Anthony Reimer: The deployment experience of new or re-deployed Apple Silicon Macs is really great overall, particularly DFU wiping. We’re seeing incremental improvements with ADE, which are welcome. I started using Software Updates via DDM this year in my Educational Computer Lab setting, and it can work really well… or not at all; I have had to manually update about a third of my computers on each of the last few Sequoia releases. And yet, this is better than my experience with other Software Update mechanisms in recent years.
Alex M: See comments on Zero Touch.
Dennis Wurster: We need to have the freedom to defer OS upgrades indefinitely. As it stands, we can submit Feedback reports about incompatibilities and receive no response, but we only have a 90-day window before we’re forced to upgrade.
Grant B: OS upgrades and software updates have both become more stable through DDM. We have also had great success with Automated Device Enrollment, save for the few devices that have been purchased as refurbished units. I would love to see changes for the requirements to adopt new Macs that have been purchased as refurb in order to adopt them into your organization. Currently, the requirement is to use Apple Configurator on a mobile device. It would be great to be able to use another Mac, in addition to the Mobile Device option, but that is just a small nitpick.
Mark Lynch: The majority of the experience remains the same, however there are some key losses in control over the enrollment experience. However, fixes to OS upgrade handling have been quite nice, at least until more issues surrounding OS upgrades creep back up. A lack of useful control over deferrals remains.
Jeff Richardson: I realize that the Vision Pro is very new with a limited user base, but I wish we had better tools for using it to get work done. To be fair, Apple now supports MDM and I’m waiting on Microsoft to bring full Intune support, but it seems like Apple could do more to push Microsoft.
Justin McMahan: These features work great for us.
Casey Jensen: Apple’s DDM functionality and vendor support has still been far from trouble-free, and efforts to get things such as Safari Extension management in place (something that has existed for essentially every other browser for a long period of time) have been hampered by Apple’s design choices to manage extensions via user-level design on macOS versus device level on iOS.
Jason Smallwood: Utilizing Automated Device Enrollment has made my job significantly easier. I can keep track of our devices through Apple Business Manager and ensure they are getting assigned to the correct device management tool. Being able to enroll a device into our device management tools is crucial to daily operations. We assign profiles based on who or what the device is being used for, ensuring the device receives the correct applications or restrictions as needed.
Cameron Kay: ADE enrolments via our MDM seem to be less reliable in the last 12 months. The number of Macs that only partially enrol and aren’t managed had more than doubled. This added significantly to the workloads of our IT support staff and disrupts the users. OS software update issues have also increased. Devices are not installing updates even through they’ve received the DDM commands or they are installing but long are the scheduled deadlines. Cleanly the software update system on these devices is getting into a broken state and reboots don’t resolve the issue.
JD Strong: This continues to improve making it easier to move MDMs, but having to EACS iOS and iPadOS devices for an MDM move when you have thousands of devices is ridiculous, when we have a command in macOS to renew an enrollment.
Trevor Sysock: DDM Software Update has become usable and reliable. Enforcing updates at enrollment time has become reliable. Life is pretty good for onboarding.
NC: Managed scheduled OS updates are still skippable or ignorable by users (15.1.1-15.3.1 current examples). App deployment/updates is good.
Craig Cohen: Although the introduction of Declarative Device Management has improved managing Software updates, the implementation and results have been at best spotty. Apple management teams have yet to be provided a solid solution from Apple.
Nicolas Wendlowsky: Again, some improvements (Platform SSO, DDM enhancements) take a backseat to intrusive issues like repetitive notifications about MDM-granted TCC/PPPC access, more restrictions on Apps allowed to run, and the 90 day window to hide Major/Minor OS updates is still too short for most Enterprises.
Gabriel Sterritt: This would have been a 5 except for the issues at my org with 15.4 and a large percentage Macs booting into recovery lock after trying to update. It’s the one time I wished that any org I’ve worked at in the past several years had an Apple Enterprise support contract.
Joel Anderson: I still long and wait for the day when you send a command from the MDM and the device just does it, all the time. Example: We have 100s of supervised iPads sitting in carts, that are connected to our Wi-Fi and plugged into power. We send them commands to update OS and apps. And they don’t do it. Why? Because when an iPad is “”asleep/at the Lock Screen”” after x amount of time (which nobody seems to know) the devices detach from Wi-Fi, never to attach again, until a person opens the cover and enters the device’s Passcode. Instead we find ourselves sending MDM commands to clear Passcodes, walking from room to room, manually connecting each iPad to Ethernet so they get the commands to clear Passcode, and they finally join the Wi-Fi again to start processing commands. What a waste of our time and resources. Why? Have you seen how easy it is to hand somebody a Chromebook and the device just sets it all up and gives them access to their documents? Can Apple get closer to this?
Erik Kramer: Better than anyone else (besides Chrome)
Robert Hammen: OS upgrades and software updates get dinged here because of the reliability issues with macOS 15. Apple needs to do a much better job of testing in-house and working with critical enterprise developers (security, VPN, etc), and not depend solely on the community to do this work for them. And, when the community does the work and reports the bugs as critical, Apple ends up shipping the (buggy) OS anyway.
Richard Glaser: Software updates are still a challenge and take too much time and attention for administrators and could be greatly improved for admins and end users is managed and personal environments.
Bryan Heinz: Having deployed some Windows hardware recently, Apple is still leading the way in automated device enrollment and management. DDM OS updates in macOS 15 show promise and give me hope that the worst of software updates is behind us.
Guillaume Gete: Lots of good evolutions with ADE, but MDM management of software updates is still hit-or-miss. Also, lots of profiles missing to manage some advanced features i.e. PPPC management for local network apps which lead to annoying issues with customers.
Martin Piron: DDM software updates has ~85% success rate.
John Welch: The big problem here is there’s not really an Apple deployment method. There’s a JAMF method. A Kandji method. An Intune method. A Mosyle method. While Apple’s way of managing deployments has been a huge help to the ecosystem, it means you trade one form of lock in for another. Profile Manager and Open Directory had their issues, mostly due to neglect, but, they were at the very least a good training ground. Things like plist files and mobileconfig profiles desperately need their own version of visudo, so that you can concentrate on the task and not worry about it blowing up because you accidentally’d a closing bracket. I don’t want Apple to Sherlock a company, but some things should have tools from the primary vendor and no, Xcode ain’t it.
Johnathan Brown: software updates with ddm has gotten slightly better, but does leave some room for improvement, especially in cases where the update fails without a specific reason.
W. Andrew Robinson: This category shares a similar score with Security and Privacy, in that it could have been a much higher evaluation except for some notable issues. But first, a note that ADE continues to be great, and again we should give credit here. I cannot imagine what enterprise deployments would be without ADE and Apple Business/ School Manager. We saw ADE get small but welcome improvements, and that’s worth noting. Software updates and upgrades for the platforms were (with the few notable and already mentioned sloppy rollouts) on the whole okay, but when you factor in the HUGE attention in both marketing and actual resource allocation Apple gave to Apple Intelligence, this subset of features across OS platforms and the dearth of actual delivery of those features, I cannot help but demote this grade. Apple also continues to struggle with their relationship with their developers, and we have to also downgrade them here.
Chris Pommer: Apple’s MDM tools (Apple Business Essentials) are not available in Canada, but I look forward to trying them, especially on the Mac. We continue to use Jamf Now on iPadOS, but gave up on Jamf Pro, and have reverted to manually updating Macs, as the tools were so obtuse (and expensive) it didn’t make sense for us any more.
Brad Chapman: Initial deployment of Macs has gotten a lot smoother, and Apple is responsive to issues discovered during beta testing. Kudos to the Enterprise Workflows team for their engagement across Apple, and for Apple listening intently to feedback from its Enterprise and Education customers.
Tony Young: Requiring minimum version of macOS during Automated Devive Enrollment has been problematic for our organization and we have been unable to pinpoint whether it’s an MDM vendor specific issue or a macOS issue.
Christopher Cook: For the most part, this is excellent. We have a streamlined deployment and the integration of Apple School Manager/DEP with our MDM has been flawless. That said, deploying and maintaining managed apps from the App Store is still an amorphous ritual rolling of the bones wherein IT staff cross their fingers and whisper to themselves, “something will happen eventually. I’m almost sure of it.” Sadly, much of the same can be said of Apple’s new Declarative Device Management settings for software update. While most of these features are dependent on implementation by the MDM, the technology is far from stable. Apple supposedly made significant improvements to DDM with macOS 15.4, but it remains to be seen if it truly address the issues we’re having, or if we need to wait for our MDM to implement the changes.
Jonathan: Provisioning free licenses should have an “”unlimited”” quantity option. Provisioning In-App Purchases need to be introduced!
Luke Charters: Apple’s Automated Device Enrollment is, dare I say, insanely great. When compared to all the pitfalls of Windows Autopilot, it just works. To balance the scale, the experience of performing updates and upgrades really lags behind when compared to Windows. I thought it was getting better but macOS 15.4 and 15.4.1 seem to have taken a step backwards.
John Wetter: We’ve seen good growth and refinement here. Automated Device Enrollment of a Mac purchased directly by an organization from Apple should still be able to be locked to the enrollment path like iOS, it’s confusing why this isn’t an option yet. I understand it not being default for all devices and wouldn’t want the entire ecosystem locked in, but I should be able to opt-in out of the gate. DDM-based Software Update is a big step forward but still seems too brittle. It still fails in confounding ways. We can’t deny the progress that has been made, but with this having been a place of “catch up” for Apple in the enterprise space, it still needs polish.
Morgan Schönberger: This is a split thing for me. While Automated Device Enrollment works very well, the other points do not so much. The introduction of Declarative Device Management for software updates works pretty well on iOS in our environment. On macOS we had less luck with enforcing software updates. I see, that that’s a multi year effort, but still, it feels like there is room to grow into.
Andrew Laurence: Managing an enterprise deployment of Apple platforms — across a multidimensional matrix of deployment models, management contexts, identity management, setup workflows, license management, and MDM tooling — is a massive pain in the butt. Apple’s exacting documentation of only what is … is often a source of frustration. Too often, the holistic theory of operation is a divination exercise left to the reader.
Andy Jelagin: Slow and steady progress has been made on this front, but theses’ still room for improvement.
Edward Munn: Apple Business Manager continues to be US only. For a team like ours, deployment is still mostly reliant on third-party options like Jamf or Intune.
Michal Moravec: Apple has made progress in the reliability of software updates. Several years ago, macOS updates were notoriously unreliable. However, there appear to be some setbacks, such as the discontinuation of Rapid Security Responses (RSR). Managing Mac App Store licenses remains cumbersome. User-based license assignment is essentially a legacy approach, and MDM vendors are moving away from it. Device-based license assignment works better until an organization wants to reclaim a license. It would be beneficial if licenses could be assigned directly to Managed Apple Accounts in Apple Business Manager. Ideally, users signed into the Mac App Store with a Managed Apple Account could request a license directly from the MAS interface.
Rod Christiansen: ADE and Setup Assistant continue to get better. Our shared lab devices pretty much can be wiped with a EACS API call and they auto advance Setup Assistant, enroll in MDM, get management pkgs, and we set everything up with Munki, its a beautiful thing to watch.
Toby Riding: DDM is good but yet again, it’s not flexible enough for Enterprise, it’s almost a “one size fits all” mentality, that’s not how it is in the real world!
John Mahlman: Software updates have been fairly reliable and some welcome changes to automated enrollment have helped make deployments easier.
Bart R: Automated Device Enrolment. Seven year streak of making me look good in front of the Windows admin team. Software updates are getting better but there’s a lot of room for that to happen 🙂
Joel Housman: I have continued to suffer under the regime of not having the ability to roll out necessary security entitlements/permissions to apps each time I deploy a new machine. Its a manual process to enable all of these permissions across a dozen or so apps for my users. No improvement here. If anything, things have gotten worse.
Dennis Logue: There seems to be promise in the declarative device management based tools, but it doesn’t seems like everything is fully baked yet. Unclear how much of that burden lies with Apple vs MDM providers
Adam Tomczynski: It’s an evolving work in progress, especially with OS updates/upgrades. We are slowly getting to where we need to be.
Chris Chipman: It’s improving. DDM was a huge step. Lets perfect it.
Chris Carr: the DDM managed software update seems to work pretty good
macOS Identity Management
Chris Carr: we aren’t using it at all, yet
David McMonnies: Changes to AxM federation are a net positive, but platform SSO is still a less than complete solution. There appears to be little change on the horizon in this regard.
Tom Bridge: Platform SSO remains a product in Apple’s lineup. Its limits, though, and the pathways to adoption, appear confusing, and the patchwork approach to anything other than a local password (for the love of god, just call it a passcode!) plus a Secure Enclave key with Microsoft Entra makes this a rare bird in the Enterprise. Finish the job, please, and make this something where adoption is easy and sensible and available for everyone.
Guillaume Gete: Platform SSO was supposed to be the next big thing for SSO, but after almost two years, it’s still quite cumbersome to deploy and only supported by two major actors. Very disappointing.
Justin McMahan: We don’t currently use SSO in our environment.
Henry Stamerjohann: Although it’s been a thing for years, the migration from Apple ID to MAID seems to scare off larger organisations. Apple should do a better job of demonstrating and explaining how, for example, a subdomain used in the migration can reduce the pain and hassle for many organizations. PSSO is so limited that it’s a hard sell to get most orgs to kick the tyres and adopt it… hopefully Apple will improve it next time and make people happy.
Trevor Sysock: PSSO is clunky and not ready for prime time. A noble and ambitious goal, but we are not there yet.
Jason Smallwood: This is something we are highly interested in, but have not had it fully implemented in our environment.
Michal Moravec: Platforms SSO has introduced several intriguing capabilities for device integration with cloud-based identity providers. However, macOS still requires passwords. It would be beneficial if Apple took a bold step towards a passwordless future, perhaps by adopting a form of MFA that combines biometric authentication with another user-friendly method (such as a PIN or another unlocked device) to fully replace passwords.
Bart R: Face ID, Touch ID, federated identity, whatever…..something needs to happen to get rid of password login to a local account at the filevault login on boot. Create a plugin architecture or something. All the SSO integrations are great but hopefully with all the talk about passwordless and passkeys etc makes its way to filevault unlock.
Gabriel Sterritt: My org is using pSSO and that may have been related to the issues with had with many devices booting to recovery lock after 15.4; we’ve also struggled with our IdP’s PSSO implemetation and unexpected or unintended consequences for certain things – the worst being users could become locked out of their devices and unable to get onto a network to log in successfully. Successful workaround was to leverage a profile with a wifi config and then tell users to reconfigure their phone as a hotspot with that information (we already had one such network deployed that they could use this way for a specific location… otherwise several VIPs would have been stuck while at a conference.) It’s also not really clear how to get into a good state with managed Apple Accounts and the whole rename move was a little confusing and not as easy to say as an acronym, nor how they will be usable by our organization soon. It would be great if Apple were to allow admins to not just allow/block Apple Account sign-in but to restrict to the specific domains that we manage, at least for a primary work ID. Many many many orgs would use this and would encourage adoption. Some would not want to allow a secondary, personal ID, but some would. It’s almost there, Apple, get the ball over the line with macOS 16!
Erik Kramer: Implementation with MDMs is still quite complex.
NC: PSSO is a game changer.
Brad Chapman: The legacy Kerberos SSO does not reliably prompt users to update their password. We’re testing the new Platform SSO extension with Microsoft Entra, but it doesn’t really do much for us. If you can convince your company to pay for it, Jamf Connect is the best solution we’ve ever tested for cloud-based IdP’s.
Rod Christiansen: For assigned devices, PlatformSSO with Passkeys has been a massive improvement. Once the user is logged into the Entra (we are a Microsoft shop) and they have the Mac be a Passkey device, you essentially never have to put your password anywhere again for all our SSO based services. It’s spectacular. The one thing that is lacking is bigger automation here, if a user does not do this manually with the GUI we can not get a Passkey provisioned to them and if the toggle in System Settings > Autofill isn’t turned on as well. Neither can be automated/scripted/deployed. – – – Our move to Managed Apple Accounts for example has been mostly a dud, I was planning for example to use Shared Keychains with my team and use the MAA so its using our company address, but you can’t share keychains with MAA… We though we could move our Pages, Numbers, Keynotes files we collaborate on to the MAA, but its impossible to have a personal and a managed Apple account coexisting on a Mac, you don’t get most features on the secondary accounts, they become useless….
John Wetter: Huge improvements, still work to do. Single Sign-on isn’t the future, it is the present, and it’s still a complex design and rollout to make it ‘real’ in your environment. The device trust frameworks for both device and identity centered around the Secure Enclave looks to be a winner once refined.
Martin Piron: Not using any
Joel Anderson: The new framework is great, and I have seen it work with the Microsoft backend and it is just outstanding. Now Apple needs to get this service supported with more vendors: ClassLink, Mosyle, Okta, Google, etc.
Sujal Patel: They need to focus on working with Identity vendors to improve user experience regarding SSO and security. Example product: Platform SSO, idea is amazing but it still needs to be perfected.
Luke Charters: I think things are moving in a positive direction here, but what’s missing from the picture is the ability to restrict Apple Account sign-ins to only Managed Apple Accounts from the same Apple Business Manager/Apple School Manager instance as the device. The current options are any account can sign-in or no account can sign-in and I want neither of those. It would also be amazing if cloud identities using third party login windows could be granted MDM Enabled User status and always be granted a Secure Token. That would solve a lot of headaches.
Andrew Laurence: Apple has made commendable advances in identity management. Federating cloud identity providers with Apple School/Business Manager works quite well, and extending that to Managed Apple Accounts seems to work as advertised. The macOS SSO extension is maturing but vendor adoption remains sparse.
W. Andrew Robinson: For the enterprise (not consumer) grade on identity, I don’t feel a ‘good’ or ‘bad’ score is warranted. I see great things possible for identity but a messy state of implementation — device trust and identity federation should be easier for Apple to provide tools for enterprise to deploy! They control the (almost) whole enchilada! Platform SSO, managed device attestation, the (continuing, and mostly) sad state of how iCloud behaves in enterprise infrastructures SHOULD be better. I expect it to be better. It is not and this is kind of ridiculous. Apple needs to work better with their vendors and treat them more like partners to jointly improve these areas. This section of the survey SHOULD be a win for Apple, and it continues to be a source of pain instead. I get a headache, for example, when I think of iCloud Keychain, Managed Apple Accounts and enterprise deployments on macOS, and this has been the case for far too long with far too minor improvements.
Christopher Cook: Platform SSO is fantastic.
Karsten Macweazle Fischer: Still too many steps in settings up PlatformSSO, but the outlook seems to be very good
Craig Cohen: Platform SSO strategically makes sense but the lack of clarity and level setting expectations for organizationally owned and managed Apple devices has been a miss. Partners have been slow to adopt and the complexity makes this a miss in the last year.
Chris Chipman: We are not using it yet as we don’t think its enterprise ready.
Robert Hammen: Platform SSO still seems like beta software/like it needs a 4th iteration to actually be usable and reliable. Too many dialogs not appearing, authentication for apps not working, etc. We’ve obviously tested it, as there’s a strong desire to emulate Windows Hello for Business, but it just doesn’t seem reliable/solid enough. Here’s hoping for macOS 16. Managed Device Attestation is currently not available to external applications/is useless if you don’t use the built-in VPN, which many enterprises cannot do.
Dennis Logue: Educational institutions could use more tools to make it easier to get students (particularly younger students) signed in to their Managed Apple IDs.
Jason Hedrick: I have had a ticket with Apple and WS1 open since August 2023 and neither has been able to fix the Kerberos SSO issues we are facing.
Casey Jensen: Platform Single Sign-on, years following release, still contains blockers that prevent enterprise adoption.
John Welch: The core question here is “are you trying to integrate macOS and really any Apple platform with PIV/CAC (Smart)cards? If the answer is “no”, then it’s not bad. If it’s yes, it’s a mess. Even as of Sequoia, you still need a password login the first time because using a smart card doesn’t get you the token you need for FileVault. And using smart cards + macOS + Entra/AD/Google/etc.? I sincerely hope you have a good intoxicant budget, you shall need it.
Mark Lynch: As a whole this remains unchanged, for better or worse. I still yearn for being able to completely deprecate accompanying tools like Jamf Connect to instead opt for a native approach.
Cameron Kay: Platform SSO user registration still can’t be enforced and there is no automated process for registering shared Macs as a replacement to binding to Active Directory. Adding the ability to login to the Mac via Federated Managed Apple Accounts instead of binding to Active Directory should also be implemented.
Toby Riding: It’s getting better for sure but I’d love it if Apple made it VERY simple for iDP’s to access the login window. Jamf Connect can do it but let’s face it, it’s a bit of a hack, a clever hack with the security auth db sure, but a hack nonetheless!
Adam Tomczynski: No major comments.
MDM protocol and infrastructure
Bryan Heinz: For every new feature and especially when they add these security nags, I wish Apple would also implement MDM controls for them. They have a very broad understanding of what consumers want and need. Apple tailors their settings to that. I know what my org needs. I want to change Apple’s defaults to best meet my user’s needs, not what Apple thinks they are. For example, Apple thinks nagging the user for every app that wants to access the local network is good, and that may be true for the average consumer. That isn’t true for my company who relies on apps accessing local network resources. I received a ticket every day this week, each a different user unable to access a local network resource because the OS disabled local network access for an app. As an admin, I should be able to approve these apps network access because it’s best for my user and their company owned devices.
JD Strong: MDM vendors need some incentivizing to incorporate more of DDM. DDM is still not fully baked, and it’s months before documentation is published around it’s inner workings leaving admins to trial and erroring features (if they’re fortunate enough to have an MDM vendor implementing DDM).
Brian LaShomb: MDM and DDM remain highly effective tools, and the added features to enroll devices into Apple’s beta programs are welcome. I would like to see an MDM version of ‘Erase All Contents and Settings’ (skipping the activation step). Currently an MDM erase leaves a macOS device without an OS, and is more of a security response than something admins would use to re-provision devices. Instead we create elaborate workflows using the startosinstall binary provided inside the macOS installer bundle.
Jeff Richardson: MDM is great on the iPhone and iPad. But it needs more work on the Vision Pro. We need Microsoft Intune support!
Andrew Laurence: We are accustomed to new features having little to no available controls, with those available seemingly hastily bolted together — either during beta or an update release. Apple has yet to internalize the notion that the end user may not be the customer; that the customer may have primacy over the user; that the user is a risk being managed.
Dennis Wurster: Command-acknowledgement and post-run reporting are fundamental features of any management interaction. Does MDM have either?
Rod Christiansen: A lot of admins complaint about Software Update but honestly for us, since Sonoma the payload keys they added have really improved how often and how easy it is to manage OS version. We essentially don’t worry about it other than when we see in our monitoring some laggards and we have to nudge users. The majority of devices are on the latest point releases. DDM for MDM is interesting but it’s going to take a long time to be really useful. At this point we don’t foresee doing much with it. Maybe some more high level orchestrations settings such as FileVault enforcement, Gatekeeper, things like that. We use Munki for state management with install check scripts (is it how I want it to be? If not run) and install script (the check said its not as it should be, okay run script) and that is our DDM really. Way more powerful and granular and we can will it to our desires.
Shamir Mohammed: We need more controls for MDM, especially for Apple intelligence. It took a while for the MDM controls to be available to manage all the Apple intelligence features, and there are still some notifications that cannot be managed by MDM.
Christopher Cook: As noted above, DDM Software update continues to be a bag of hurt. While I detest our MDM’s implementation, there is something fundamentally broken between Apple and its MDM partners that so critical a service is so untrustworthy. Making sure my fleet is up to date is of the utmost importance. It is absolutely absurd that – in 2025 – managing software updates is laughably unreliable.
Gabriel Sterritt: I’m still on the fence about DDM. Haven’t had much opportunity to work with it yet, and I haven’t seen any 100% “Mac Admins 1 cool trick” things that will get me on board. The software update part is as close as I’ve come so far and it is working better, although still not perfect.
Tom Bridge: It’s great that Apple keeps expanding DDM. Where’s their enterprise partnership with MDM vendors, though, if it takes a year after the features debut to enter into MDMs? This should be a place where a more tight-knit program should exist, but it doesn’t, and it feels like Apple doesn’t care enough about those relationships to make it work.
Michal Moravec: We appreciate that Apple has taken a step in the right direction with the introduction of Declarative Device Management. However, progress is not fast enough, and it appears that Apple does not engage sufficiently with MDM vendors to encourage faster adoption of DDM. From a customer’s point of view, every new DDM feature is likely to become available many years after its introduction. The new ManagedApp framework introduced in iOS 18.4 is promising. However, the lack of macOS support from the outset indicates a lack of focus on that platform. Furthermore, it will likely take many years for MDM vendors and app developers to adopt this framework.
Tony Young: DDM has been around for enough time that I had hoped we would see far more functionality and capabilities with it over the past year, and we haven’t. Disregarding the slow uptick in MDM vendor support.
Jonathan: Super slow when provisioning apps. Sometimes it needs minutes after login.
Craig Cohen: Declarative Device Management, device attestation and Network Relay has been a tremendous evolution. The adoption from Partner MDM’s needs to be accelerated.
Robert Hammen: Lagging management keys introduced in point updates. Things that can’t be easily managed. Lack of documentation on changes, and very few examples. The Device Management Github is helpful, but there is room for improvement here, particularly around documentation (definitely should have more detailed enterprise release notes, with examples – Apple leaves too many exercises for the admin so every org has to reinvent the wheel and figure out how to implement restrictions/suppress dialogs.). Apple writes documentation like it costs $1 million per word. There’s a fine line between brevity and usefulness, and Apple tends to veer on the former side of that line.
Casey Jensen: We have seen MDM renewals fail and remove all profiles from Macs in our enterprise, and right now believe that Apple is the underlying cause/problem. They haven’t been able to triage the issue effectively.
Mark Lynch: The MDM protocol lacks many key controls. For example, with newly introduced Apple Intelligence there is a significant and detrimental lack of easy control over the feature set as a whole.
Brad Chapman: DDM-driven software updates are a massive improvement over the previous MDM-based commands. We still would love it if Apple would figure out a way to truly force an iOS update without requiring the user to enter their passcode. If Macs can do this with a bootstrap token, why can’t supervised phones do the same?
Alex M: No improvements, but also, no changes. Would be easier if we didn’t need users to get involved with re-enrollment, but I get why.
Morgan Schönberger: MDM is always to two party game, between Apple and the MDM vendors, and us IT professionals standing besides hoping they play well together. I’ve seen deployments being less efficient than they could be, because of features missing from the MDM system. When they play together well, it’s charming.
Cameron Kay: There still seem to be issues with the MDM protocol, MDM vendors ability to implement it reliably, and the reliability of the MDM agent on Apple’s devices. MDM vendors also don’t seem to be able to cope with the load from the number of MDM commands generated to install OS updates on fleets of devices or keep apps up to date.
Martin Piron: Good, need more DDM
Joel Housman: This area has had notable improvements. We use JumpCloud as our MDM provider so sometimes its hard to tell if the improvement came because JumpCloud finally implemented something Apple had previously released in prior years or if this came from same-year improvements, but on the whole things have gotten better.
Bart R: I’ve managed to go quite some time without ever needing to think about MDM protocols. That probably means it’s doing just fine humming away quietly under the hood.
David McMonnies: DDM changes are excellent, however a greater rate of their adoption into the broader ecosystem would be nice. The public github repository for DDM is excellent, more of the same would be great. MDM changes allowed for such as enrollment version control is significant for enterprise.
Adam Tomczynski: For any new features moving forward Apple needs to be able to provide clear MDM managed standard and work closer wtih MDM vendors to support this as well.
Henry Stamerjohann: DDM on macOS is still quite limited in its day-to-day use and has some shortcomings, for example, when dealing with legacy profiles. This is significantly slowing down its adoption by all MDM vendors. This should have been fixed when macOS 15 was released and should not have been postponed again – the saga continues with “A New Hope” on macOS 16. We’ll see.
W. Andrew Robinson: Ok! We can get back to the higher/ more positive scores as MDM for macOS /iPadOS/ iOS are all doing well (well, except Managed Apple Accounts but I’ve already mentioned that!) — Declarative Device Management has been successful at improving OS updates among others, and the more it is adopted and implemented by MDM vendors, the better this will be. As I write this I am looking at the previous comment about treating their vendors better, so we are not seeing a category that can’t get SOME improvement, though.
Richard Glaser: With DDM it appears the are moving the protocol to the right direction, but not enough real usage example to have a history to comment on
John Wetter: Declarative Device Management has changed the game in a positive way and while it’s been out a couple of years now, this seems to have been the year a lot of MDM vendors caught up in paying down their technical debt to really bring innovation around this framework. I’m very excited about the next year in this area. Even with this there were still confounding decisions made like Apple Intelligence being controlled through profiles.
NC: Some commands don’t run when device is locked/at login window, still highly reliable.
Justin McMahan: Jamf Pro allows me to be a one-person shop IT-wise.
Luke: Sending out macOS update commands is still flaky at best.
John Welch: In terms of just Apple, it’s solid, but that’s of little value because if you pick the wrong MDM vendor, then your life is going to be really hard.
Erik Kramer: Does DDM really exist?
Toby Riding: See my earlier DDM answer
Guillaume Gete: The MDM infrastructure is, IMHO, incredibly solid and resilient. Very few issues, almost no downtime. No major issue with MDMs commands.
Mark Frischman: Still waiting for the promised holy land of DDM to bear fruit
Joel Anderson: A while back, Apple made a statement that all new management would only be supported using Declarative Device Management, and then backpedaled when building MDM support for managing Apple Intelligence. Seems to be an indicator that they didn’t provide the engineering/development resources to stick to their guns.
The future of Apple in the Enterprise
Chris Pommer: Like Charlie Brown facing Lucy with a football, I hold out hope that Apple will take (Small Business) enterprise support more seriously in future, but I have been around long enough to brace myself for disappointment.
Barry Caplan: Apple’s focus on its ongoing AI development and application bodes well for increasing its Enterprise footprint.
Adam Tomczynski: Apple’s presence in the enterprise space is only going to grow. This is your opportunity to truly shine—by scaling resources appropriately and investing in strong engineering practices, with a particular focus on robust testing and bug fixes during the beta cycle, well before the golden master release. A solid foundation will lead to higher adoption rates across both enterprise and private markets. The demand is there – meet it with excellence.
Guillaume Gete: Though there are points to improve, as usual, Apple made many efforts to make the Mac more manageable in environnements where Apple products were not seen before. And the consciousness around Apple products is growing.
Andy Jelagin: It is clear that Apple is and will always be focused first on consumers, then professionals, then enterprise. This formula has resulted in great products and profits, so it’s unlikely we’ll see any changes in the immediate future.
Michal Moravec: We anticipate steady improvements. However, some problems will likely persist due to Apple’s operational style and priorities. In recent years, Apple appears to be unsuccessfully pursuing the next big thing (such as Apple car, AR/VR, and AI), which seemingly diverts focus from maintaining and enhancing their existing platforms.
Cameron Kay: Its hard to tell if Apple really gets the Enterprise and is willing to employ enough engineers to implement the functionality Enterprise requires and to fix the bugs in their existing features.
Craig Cohen: Apple as a choice has been fully realized. Growth has seen more than an incremental growth. The only real barrier of entry is legacy network and security systems.
Robert Hammen: I’m still bullish on Apple in the Enterprise, because Microsoft has been struggling with Windows as well (users actively disliking Windows 11). I just think Apple’s continued struggles with execution keeps the door open for a solid competitor like MS, if MS can improve their product, to claw back some market share. New Air price cuts and lease/buyback helps the acquisition part of TCO, but heading into stormy economic waters, and tariffs, this is also a concern.
Andrew Laurence: Enterprise management of Apple platforms demands a vary particular set of skills, unusual in any IT organization. Most often, the “Mac people” know the UX and are unfamiliar with the depths of enterprise management frameworks, shell scripting, identity management, automated deployments, etc. Most often the “IT people” have rarely touched Macs or iPhones, and generally find Apple to be annoying and distasteful. Apple’s laissez-faire approach to the MDM marketplace doesn’t help; many would pay for a first-party solution, but none exists.
Joel Housman: On the whole, there has been steady improvement over time. I just wish there was a way to approve Security & Privacy permissions via MDM.
Henry Stamerjohann: The people at Apple are really listening – the continuous improvement will pay off. The Rise of macOS in enterprises hasn’t peaked yet. And iOS remains to be super strong in Business.
Nicolas Wendlowsky: Apple has shown more focus on Enterprise features and enhancements over the last 2-3 years. But given how profitable the company is, I absolutely believe they can do more and sooner.
Martin Piron: We’re on the right tragetory, they could commit to it even more.
David McMonnies: iOS seems largely fine. But macOS is a tougher sell with lack of MST support being a consistent callout, as well as differentiators in application functionality (not necessarily an apple issue) being particular blockers. Wifi’s lack of granular controls around functionality and performance tuning with common NAC products is also resulting in negative perceptions.
Karsten Macweazle Fischer: Unicorns and roses.
Bart R: Confident that the trend is there for sure. I’m not sure if it’s that Apple needs to learn how to speak to corporate IT departments or the other way round but there have been (that I have seen) efforts to meet in the middle somewhere and that’s a good thing.
Jason Smallwood: I feel that Apple in the Enterprise is growing again. Innovation is key to keeping it there. The biggest challenge is cost per device when it comes to laptops. If prices were to come down, I could see an even larger growth of Apple in the Enterprise.
Alex M: Apple will continue to not think about us. Benevolent ignorance is fine with me.
JD Strong: If Apple insists on rolling out new features in a point release with no MDM/DDM controls, Enterprise is not front of mind.
Marian Albers: Apple needs to implement enterprise friendly management on several parts
Richard Glaser: Hard to really tell since Apple doesn’t disclose roadmap outside short term releases dates and hints at WWDC
Trevor Sysock: The addition of the new Mac Mini and the price drop on the MacBook Air should seal the deal for many orgs looking to offer Apple choice or move away from Windows with the coming EOL of Windows 10.
John Mahlman: While it seems there has been some focus on enterprise, Apple still makes many admin/enterprise hostile decisions (local network prompts, private MAC management). These changes are made during beta cycles and despite what seems like a lot of outcry from admins, no improvements are made. Apple needs to do a better job at working with enterprise admins making some changes.
Luke Charters: Every year it feels like there’s less reasons why you can’t use Apple in the enterprise.
Gabriel Sterritt: This is not directly a reflection of anything Apple is doing. It is a reflection of the current existing political climate with tariffs and talk of economic downturn and leveraging AI to replace people’s jobs. Apple’s continued stumble with Siri and their own AI implementations aren’t helping (although not explicitly hurting either.) In a different economic climate I’d continue to advocate for Apple to spin off an enterprise specific brand much like many automakers have high end luxury brands. Overall enterprise focus at Apple seems to be incrementally improving, and the overall ecosystem seems to be increasingly robust, but it’s never clear how Apple might change direction in a way negatively that impacts enterprise.
Jason Hedrick: The forced use of Apple Intelligence with each update shows they really dont have IT administrators in mind.
Erik Kramer: “Believe”
W. Andrew Robinson: I’m hopeful, still, for great things from Apple in the enterprise. I look back at The Dark Years and see the progress made up to the present and it’s amazing. But this is a 2024 retrospect and so — given this past years’ challenges for OS stability / quality, feature improvement and rollout (and lack thereof!) — we should be cautious in our hope. I felt a few times this year like I did back in the late 1990s and early 00s: that Apple knew about the enterprise but its attention wasn’t fully focused on it. Apple can be great here. They have done great things in the past in this area. They have also neglected this space far too often. I want them to do better so I will award a ‘hopeful’ score. Everyone — even Apple — makes mistakes and missteps. Learning from those mistakes is what is important. Doing better should always be the goal and it requires focus and investment from management to drive those improvements. I think Apple is best when they focus on doing what they are good at. I think the whole Apple Intelligence is a debacle that reflects a lack of focus and attention. It feels rushed, and with some things ‘fast’ is not always ‘best.’
Marcus Rowell: With AI dominating the future, I’m even more uncertain about Apple’s long-term role. When all our data, apps, and now AI, is run in the CloudOS and delivered by a browser, where does Apple fit? Privacy and security are more important than ever, but can on-device compete with the CloudOS? There’s one glimmer of hope: “Private Cloud Compute.” Apple needs to embrace the browser and CloudOS and go all in on building a new Private and Secure OS on “Private Cloud Compute.” This is a place where all our data, apps, and AI runs that is trusted, private, and secure, and only accessible by our personal devices. This is Apple’s biggest opportunity since the iPhone.
NC: Possible lack of managed cloud services, however pretty reliable using common industry tools (Fileprovider Cloud apps). Would be nice to allow personal keychain sync on top of the main account being a MAID, but QR passkeys may resolve this. Most services moving to cloud administration allowing remote account disabling (rendering saved password useless after employee leaves org).
Casey Jensen: Apple does continue to offer controls where they are needed, albeit slowly, and reactively. They are doing a better job of communicating changes, but there still is a lot of opportunity for improvement. They need to continue to improve considering the enterprise during feature design, and considering control design during feature design, and prior to rushing these out the door. They need to be more candid and clear about architectural changes that enterprises should focus on testing during OS releases. They need to improve their ability to debug complex issues and collect log sets in an easier fashion.
Morgan Schönberger: Overall it gets better, not worse. The Apple Admin ecosystem is pretty strong, and so far Apple seems to acknowledge the presence of the open source community around Apple in Enterprise. When I look over to my Windows colleagues it’s not even close in several categories. The main issue I have is 3rd party vendors not acknowledging that there are enterprise needs, leading to manual work in deploying apps and drivers. Apple seems to know, that they have enterprise customers, and they don’t work too much against them. They are mainly a consumer brand, but having individual contributors using the tools they know and love in an enterprise setting makes for a great workplace.
Jeff Richardson: We have come so incredibly far since 2007, and I think Apple really wants to expand enterprise adoption.
Rod Christiansen: I’m mostly always generally surprise that they do keep adding features year to year, and I have been surprised by a lot of them that I didn’t think we needed and they give us. But I always feel a disconnect from what the Mac admins really are dealing with on the ground and Apple’s roadmaps. There are some Apple folks in the Slack secret Seed for IT channel and they do listen but I don’t know still a disconnect.
Brian LaShomb: Kiosk iPads in conference rooms remain painful to manage. Try to update an app running in single app mode and have it return to that mode after updating. It seems impossible to do in iOS, starting to think using Android devices might be easier.
Toby Riding: I work for a very large Global company that is seriously considering moving over the thousands of Macs we have to PC’s. I know right‽ Why? Because we have to buy 3rd party apps to shoehorn the Mac estate into the Enterprise environment. Jamf Connect for one example. This costs a lot of money, a lot. If something big doesn’t happen within the next two years I really think they’ll throw in the towel and move everything to Windows.
John Wetter: I’m excited for more enterprise centric content from Apple. With an industry leading hardware platform for both reliability, ease of use, and security, I’m hopeful that their software teams can rise to the occasion and make Apple a first class citizen in the enterprise space.
Mike Wells: I would like to see Apple pay more attention to the needs of smaller organizations, as I get the sense their tools and systems are more geared toward very large ones.
Chris Chipman: I would like to see bigger investments and shorter timelines.
OS adoption
Christopher Cook: We make OS upgrades available as an optional install, and require them at the end of the school year. Over the past few years, we’ve noticed an increase in the number of people who optionally install the upgrade early. That said, Apple’s advertising of the upgrade in System Settings helps a lot with that.
Trevor Sysock: The only hurdle we still see for OS upgrades are 3rd party or custom bespoke application developers not keeping up with the pace.
Cameron Kay: There have been a number of show stopper bugs in macOS 15 that have preventing us from upgrading our entire fleet. Sadly it looks like Apple doesn’t have time to address these bugs in macOS 15, hopefully they’ll be addressed in the intial release of macOS 16.
Toby Riding: macOS isn’t the problem, it’s ALWAYS 3rd party software that isn’t quick enough at getting ready for the new macOS releases. Sometimes up to nine months after public release, urgh!
Johnathan Brown: it would be slower if better support for the “minus 2” in “n-2” was better; it feels bad to be forced to upgrade if you care about security and compliance
Guillaume Gete: Faster… for those who moved to Apple Silicon. For those still on Intel Macs, it’s more difficult to jump into the train. Hoping to have everybody to move to Apple Silicon in 2025 though.
Luke Charters: It would go a lot faster if the updates didn’t dump the Macs into Recovery mode all the time.
Nicolas Wendlowsky: About the same is purely because of the security app stack we had. It’s changed recently so that I believe we’ll be able to realistically get updates out much quicker.
Sujal Patel: I am glad they are streamlining the software updates between all platforms to make it easier on end users and IT admins.
Fluffy Bunny: the sporadic and random releases that are reactionary rather than proactive.. its 2025!
Brad Chapman: We’re using an open source app called Nudge to encourage our users to update their Macs, and this has resulted in a staggering number of voluntary upgrades to Sequoia with very little noise. As for third-party vendors, the ones we use have definitely improved their day-1 support for the latest version of macOS.
Marian Albers: No major issues like the years before (kext, rosetta,…) but support from (some) 3rd party software is still not 0day
Richard Glaser: Many are starting to refer to macOS updates as similar to Windows as it is more problematic and appears more QA and in depth research and testing is needed.
Andrew Laurence: Here in late April, we have yet to begin managed upgrades to Sequoia. Most users are content to wait for a managed upgrade cycle. We move users forward when known business blockers are resolved; such blockers are often not resolved until halfway through a release cycle. The efficacy of MDM tooling, operating within the evolving story of Apple’s update methods, remains a challenge.
Gabriel Sterritt: As I already indicated, moving from Sonoma to Sequoia (and getting Macs running older systems was the smoothest transition in years.)
Marcus Rowell: We had other, more important work to do this year, so while most of our users were upgraded to Sequoia within the first 90 days, we had 10% that we couldn’t migrate until recently. Evaluating and testing major OS upgrades is a massive effort every year, but unfortunately, it’s necessary from a security viewpoint.
Chris Pommer: For many years we typically stayed one version of macOS behind, but the general reliability of the OS and deprecation of older OS versions by some software (e.g. OneDrive) has made us accelerate. iPadOS is typically up-to-date (once the x.2 release is out).
Henry Stamerjohann: I personally see the enforced software update (which works quite well based on DDM) and the workflows based on Nudge + SOFA, as well as many other related tools, to be helpful in accelerating the adoption of latest OS with end users. The great new hardware also helps to phase out older OS versions and Intel Macs faster.
John Wetter: We’ve continued to shorten our timeline of support for N minus anything with getting people on the current OS.
Joel Housman: We already adopt the newest versions almost as soon as they’re released. Major OS versions in the fall are adopted within 30 days.
David McMonnies: Since Ventura overall uptake of current versions has been fairly consistent – that is not to say that overall this hasnt been a significant improvement from a few years ago.
Craig Cohen: More than functionality but for security and reliability, we have seen larger organizations that were historically a year behind on adopting current OS, now are no more than 90 days for adoption.
Tom Bridge: Apple Intelligence being confusingly integrated into restrictions made us less likely to push to people to use Sequoia.
Andy Jelagin: OS adoption goes hand in hand with day one stability and compatibility, and Apple has made significant advances in the area over the past 3 years.
JD Strong: We once waited until a x.2 release to roll out an OS, but Apple only allows us 90-days for deferrals, so it’s turned into a spray-and-pray for deployments.
Michal Moravec: We aim to offer the latest major macOS version within a couple of days of Apple’s release. However, this hasn’t been possible due to issues with the initial (.0) release. We typically enforce upgrades across our fleet 3-4 months after the initial release of the latest major macOS version. Our goal is to reduce this delay to 1-2 months. With macOS Sequoia, we managed to upgrade slightly faster compared to previous releases, but not as quickly as desired due to multiple issues that required fixes.
Brian LaShomb: This was the buggiest macOS release cycle in over 10 years. Network extensions specifically were continually problematic. The confusion around Apple Intelligence controls didn’t help matters. Some admins have resorted to aggressive measures such as restricting access to the Siri preference pane altogether in System Settings to try to control it for their devices.
Shamir Mohammed: We’re not sure what surprises the new macOS and its update will bring. Until macOS 15, we delayed update availability for 30 days. Now we’ve moved that to 90 days. Even after those 90 days, we aren’t encouraging our users to update to the latest version. Instead, we’re advising them to use N -2 or 3.
Rod Christiansen: Well we don’t really have an option now haha… we have only a 90 day grace period and devices update themselves. It’s mostly okay. For lab shared devices for example, the Sept/Oct macOS release means that every device will auto update around the December break so we tend to get ahead of that. But this year we have while the term was still going and classes were running around December 2nd or 3rd an overnight Sonoma to Sequoia update on 80 Macs we were not expecting. Thankfully I’m generally on top of testing things during the beta cycle and we were ready. I don’t mind the annual releases, I think it is good they give attention to every OS every year regardless of having sometimes more features that other years. There’s a good 3 month beta period and another 3 months we can defer the major OS update so it’s mostly fine. The last big scare was when they took away Python 2.7 from the OS in the February/March mid cycle…. That was a scramble.
Robert Hammen: My previous employer had to defer 15.0/15.0.1 due to the network extension/firewall issues. My current employer did not detect them before release and ran into all sorts of issues. Previously both orgs had been actively pushing Day 0 support. Will be expanding our QA/testing this summer to hope the macOS 15 disaster doesn’t repeat itself.
TJ Draper: Major updates are blocked for 2-3 months to make sure it won’t kill our software stack and business, then required after they are vetted (usually by me for our team). Patch updates are usually allowed after a couple weeks.
Martin Piron: Major bugs with our security agents, took weeks for full support.
NC: Scheduled OS updates are working a lot better than before.
Adam Tomczynski: Due to delay in support of my security vendor, the rollout of the new operating system was slower than previously. I’m looking to switch to a vendor which provides improved support.
Bryan Heinz: Fueled by DDM updates my org is n-1 for the first time. We would be current, but software update bugs have stalled automatic upgrades from 14 to 15.
Morgan Schönberger: We are starting to adopt Declarative Device Management more and more, and it really helps with software updates, especially on iOS, where we have less tools to enforce them otherwise.
Edward Munn: Enforced policies for updating security releases, though we don’t allow to upgrade to a x.0 release until it has been internally tested. (Usually 2 months, November)
Apple Intelligence policies
Christopher Cook: The only source of contention for Apple Intelligence is its integration with ChatGPT. On-device and private cloud compute are fine, but having Apple Intelligence hand-off to a third party vendor for a built-in service seems like we are tacitly endorsing the use of ChatGPT when we have no institutional data use agreement with them.
Richard Glaser: Apple Intelligence currently has little to no real benefit to user automation and productivity. And long standing issues with Siri are coming more and more to light with many other options performing much better with more accuracy. Hopefully, Apple organizational changes will finally help and improve Siri in the future
Bryan Heinz: The current policy that I really want is the ability to stop advertisements for Apple Intelligence. Look, we know it exists. Please stop nagging and begging our users to use it. Frankly, it’s embarrassing. Let me suppress the prompts so my users don’t get nagged. If we want it, we’ll find it and enable it.
Robert Hammen: The piecemeal way that Apple released the various MDM keys for Apple Intelligence was frustrating. Given the way that traditional (non-declarative) MDM works on macOS, this required us to create separate profiles and scopes to manage the various keys across the OS releases (and this is where improved documentation and examples would help immensely, versus people having to figure things out independently, and scour Slack/blogs for the info). It would have been much better had the keys all been created in 15.0, even if they weren’t implemented, so they could be managed when the feature shipped.
Bart R: I like the idea of using AI and LLM reasoning when I call for it. I’m not a fan of having it shoehorned into everything just because. Results from AI interactions are good more than 50% of the time but no-where near what is required to let it be the default response giver.
Joel Anderson: While I responded with “all okay”, the real answer is 3rd party tools are OK, as long as they have been vetted for privacy concerns. Also, being in education, we may turn these features on for some users, but have tighter control for other users.
John Welch: The fact that the only way you can completely disable Apple Intelligence is also to completely disable Siri, even through MDM is honestly stupid. That’s the kindest word i can come up with. There are too many environments where this is a requirement, environments Apple is well aware of. To ignore what is a blatantly obvious problem like this one is again, stupid.
Anthony Reimer: I feel fortunate that we are only managing third-party integrations at my institution. Apple didn’t envision that Mac Admins would be told to block all of Apple Intelligence, even Private Cloud Compute. Thus, in each point release, we have seen different management keys added that (due to the nature of the technology) have to be deployed when that particular point release is deployed and not sooner. It was more complicated than it needed to be.
John Wetter: I am hopeful that in the future there will be the ability to allow third party AI solutions but requiring a login. For example, allow to utilize Microsoft Copilot but only as an authenticated user so your data protection policies are honored.
Guillaume Gete: Apple does not wish to provide a full on-off toggle for Apple Intelligence and forces its activation nowadays. This sucks.
Craig Cohen: N/A
Chris Pommer: Most of the AI™ features so far seem relatively benign, and some people find them helpful. That said, as creative workers, we discourage image or text generation tools. That said, some of the Adobe / Pixelmator tools are pretty helpful in editing images.
Joel Housman: We aren’t really concerned with Apple’s AI for our staff.
Andy Jelagin: Decision makers need to come to terms wit h the fact that adoption is inevitable, and focus on security education, rather than building porous walls.
Rod Christiansen: We are not limiting these at all. I let our Faculty and Staff use their devices as they see fit to the most part. We are not about restricting too much. As long as my reporting is accurate, the OS is updated, FileVault is on, and I can erase lost/stolen devices we’re happy.
NC: Not allowing third-party tools, may review if we can connect to managed/custom tools e.g. Business Copilot, Local AI Cluster – Something more private and managed.
Luke Charters: We can only use third party if we can restrict it to models we pay for on a business or enterprise plan.
Jason Smallwood: As of now we are restricting users from utilizing Apple Intelligence. The largest concern is guardrails for Company proprietary / PII / HIPPA / SOC data being potentially utilized.
Erik Kramer: We are still exploring how Apple Intelligence and other AI services fit in our (PK-12 educational) environment.
Toby Riding: The Security Team mostly want it turned off due to it feeding into ChatGPT sometimes, they won’t stand for that whatsoever.
Martin Piron: Make it easier to add third party LLMs
Brian LaShomb: Apple did a good job at defining the design and security of Private Cloud Compute (PCC). But they haven’t declared what their various services use, whether it’s on device models, or PCC. And the ChatGPT integration is limited to writing tools.
Cameron Kay: When Apple actually ships some AI feature that’s not a gimmick and is actually useful we’ll re-evaluate.
Brad Chapman: We’ve only been asked to leave Apple Intelligence off by default. Users can still enable it after deployment if they so choose. We weren’t exactly thrilled to discover that, if you turned off Apple Intelligence, macOS reënabled it during a recent macOS update (IIRC it was 15.3.1 or 15.4).
Gabriel Sterritt: Foremost, turning Apple Intelligence back on after an update when the user has turned it off already – doing this with ANY setting – is user hostile. This was one of the other really frustrating things from the past year – that with every update to Sequoia there were new MDM restrictions available for new aspects Apple Intelligence, but they were limited AND NOT BACKWARDS COMPATIBLE. So I had take care to deploy specific profile settings to 15.1, 15.2, 15.3, 15.4… that was not fun and not elegant. It would have been nice if Apple could have put more thought into this and simply ignored keys that weren’t applicable until the OS could understand them; and to have the OS “”reload”” the config upon updating so that if we botched some aspect we didn’t need to remove/reinstall the profile to get AI managed as close to our desired stance as available in the controls. A typical case of Apple backhandedness – giving us what we want but not in a way we could effectively use it. The rollout also lacked clarity on what to expect. We got into a situation where we had some users with Apple Intelligence turned on after they updated before we realized new MDM flags could be put in place, and then once we pushed the restrictions, they would get prompts about Siri being unable to activate, and resolving that required removing the restrictions again; it only affected a few users otherwise it could have been quite burdensome for our organization to resolve.
Marian Albers: After wwdc 2024 i was eager to implement apple intelligence with an enterprise approved LLM but with the current implementation progress is 0%
Andrew Laurence: Thus far, our device management policies take no position on Apple Intelligence.
Adam Tomczynski: Forget Apple Intelligence. Siri is getting worse by the year. Example: I’m not able to use it to send a SMS message my most frequently used names in my address book.
Mark Lynch: Apple has failed to provide necessary control over Apple Intelligence.
John Mahlman: The rollout of Apple’s intelligence has been quite disappointing. Adding features in each point release then only offering piece meal controls (or completely omitting them until a later version) is not how new features should be added. It’s been frustrating to know what can be controlled and even what items are “on device” only as Apple still doesn’t provide clear documents for this.
Nicolas Wendlowsky: This feels like another industry-wide fad where everyone is creating a solution that had no problem. I’m sure AI/ML has its practical uses, but the speed and breadth with which AI has been shoe-horned into every possible tech stack is giving me whiplash and I can’t wait for it to quietly be removed in a year or two once the higher-ups realize that not only do most people not want it, they will do a lot to avoid it; the next ad campaign is going to be “Try Our App: it’s AI-Free!
Fluffy Bunny: what an utter shit show.. how many config profiles do I need to deploy.. and for point OS releases.. there should be an OFF switch..
Shamir Mohammed: Enterprises should have options to have control over Apple Intelligence via MDM. This is an internal process that requires review before allowing users access to new features. Without this ability, rolling out a feature means security risks for the organization.
David McMonnies: Most enterprise and education organisations are electing for complete disablement. When elected to be enabled functionality is largely limited to allowance of the writing tools
Trevor Sysock: The controls Apple has offered are confusing and not well thought out.
Marcus Rowell: 3rd Party AI usages needs to be governed in our organisation. We have approved providers who we accept the risk of using.
Karsten Macweazle Fischer: I get that Apple wants everybody to use it, but if you need to disable it for some reason its unnecessarily complex to do.
W. Andrew Robinson: If there were any implementations of any kind of value here, I imagine we’d be paying MUCH more attention to these ‘features’ — but as I think many of us know, there’s nothing of real value here yet.
Mike McLean: My policies are determined by DISA, HIPPA, and other regulatory frameworks.
Tony Young: Please… provide a all encompassing “disable Apple Intelligence” MDM key..
Jeff Richardson: Security is incredibly important for attorneys, and it makes a huge difference that Apple is trying to keep AI safe to use.
Personal use of AI in your job
Luke Charters: I’ve had models hallucinate Apple MDM keys, I only knew they weren’t real because I’ve been doing this for so long. I find AI is only useful if you already have good knowledge of the subject matter. On the other hand, it’s amazing not having to write my own regular expressions anymore.
Andrew Laurence: AI has yet to meaningfully contribute to my technical duties. While many seem eager to have it create solutions from nothing, its functions remain limited to that of an editor/explainer. Like Cliffs Notes, it can be an excellent supplement and is no replacement for the original creation.
Jason Smallwood: I’ve used AI features to assist with re-writing emails, generating scripts, and for some troubleshooting.
Chris Pommer: Mostly experimentation, but have found some use using Perplexity as a search tool. I remain skeptical of it’s use.
Edward Munn: Debugging issues.
Adam Tomczynski: While I find it useful don’t use it much yet. Looking for this to grow.
Toby Riding: ChatGPT usually fails in what I want it to help me to code but DeepSeek is far more accurate, I always have to refine it plenty so it’s not there yet but it’s a timesaver for the initial typing for sure!
Gabriel Sterritt: I think I changed tone on a couple of emails by copy/pasting through TextEdit, but I’ve been working in Google shops lately and Chrome (understandably) doesn’t leverage Apple’s AI writing tools in text entry boxes. This feels like a great place to leverage the services available to right-click and use AI writing tools for any selected, user modifiable text. But Image Playground sure is fun for a few minutes from time to time.
NC: Somewhat fun to use but yet to have an iPod moment.
Brad Chapman: Putting aside the rampant hallucinations and over-confidence in today’s LLMs, recent studies have also shown that over-reliance on artificial intelligence reduces critical thinking and analytical skills at all age and skill levels. If you don’t put in the work to learn the fundamental skills and spend the time critically analyzing your work, you won’t spot mistakes hallucinated by a bot. As a member of SAG-AFTRA, I cannot in good conscience support the use of Learning Language Models and Generative Adversarial Networks, because these tools are decimating the entertainment industry by taking away work from hard working industry creatives.
John Wetter: I think we are still very much in the “trust but verify” AI mindset.
Nicolas Wendlowsky: The only practical use I’ve personally found is some basic script translation (‘convert this bash script to PowerShell’) or having it use API documentation to create script functions. Otherwise, it’s largely ignored.
Dennis Wurster: It’s been fine for generating responses to text messages. Apple’s tech in this area doesn’t have a killer-app for MacAdmins yet.
Robert Hammen: The only real useful AI feature to me is the notification summaries, and sometimes those are inadvertently hilarious. I can’t think of a use for Image Playground at all.
Rod Christiansen: I am extensively using ChatGPT and Copilot in Visual Studio Code to do my Mac and Windows Admin work. The quality of scripts and the speed we can iterate has reaaaaally been a game changer. I’m just getting a lot more done and a lot faster. The bulk of the past 12 months has been migrating all our operations from local on prem Mac mini/Mac studio to cloud based DevOps operations and API calls between services (Inventory, Azure, Intune, TDX, etc, etc) and AI has really helped. Brainstorming ideas is fantastic, you find out options so much faster.
Marcus Rowell: As a part-time coder, AI is fantastic. I have a clear idea of what I want to achieve and have a good sense of good and bad code. The AI covers the rest remarkably well. AI for audio transcription has been incredible, and AI for research and guidance, like “as an enterprise Mac Admin, how do I?” has become so good that I barely use Google anymore.
Mark Lynch: I have not found myself wishing for any of the AI features, especially when a lack of control exists. These are therefore not approved in our organization. Third-party tooling fulfills my needs, especially having been through a proper approval process involving legal an security teams.
Bryan Heinz: AI is a crudely mixed bag. It’s over hyped, was created via stolen data, and is contributing to climate change. That’s a lot of negativity to overcome. Personally, the one area I’ve found to be useful is web searching and summarizing those searches with sources. This has definitely sped up my research and work. Is that worth torching the earth? Probably not.
Bart R: I have a mac studio running ollama and open webui that I use to play with various models. LLM’s will produce either productivity enhancing output or hot garbage. There’s no middle ground. I use LLM’s with this understanding and process what comes out of them accordingly. Given rate of progress it will be interesting to see what will be possible in the next 12 months but unless there is some major breakthrough I don’t thing a 4GB model capable of sitting in RAM on a phone is going to be able to do much. Too much nuance is lost when quantising pre-trained models down to that level. Hopefully some improvements in the efficiency of on-device training in order to give semi-decent contextual results is on the horizon. I remain interested, but highly sceptical.
Cameron Kay: Useful for assisting with script writing and processing/formatting data.
John Welch: None. I have issues with setting the world in fire and stealing work so I can have a slight convenience.
Morgan Schönberger: I like to use Gen AI for getting a quick overview of large log files. Also, MS Copilot is pretty good with short scripts and regular expressions. Those are both things I can proof-read pretty well, but aren’t as good in coming up with them in the first place. This makes it way quicker than googling around and copying from StackOverflow.
Joel Housman: ChatGPT mostly. Have had some experience with other models. Most use is to research technical tasks (IE feed it the owners manual for a piece of networking hardware to then figure out how to perform a task on said hardware).
Christopher Cook: I enjoy the new proofreading tools, but I have no intention of ever using AI to re-write something I’ve written. My voice is my own and, flawed as it may be, I want it to carry through in everything I write.
Trevor Sysock: It’s just really bad compared to other providers.
Craig Cohen: Apple Intelligence has yet to rise to the level of existing solutions. I appreciate weighing privacy and security but it forces user to use eternal solutions.
Grant B: In my own personal use, the new siri has been mostly useless for answering knowledge questions. It often asks to hand off tasks to ChatGPT that should have just been redirects to web searches like it did before. Genmoji is a fun gimmick that I have used a handful of times, but not nearly as much as I thought I would. Image playground is ok, but falls behind what most other models are able to do at this point. The handwriting improvement is usually helpful, unless it is unable to decipher my writing and changes the words I have chosen. Generally, AI has been helpful for coding questions, but AI in the broad sense, not Apple Intelligence.
Jeff Richardson: Still waiting for Apple to come up with the killer feature for Apple Intelligence.
Tony Young: I use apple intelligence on my personal device to proof read, and even summarize my own text. I also make use of notification summarizes and hope to see continue improvements in this area.
Martin Piron: Github copilot is the only one I actually find usefull
JD Strong: Like anything, AI, specifically LLMs, if you give it garbage, you’ll get garbage out.
Karsten Macweazle Fischer: Getting ideas
John Mahlman: I use writing tools for basic text updates, that’s really about it.
Dennis Logue: While I have made use of AI tools from other companies, I haven’t found a use for any of the AI features that Apple has released.
Mark Frischman: Yes. Not Apple’s features sadly. Don’t have much call for creating cartoonish emojis in my work.
W. Andrew Robinson: See the same as above — if Apple Intelligence offered what I was promised back in June 2024, I imagine I’d be using them. As things stand today, I am not.
If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.