Apple’s latest platform updates from What’s New for IT at WWDC26 introduce several meaningful improvements for device management, security, and shared device workflows across macOS, iOS, and iPadOS. These enhancements continue Apple’s push toward stronger identity integration, reduced operational overhead, and more flexible shared device models.
Smarter Shared Device Reset with Return to Service
Return to Service can now be triggered manually by users or automatically after inactivity. Devices can check back in with management services to retrieve updated enrolment configurations, improving automation for shared device environments such as classrooms and frontline use cases.
Granular Control Over App and Binary Execution
Apple has introduced new controls to define exactly which apps and binaries can run on supervised devices:
- Allow/Deny app rules for iOS, iPadOS, tvOS, and visionOS
- Enhanced binary control on macOS using Endpoint Security
This gives organisations more precise control for compliance and security, while still allowing flexibility through managed app exemptions.
Reduced Management Overhead for Approved Apps
Managed applications can now be automatically trusted using new configuration options, simplifying ongoing rule maintenance and reducing administrative effort.
Improved Package Removal and Cleanup
macOS now supports controlled uninstall behaviour for managed packages. IT teams can ensure that all associated files are tracked and removed when an app is uninstalled, helping maintain clean and compliant devices over time.
Modern Authentication with Platform SSO Enhancements
Platform SSO continues to evolve with web-based authentication:
- Full identity provider (IdP) sign-in experience at login, lock screen, and FileVault unlock
- Support for multi-factor and QR-based authentication
Additionally, Touch ID and Apple Watch can now be enforced as phishing-resistant MFA factors at key authentication points.
Expanded Support for Shared Device Scenarios
Apple is significantly improving shared device capabilities:
- FileVault now supports authenticated guest access on shared Macs
- Shared iPad will support authenticated guest mode with Managed Apple Accounts
- Faster login experience with automatic SSO integration
- No need to pre-configure storage quotas for temporary users
What This Means
These updates collectively:
- Strengthen Zero Trust and identity-first strategies
- Reduce operational overhead for IT teams
- Improve security posture without sacrificing user experience
- Enable more practical and scalable shared device deployments
It will obviously take some time for vendors to implement all of the new features, but it’s exciting to see Apple “raise the floor“ of what’s possible across the platform.
