---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:03 PM @Scott asked Does the given workflow of enabling Enrollment SSO also work with Automated Device Enrollment or will this be a User Enrollment feature only? 8 replies Mike S (Apple) 3 days ago This is only for User Enrollments. Automated Device Enrollments are not supported. :cry: 3 Mike S (Apple) 3 days ago What kind of experience were you looking for here? I presume this would be a case where you're requiring a user to authenticate as part of the ADE enrollment process? So you'd want to trigger the ESSO app download while still in Setup Assistant? Scott 3 days ago Yes, that's pretty much it. We would like to mirror the process as much as possible. It makes these processes easier to train to other admins, more convenient to debug, and causes less technical debt. :clap: 1 :+1: 2 Daniel 3 days ago I want the enrollment through ADE to also setup the Authenticator at the same time. So, for example, you would use Okta Verify to perform enrollment so that the user wouldn't have to authenticate twice to get an SSO experience :eyes: 1 Frederick 3 days ago I had the same question as Scott for the same reason - less overhead for our support folks and less moving parts to potentially go wrong. Andrew 3 days ago Largely the same here — ADE, acquire and do SSO during Setup Assistant, for building and signon of the new end user account. Mike S (Apple) 3 days ago Thank you. This is great feedback! Andrew 3 days ago (Just realized this is about Enrollment SSO. I’m thinking macOS, so my comment is likely about Platform SSO.) ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:06 PM @Scott asked With Platform SSO coming to all platforms, does this mean that other forms of User Enrollment (install profile, account driven, etc.) are being deprecated? 7 replies Mike S (Apple) 3 days ago Not at all. Platform SSO is only available on macOS and Account Driven User Enrollment is for iOS. Also Platform SSO requires MDM to be setup, so you’ll still need to be in MDM via some enrollment style before this can be setup. Scott 3 days ago The video stated that it was coming to iOS and iPadOS as well. Is that not the case? Graham M (Apple) 3 days ago Can you point out where you see that? Enrollment SSO is for iOS and macOS. Platform SSO is for macOS. Scott 3 days ago I see the distinction now. I mis-spoke in my original question then as I was referring to Enrollment SSO. Joseph 3 days ago Platform SSO requires MDM to be setup, Where's the docs for this? I.e. what does an MDM server need to "setup" to support this? Dan F (Apple) 3 days ago There are new keys for Platform SSO in the ExtensibleSingleSignOn: https://developer.apple.com/documentation/devicemanagement/extensiblesinglesignon?changes=latest_minor and ExtensibleSingleSignOnKerberos payloads: https://developer.apple.com/documentation/devicemanagement/extensiblesinglesignonkerberos/extensiondata?changes=latest_minor :slightly_smiling_face: 1 :+1: 2 Joseph 3 days ago oh god, I just envisioned IdP enabled Kerberos and now I'm in a fetal position. :laughing: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:08 PM @Jonathan asked We would like to use managed Apple IDs with ADE-enrolled devices, but allow for a personal Apple ID as well, a la User Enrollment. This is not possible, is it? 4 replies Graham M (Apple) 3 days ago This is not currently possible with all possible iCloud services. The user could sign into their personal account as a secondary account and get a subset of their iCloud data classes. Blayn 3 days ago Doing so, as mentioned(secondary personal AppleID), still doesn’t grant use of Continuity features, does it? Graham M (Apple) 3 days ago It does not. Blayn 3 days ago Thank you for the confirmation - we’ve not been successful despite our best efforts. Though it’s a bummer. :cry: ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:11 PM @Shawn asked Will there be an MDM command to set the Secure Boot Level from Medium Security to Full Security? The other way around works via MDM. 2 replies Danielle D (Apple) 3 days ago Not at this time, but we encourage you to file feedback. Danielle D (Apple) 3 days ago It is useful to understand your workflows and why this is important for your enviorment. :+1: 2 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:15 PM @Scott asked In the video, there was a code example of enrollment-sso.json. Is this filename and location fixed or will we be able to specify a location for the json file? Are there any naming convention restrictions or domain restrictions like we have with Account Driven User Enrollments? 3 replies Mike S (Apple) 3 days ago There are no restrictions on the URL, beyond it being an https URL. Typically the Enrollment SSO document would be hosted by the server processing the user enrollment flow (which itself is likely to be the MDM server). Scott 3 days ago So this is not a user-crafted file like with the Account Driven workflow? Cyrus D (Apple) 3 days ago The enrollment SSO document contains data specific to the MDM service and will likely be auto-generated by MDM servers that support the new feature. :+1: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:15 PM @Sai asked Is Declarative Management going to be available beyond User Enrollment? 1 reply Graham M (Apple) 3 days ago Yes! As of iOS 16, tvOS 16 and macOS Ventura declarative management is now supported everywhere MDM is supported and make sure you watch tomorrow’s video for all the details! :raised_hands: 5 :heart: 5 :clap: 2 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:20 PM @Blayn asked Is there any hope for seeing Continuity features being supported for Managed Apple IDs in MacOS 13 or iOS/iPadOS 16? :+1: 7 :pray: 6 3 replies Graham M (Apple) 3 days ago This is a great feature request! Please submit feedback using the Feedback Assistant and let us know what the impact is for your organization. :pray: 1 Jayson 3 days ago We'll submit one too. We work in a regulated environment but our creative users could benefit greatly having these available with their Managed Apple IDs. Blayn 3 days ago Thanks, we have, and will continue to. The Camera Continuity (with overhead deskview) will especially be a coveted feature to our users. :heavy_plus_sign: 7 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:25 PM @Graham asked Will MDM software be able to manage the ability for users to disable LaunchAgents and Daemons in System Settings, which has been introduced in Ventura? And also to control whether the notifications for these will be shown? :100: 11 :eyes: 3 9 replies Mike S (Apple) 3 days ago We don't have anything to share at this time, but we understand the concern. Nevertheless, please file feedback about this! :pray: 4 Frederick 3 days ago FB10042114 already open, and thank you for your openness to consider! :+1::skin-tone-2::+1: 4 Mike S (Apple) 3 days ago Your feedback and the quantity of it helps us prioritize it! Joseph 3 days ago Yes, this is a deployment blocker for us. :100: 7 Eric 3 days ago I imagine this will be a big deal for us too. Eric 3 days ago I plan to file this feedback, but a way to approve Privileged Helpers without the user would be great. We are seeing their use more in enterprise software. (edited) :heavy_plus_sign: 2 Graham 3 days ago Thank you for your response. We will get a feedback put in as this is definitely a serious blocker for us, since it allows a user to override basically any macOS management tool. :+1: 1 Mike 3 days ago We have feedback open on this too: FB10073928 :+1: 1 Joseph 3 days ago Same FB10049102 :+1: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:26 PM @Mike asked This morning's video included a reference to "MDM Friendly Migration" (Mac OS Summary chart under Setup and Migration). Perhaps I missed it but I don't think there was discussion about this nor is there an outright listing in the documentation. Is there a place fore or a session with more details? 6 replies Danielle D (Apple) 3 days ago In macOS 13, to avoid management conflicts, Mac computers enrolled in an MDM solution will no longer allow the transfer of the following settings using Migration Assistant: System Network Printer :partying_face: 5 :heart: 6 :gratitude-thank-you: 3 Danielle D (Apple) 3 days ago This is not referencing migrating a device from one MDM to another. Frederick 3 days ago Whichever engineers are responsible, please thank them and tell them from our helpdesk that this will be a HUGE timesaver! :100: 2 Mike 3 days ago a welcomed change for sure. Thanks (though MDM migration would be interesting for sure) Cameron 3 days ago So is this using Migration Assistant during Setup Assitant or later using the Migration Assistant app once the user has enrolled their device and is at the desktop? David 3 days ago How will migrations of an AD bound machine with mobile accounts be handled when migrating to Ventura where Platform SSO is taking the place of mobile accounts? ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:28 PM @Daniel asked Why does install OS update with priority only work for minor updates? 1 reply Graham M (Apple) 3 days ago We understand that this something that would be useful but there are some additional technical details that major OS updates require that minor OS updates do not. :+1: 2 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:30 PM @Daniel asked Will there be a pass key implementation for enterprise that has iCloud Keychain disabled due to data governance? 2 replies Jesse E (Apple) 3 days ago Passkeys require iCloud Keychain, which works with Apple IDs. Managed Apple IDs are typically used in organizational contexts, because organizations often require administrative control over accounts. iCloud Keychain is not supported for Managed Apple IDs. That said, please submit feedback for any feature requests you have related to this topic (passkeys in the enterprise)! :+1: 3 Daniel 3 days ago :+1: ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:32 PM @Daniel asked I don’t quite get how device attestation works. Does it require a 3rd party CA for your device to provide attestation to an MDM or a IdP? 1 reply Adam S (Apple) 3 days ago You can learn more in the Discover Managed Device Attestation session and Meet the Presenter lounge. Apple DeveloperApple Developer Discover Managed Device Attestation - WWDC22 - Videos - Apple Developer Learn how to use Managed Device Attestation to ensure only legitimate devices can connect to your servers while attackers are thwarted... (8 kB) https://developer.apple.com/wwdc22/10143 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:34 PM @Sai asked Can ACME protocol be used to issue device identity certificates during MDM enrollment? 2 replies Adam S (Apple) 3 days ago Yes. You’ll be able learn more in the Discover Managed Device Attestation session and Meet the Presenter lounge Apple DeveloperApple Developer Discover Managed Device Attestation - WWDC22 - Videos - Apple Developer Learn how to use Managed Device Attestation to ensure only legitimate devices can connect to your servers while attackers are thwarted... (8 kB) https://developer.apple.com/wwdc22/10143 :raised_hands: 1 Eric 3 days ago I need to learn more about this, but I assume this will help with Conditional Access policies. Hopefully we see this come to macOS someday. ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:34 PM @Frederick asked Documentation says the System Preferences profile type is being deprecated. Do you have an ETA on a replacement for the new System Settings interface? There are still specific pieces that we may need to disable from machines, especially in environments such as labs. :worried: 1 4 replies Graham M (Apple) 3 days ago We are not planning offer a replacement to the System Preferences payload. The current payload has been setup to do a mapping to grey out the areas it used in System Preferences. What we would like to do in is introduce additional restrictions or new payloads to manage settings that need to be managed. Please file feedback to let us know what specific feature you need to manage. :+1: 2 Andrew 3 days ago Based on what I’ve seen so far, I like the greyed-out implementation of things that were blocked in System Preferences. Frederick 3 days ago Thanks Graham! We haven’t completed testing on that part yet, but a mapping should do for now. I’ll open some feedback further into the cycle about our workflows to feed into those new settings. Mike 3 days ago For EDU organizations specifically, it may be difficult to play whack-a-mole picking which restrictions are needed to fully replace this functionality. It may be nice to continue to have parity. :+1: 3 white_check_mark eyes raised_hands ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:34 PM @Thomas asked For a small company with maybe 10 users large MDM solutions seem not to be the perfect solution for software distribution. Yet, asking employees, who bring their own devices, to spend hundreds of euros / dollars on apps for business use is not the perfect solution. Is there a recommended way from Apple for a company to buy apps for users, that they can use in their personal Apple IDs and their store accounts? 1 reply Jacob C (Apple) 3 days ago Volume app purchases in Apple Business Manager can be transferred to employees using redemption codes. The license transfers to the employee's personal Apple ID in that case. Managed app distribution (either device based or user based) with MDM allows you to revoke and reassign licenses and the company retains ownership of the license. :+1: 4 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:35 PM @Frederick asked MDM initiated updates have gotten significantly better but are still somewhat unreliable for timing and do not have a great user experience. What improvements are planned in macOS Ventura around this? :heart: 4 :100: 2 3 replies Graham M (Apple) 3 days ago If you are seeing specific issues please file feedback with sysdiagnoses so we can investigate the issues you are seeing. Lewis 3 days ago (edited) Frederick 3 days ago We will continue to file - most have been closed for one reason or another without resolution. Thanks! ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:38 PM @Cameron asked Is binding to AD and mobile accounts still supported in macOS 13? :eyes: 1 1 reply Adam S (Apple) 3 days ago Yes, this is still supported. :+1: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:38 PM @Scott asked What does Apple consider a "minor update" related to OS update priority command? Would macOS 13.0 -> 13.1 be possible or are we only talking about 13.0.0 -> 13.0.1? 1 reply Danielle D (Apple) 3 days ago In this example a minor update is both 13.1 and 13.0.1. :+1: 9 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:38 PM @Frederick asked Can you clarify the usage of the allowUSBRestrictedMode command in MDM? Does this outright block all devices, or does it enable the feature for the user and they can decide? 1 reply Graham M (Apple) 3 days ago Installing the restriction will cause the system to behave like macOS 12. The user will not get prompted to approve attaching new accessories. :pray: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:40 PM @Joseph asked Platform SSO seems neat. Will we ever get WebAuthN or hardware key support in ADE web auth? :eyes: 3 5 replies Lewis 3 days ago Any video demos too on platform SSO? Jesse E (Apple) 3 days ago WebAuthn support within web views is not related to Platform SSO. To request support for WebAuthn within specific web views, please submit feedback. Joseph 3 days ago Not related, but I was hoping that with the support for IdPs in Platform SSOs, Apple would see the wisdom in supporting modern auth for ADE. We have two open feedbacks already over the past few years, which are being duly ignored. FB9017798, FB9971816 Jesse E (Apple) 3 days ago @Joseph The need is understood — we are making a lot of investments in this area and your feedback is helpful. Please do continue to submit feedback on this and other areas where you believe improvements can be made. Joseph 3 days ago You want a third one? ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:42 PM @Frederick asked With Platform SSO, the session mentioned that if the IdP password changes, the new password is verified "on unlock." Does this indicate that the user's local account password is sync'd, or is the verification only within the SSO extension and not affecting the local account ("offline" credentials if you will excuse the reference)? :heavy_plus_sign: 2 :ok_hand: 1 :eyes: 1 10 replies Jesse E (Apple) 3 days ago The local account password is synced when possible with the password. On unlock, if the password is different than the local account password, it’s synced it if it verifies with the IdP. :clap: 1 :+1: 1 Frederick 3 days ago Thanks @Jesse E (Apple)! One follow-up if that’s ok - is there a method to prevent that sync should that configuration be desired? Scott 3 days ago Does that sync also update the FileVault password? Jesse E (Apple) 3 days ago @Frederick can you share more information on what your use-case is for preventing a sync? Jon 3 days ago So if the password at the IdP is different than the local password and the Mac is restarted. The local password will get the user to the desktop and the IdP password will be used at next unlock (ei. Wake from sleep). Is there any visual indication of this temporary discrepancy to the user? Jesse E (Apple) 3 days ago @Scott Yes it does :clap: 1 :heart: 2 Frederick 3 days ago @Jesse E (Apple) mostly for shared accounts on the local device in a more kiosk-mode. Think of situations where a single device might operate a piece of equipment, and a single local user account is used. However, we want to still allow the SSO extension to be used while the user is active on the workstation. Frederick 3 days ago Note, this is a very odd edge case and I definitely prefer the sync behavior, it is most choice. Jesse E (Apple) 3 days ago @Jon The local account password is either the current or previous IdP password. If it doesn't work, then we prompt the user for the correct password and sync everything. Frederick 3 days ago @Jesse E (Apple) another workflow that was just mentioned to me by another admin is corporations who want local device creds to remain separate from network creds (to reduce blast radius in case of credential compromise). I suspect the answer there is a more standard SSO extension and not Platform SSO? ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:44 PM @Frederick asked We want to use Configurator in our provisioning team. However, the requirement of having a highly-privileged Apple Business Manager account (and the limit on quantity of accounts) is problematic. Is there a plan to introduce a role type that can only add and not edit any settings or release devices? :heavy_plus_sign: 1 3 replies Graham M (Apple) 3 days ago Thank you for this feedback. In terms of limited of accounts, Device Manager accounts are unlimited so that should solve that part of it. I understand that even Device Manager accounts may have too many permissions for your needs. Please file feedback for this. :pray: 1 Frederick 3 days ago Got it - thanks Graham! Will open some feedback on it. For our provisioning team, not everyone is an employee, and we want to ensure warehouse folks have the bare minimum needed. :+1::skin-tone-2: 1 Danielle D (Apple) 3 days ago Understood! Please include these details in your feedback. :+1: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:44 PM @Jonathan asked Any possibility to only allow continuity between enterprise-managed devices? :+1: 1 4 replies Jacob C (Apple) 3 days ago Continuity requires a personal Apple ID. If your users are using their personal Apple ID on enterprise managed devices, they can take advantage of Continuity between devices using the same Apple ID. Scott 3 days ago This is yet another use case where it makes sense to have a Personal Apple ID and a Managed Apple ID on the same system. Blayn 3 days ago @Scott in my experience, using both a personal and MAID results in no joy for Continuity features. I’m eager to learn how others have been able to get this to work if it is possible. Scott 3 days ago I am trying to highlight that I think most organizations would like their Managed Apple IDs to work like personal IDs, just managed, and adding the ability to sign into both on a system would like work accounts to work features, whereas personal accounts could be linked for other features. Each organization will consider that line to be different, but I think it is important to allow that customization. :heart: 4 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:46 PM @Andrew asked Is Rapid Security Response more than a renamed Gatekeeper/Xprotect? Will information be available on the kinds of content it encompasses? How are Rapid Security Response content differentiated from what's in XX.YY.ZZ version updates? 1 reply Danielle D (Apple) 3 days ago Yes, it is more than Gatekeeper/Xprotect. Safari updates can be included in RSR. We understand the request for details about each RSR. Stayed tuned for more information. :+1: 8 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:47 PM @Frederick asked The new priority key for OS updates is very interesting, and I have two questions about it. First, does setting "High" cause a reboot to be issued (similar to InstallNow) or only to download and prepare? Second, what is the behavior for "Low"? It was not mentioned. 3 replies Mike S (Apple) 3 days ago The priority only changes the priority with which the download is accomplished. When high, it will be done ASAP. Otherwise, the download is discretionary and the system may defer the download to higher priority user activity. :+1: 1 Frederick 3 days ago Makes total sense, thank you! Does this affect the priority of the prepare operation and nice it down for low priority as well, or ONLY the download? Mike S (Apple) 3 days ago Only the download. The prepare phase doesn't get throttled by the system. :raised_hands: 2 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:49 PM @Joseph asked Any chance of device attestation making its way to Macs? Pretty please? :heavy_plus_sign: 3 :pray: 7 2 replies Danielle D (Apple) 3 days ago :smiley: This is great feedback! Shawn 3 days ago Might have shed a tear when I saw it was non-Macs only :heart: 2 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:50 PM @Shawn asked Will there be a more direct method of disabling Find My Mac via MDM? 1 reply Graham M (Apple) 3 days ago Please file feedback on this and let us know about your specific use case. ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:50 PM @Jayson asked The Mac Evaluation Utility is amazing. Any chance it will be included in macOS by default, preferably with CLI options like NetworkQuality? :100: 9 :heart: 2 1 reply Adam S (Apple) 3 days ago We’re glad you like it! Please be sure to file feedback, so we can consider this in future updates. ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:54 PM @Cameron asked Be useful if the user should see some sort of progress indicator when managed software updates are running in the background. Like a menu item or something in the Dock :100: 5 :pray: 1 2 replies Adam S (Apple) 3 days ago Thanks for the feedback!! Mind filing this? Cameron 3 days ago Ok will do ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:55 PM @Jayson asked I know that Remote Remote Management can be enabled via MDM. Are there plans to add this capability for Remote Login (SSH) as well? 1 reply Danielle D (Apple) 3 days ago Not at this time. Feedback is welcome. ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:55 PM @Cameron asked Will PlatformSSO handle forced password changes from the IdP. And if the password has changed on the IdP the next time the user boots their Mac and need to unlock FileVault will the need to use the new or old password? :100: 3 2 replies Frederick 3 days ago On a similar note - how does Platform SSO handle the user being disabled in the IdP? :100: 3 Cameron 3 days ago :+1: ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:57 PM @Cameron asked When using Migration Assitant during Setup Assitant. Does it migrate your data first then prompt to enroll in the MDM or the other way round? 1 reply Mike S (Apple) 3 days ago Enrollment happens first. :raised_hands: 2 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:57 PM @Ryan asked Any possibility to restrict devices from using consumer Apple IDs and limit them to Managed Apple IDs? :fire: 4 :eyes: 2 4 replies Graham M (Apple) 3 days ago Great feature request, please file feedback using Feedback Assistant and let us know what your use case is. In general we would expect this supervised only, if we did do this as a supervised only feature would that meet your requirement? :pray: 1 :raised_hands: 1 Ryan 3 days ago Supervised is fine, I'd expect that for this kind of feature :heavy_plus_sign: 4 Blayn 3 days ago It would be great to somehow auto-populate deployed devices with assigned MAIDs restricting the opportunity to use a different one Nick 3 days ago This would almost be in line with how Shared iPads can now have 3 pre-specified domains. (edited) :+1: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:59 PM @Frederick asked Not a question, just a comment - THANK YOU THANK YOU THANK YOU for doing this Q&A on Slack this year!! It has been super helpful to see everyone's questions and avoid duplicating, and I feel way more connected with the team and comfortable with answers compared to the usual lab format which I've always felt not technical enough to request. :point_up: 8 :+1: 4 :clap: 7 :heart: 5 4 replies Danielle D (Apple) 3 days ago Your'e welcome! Happy to be here with you all! :heart: 3 Max B (Apple) 3 days ago We’re so glad that you joined! :heart: 3 Adam S (Apple) 3 days ago Thank you for joining us. Hearing feedback directly is always invaluable and we’re glad you could join us! Enjoy the rest of the WWDC sessions this year. :heart: 1 Graham M (Apple) 3 days ago You are so welcome! It was great to chat with everyone and hear about all the new features you are excited about! :heart: 1 Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:59 PM @Frederick asked Not a question, just a comment - THANK YOU THANK YOU THANK YOU for doing this Q&A on Slack this year!! It has been super helpful to see everyone's questions and avoid duplicating, and I feel way more connected with the team and comfortable with answers compared to the usual lab format which I've always felt not technical enough to request. :point_up: 8 :+1: 4 :clap: 7 :heart: 5 4 replies Danielle D (Apple) 3 days ago Your'e welcome! Happy to be here with you all! :heart: 3 Max B (Apple) 3 days ago We’re so glad that you joined! :heart: 3 Adam S (Apple) 3 days ago Thank you for joining us. Hearing feedback directly is always invaluable and we’re glad you could join us! Enjoy the rest of the WWDC sessions this year. :heart: 1 Graham M (Apple) 3 days ago You are so welcome! It was great to chat with everyone and hear about all the new features you are excited about! :heart: 1 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 5:59 PM @Jason asked For the new features talked about so far,.. is Documentation forthcoming (soon) on Developer.apple.com .. or later towards Fall 2022 ?.. where would be the best location to bookmark or keep an eye on for Documentation or KB updates ? 2 replies Graham M (Apple) 3 days ago The documentation should already be live on developer.apple.com. If you turn on the API changes it will highlight all the keys that are new. We also have our new documentation available as YAML data on GitHub now!! github.apple.com/apple/device-management :raised_hands: 3 Frederick 3 days ago https://developer.apple.com/documentation/devicemanagement?changes=latest_minor is the bible I’ve been studying the last 24 hours if it helps :smile: :raised_hands: 2 ---------- ---------- Device Management - Ask a QuestionWORKFLOW Jun 7th at 6:03 PM @Mike asked Are there any changes in Ventura to the current requirement for a user to interact with the notification when using `MaxUserDeferrals` with `ScheduleOSUpdate` (in order for the counter to decrement)? 1 reply Danielle D (Apple) 3 days ago There are no current changes, but we are committed to make improvements to software update. :heart: 3 ----------