Discover AppleSeed for IT and Managed Software Updates
With AppleSeed for IT, you can help your school or business test pre-release versions of Apple software and provide valuable feedback directly to Apple. We'll guide you through getting started in AppleSeed for IT and provide insight on how to file great feedback collaboratively within your organization using the new Teams feature in Feedback Assistant. You'll also learn more about Managed Software Updates in macOS Big Sur, including how to delay major updates or security and system files for employees' machines while you certify the release on their systems.
Hello and welcome. My name is Danny Rust. I'm an EPM on the Customer Feedback team here at Apple, and I'd like to thank you for tuning in for our session.
I'll be guiding you through the first portion covering topics including testing betas, the AppleSeed for IT program and filing feedback for your organization, which include a brief demo before handing it off to Jared, who'll talk about the exciting new changes regarding managing software updates. Apple makes great tools for business. Our tools and platforms help employees solve problems in creative ways, be productive wherever they are and collaborate more effectively. IT departments work incredibly hard and with some key goals in mind: Test diligently to stay a step ahead of emerging security concerns, ensure devices and apps operate efficiently, minimize downtime and compatibility issues and enable employees to have the best user experience possible. To deliver on those goals, key elements in your environment-- your IT infrastructure, third-party MDM solution, Apple devices and business-critical apps-- must be ready when new software versions are publicly released to your users.
The truth is, we can't possibly replicate all the various education and enterprise environments out there, and we need your help to make sure you're ready to deploy when the latest OS ships.
Apple has many programs for seeding pre-release software to developers, business and education customers and other audiences. All these programs help users provide valuable feedback to Apple. It's important to note some distinctions.
The Public Beta is available to all users who sign up at beta.apple.com and is generally geared towards reporting livability or general use type issues. Updates in this program can be less frequent. We currently support Public Betas for iOS, iPadOS, macOS, tvOS and now this year, watchOS.
The Developer Program's for app developers to incorporate new features into their apps, use new frameworks, test using simulators and various SDKs and make sure their apps run on the new OS when it releases.
And AppleSeed for IT. It's why you're here and what I'll be discussing next.
AppleSeed for IT is a seeding program focused towards IT professionals in enterprise and education. In this program, Apple deploys a variety of software across all platforms for you to test. We provide in-depth beta documentation and release notes that are focused on IT admin workflows.
Test plans are provided to ensure the newest features work in your existing environment. The surveys are so you can help us better understand that environment. We're committed to testing year-round and we hope you are too. So, how can you help? Well, you have specific infrastructures, mission-critical apps and services that are important to your employees, staff and students. We need you to test against your unique environments and provide feedback on what doesn't work and what you'd like to see next. We are most interested in feedback about deployment blockers, the kind of issues that would prevent you from deploying the latest OS when we release it, and regressions, or things that don't work in pre-released versions, but do work in the last public release. If you're ready to get started, we've made it even easier to enroll. Simply use your Managed Apple ID. If you don't have one, talk to your Apple Business Manager or Apple School Manager administrator about generating one. Also, make sure to associate your e-mail address on the account to receive important communications from the program.
Next, log in to appleseed.apple.com using your Managed Apple ID and accept the program terms. If you participated in AppleSeed for IT last year, you'll do the same flow. Just sign in using your Managed Apple ID and accept the new program terms for this year. Next, you'll configure your devices to receive pre-released updates. You can push the configuration profile or the macOS Customer Beta Access Utility to any device you want to use for testing. Both are available for download on appleseed.apple.com under the Downloads tab. Remember that each participant that's testing needs to sign in and accept the program terms. Now, once you're started, we want to encourage collaboration. You can communicate with our AppleSeed for IT participants in the AppleSeed Discussion forums, and we encourage you to collaborate with your teammates as well. This allows you to discuss pre-release features with other participants who have also accepted the program terms. Many of you likely have existing contacts within Apple, either through your account team or through AppleCare. It's important that you submit all issues you encounter through Feedback Assistant. These other internal teams can also assist during your testing.
With an AppleCare for Enterprise or AppleCare OS Support agreement, you can request testing assistance from an AppleCare Account Manager or an Apple Systems Engineer. These experienced Apple agents can quickly guide you through testing, submitting feedback and tracking any issues, and you can also notify them about any deployment-blocking issues that you report through the Feedback Assistant app.
Next, I'd like to talk about how you can file great feedback for your organization. These tips will help us in triaging your issues more efficiently. Remember to file immediately after the issue occurs with the device it occurs on as this will ensure the necessary logs are gathered. When possible, note the time of the issue and include thorough steps to reproduce, or if relevant, attach a screen recording or a screenshot of the issue. Additionally, we host several profiles unique to enterprise and education configurations to help gather additional relevant logging.
This year, we have some exciting new features to share in Feedback Assistant, our application for filing feedback on pre-released software. For that, I'd like to introduce Pete, who manages our engineers responsible for Feedback Assistant. Feedback Assistant is available on iOS, iPadOS, macOS and the web, and it helps you send us feedback on your experiences with our software. It's designed to provide concise, yet detailed forms to capture the problem, to collect system logs and diagnostics and to be the place for you to keep track of your bugs as they work their way through Apple. One of our biggest feature requests has been about collaboration. Organizations have told us how they want to share information about bugs that affect more than one person. And when someone leaves the company, their feedback goes with them.
So, we're really proud to announce Teams, new in this year's OS releases. Teams allows members within an organization to work together on feedback with Apple.
Teams are configured by Apple Business Manager or Apple School Manager for AppleSeed for IT, and in App Store Connect for the Developer Program.
Members of a team can see feedback created by their teammates, see responses from Apple and participate in that back-and-forth.
And, when needed, you can reassign a feedback so a different teammate gets notified in case of vacation or departure.
We've also done a lot of work to help you provide better feedback in areas like Continuity, AirDrop and syncing. Often, we need diagnostics from both devices to figure out the problem. So, we've added a feature we call multi-device diagnostics. When you start a new feedback on your iOS device, Feedback Assistant can remotely gather diagnostics from other devices signed into your iCloud account. When you submit, the diagnostics upload from each device directly to Apple, so you don't have to wait for them to finish and sync over to the device you're using. Like Danny mentioned earlier, collecting logs right when you see the problem really helps us, so now you can get all the logs from all your devices all at once.
Let's get into a demo to see how this all works.
Here's the main screen of Feedback Assistant. I'm logged in using my Managed Apple ID. There's some new UI here. Organizing feedback that belongs just to me and feedback that belongs to my team. Let's start by creating a new feedback.
Here's the form to create a new feedback. I'm going to make an iOS bug. I think it's relevant to my organization, so I want to make it a team feedback.
Choosing my team here makes sure that the feedback I create will be visible to other members of my organization in Feedback Assistant.
Let's add a title.
And this is a Continuity bug.
And it's incorrect behavior.
I had the problem with Safari.
Between my iPhone and my iPad. On a very busy day. And I'll attach my screen recording later.
Let's add the description.
Okay. So, now it's time for attachments, so let's take advantage of multi-device diagnostics. A sysdiagnose is already gathering from this iPad, but I was using this iPhone when I encountered the bug, so I think diagnostics from there will be useful too. I can add them using the Add Attachment button.
I'll chose the iPhone that I was using...
add it to the feedback, and now it's collecting a sysdiagnose as well.
I want to move on, so let's submit the feedback. Here's another new feature in iOS 14. You don't have to wait for diagnostics to complete before sending your feedback. Feedback Assistant will let me submit right now, and as long as my devices stay online, they'll upload the diagnostics to Apple when they finish.
Great. So, here's the feedback in my team's Submitted box.
If you've been in the AppleSeed for IT program before, you probably filed some feedback. All that feedback lives in your personal space. To let your teammates collaborate on that feedback, you'll need to move it to the team space. Here's how you do that.
This is the Submitted box in my personal space. And here's a Wi-Fi bug that I filed a few months ago. Now, I can make it visible to the rest of my team.
To do that, I use the More Actions button up here and select Move to Team. Feedback Assistant will ask for confirmation, and I'll go ahead.
Now that you can see not just your feedback but your team's as well, we've added some new areas to the app to help you keep track of it all. We have multiple in-boxes for organizing content that belongs just to me and feedback that belongs to my team. At the top of the source list, we've added some smart boxes to group certain kinds of content. For example, we have News. Here are the latest AppleSeed for IT release notes. There's also Requests, where I can see I have a survey to answer.
Now, let's take a look at collaboration. Here's a bug filed by my colleague, Sean.
You can see at the top, the enhanced status. It looks like a lot of other people had reported this bug, and it's showing that it's been fixed.
So, a lot of us did see this bug. I remember it, and it's definitely fixed in the latest release. If I look down at the bottom, here's a request from Apple to verify that fix, and I can fill that out right here.
Yes, it's resolved.
So now, here's a feedback from my teammate Monica, who just retired. Congratulations to her.
She's not on the team anymore, so she can't respond or see the feedback. That's indicated by the icon to the left of her feedback. I want to reassign this feedback to someone else on my team so they get notified in case Apple has a response.
Now, because I'm the administrator for this team, I have some extra abilities on feedback in my team space. I can reassign this feedback to a different teammate.
I'll assign it to Sean.
Now, if Sean wants to send it to somebody else, he can do that too, as the current assignee.
We have two other abilities available only to administrators. Remove from Team moves the feedback back into a submitter's personal space. And current assignees already have the ability to close the feedback. But as an administrator, I can also close my teammate's feedback when we're done with the bug.
Teams functionality is available in this year's iOS, iPadOS and macOS releases and on the web at feedbackassistant.apple.com.
Now, I'll hand it back to Danny to talk about configuring team feedback. Thank you, Pete. For those of you wondering how to start using Teams, there is some configuring available on Apple Business Manager and Apple School Manager to discuss.
Within Apple Business Manager or Apple School Manager, please ensure that roles you want to participate have Participate in AppleSeed for IT privilege enabled. By default, this privilege is enabled on all roles in Apple Business Manager. There must always be an AppleSeed for IT administrator in your org. The Administer AppleSeed for IT privilege is required for administrator roles and optional for people manager roles.
In Apple School Manager, the Administer AppleSeed for IT privilege is also mandatory for the administrator role and optional for the site manager and people manager roles. Participate in AppleSeed is enabled by default on all roles except students, which are excluded from testing. Let's recap. Testing keeps us both ahead of the curve. There are so many incredible ways to use Apple's technology, and we need your help to ensure that your organization isn't negatively impacted by the next release.
The AppleSeed for IT program is focused on education and enterprise IT departments, and we encourage you to participate with us.
And with Teams in Feedback Assistant, you can truly collaborate on team-owned feedback. We're excited for you to try it out, and we can't wait to hear your feedback.
Now, I'd like to introduce Jared who'll be discussing the exciting new changes around managing software updates. Thanks, Danny. My name is Jared, and I'm a software engineer on the Installation Team at Apple. As my colleagues discussed earlier, it is critical for IT and system administrators to be engaged in the development of pre-release software. Your involvement during seeding ensures that you and your organization will have a smooth transition into every update that Apple ships to its users. Ideally, organizations should be deploying updates as they are released by Apple. However, sometimes you need a little extra time to qualify and deploy updates throughout your organization. This is where managing software updates comes into play.
Managing software updates puts you in control over the deployment schedule of updates. It gives you time to verify that updates are compatible with your company's workflow and existing propriety software.
Although this qualification should be done during seeding, sometimes more time is necessary.
Enables IT to have a uniform understanding of what Apple software is running on their devices. By having a deterministic insight into what software in your organization is running, it empowers your team to deal with the same sets of issues across devices. It's important to remember that updates contain critical improvements in the areas of stability, performance and security. Therefore, organizations should do their best to deploy updates as swiftly as possible.
Starting the installation of a software update via Mobile Device Management, also known as MDM, is a great choice for in-place upgrades. An MDM command can be sent to supervised devices to download the latest qualifying version from Apple.
Administrators can specify to download and stage the update, or to install the update as well. A phased rollout approach can be useful to reduce network congestion. It is also advised to implement content caching servers for organizations with constrained Internet resources.
It's important to note that only updates that are still being signed by Apple are permitted for installation.
It is also required for devices to be enrolled in supervision in order to remotely update the device.
For iPhone and iPad, if a device has a passcode, that passcode will need to be entered first by the user before the installation begins.
Let's start by talking about iOS, iPadOS and tvOS.
On these platforms, Apple supports deferring software updates.
This is controlled by MDM and can be deployed to supervised devices or through a profile.
If you choose to enable deferral, the default behavior is to defer all updates for 30 days from the time that Apple releases the update. The IT administrator can also override this default and specify a value between one to 90 days, so that you can pick whatever schedule works best for you.
Once the deferral window has expired, the next update is evaluated and is either presented for installation or is also deferred.
Deferral windows are determined by date, not by release version number.
Once an update has been installed, it is not possible to downgrade without erasing the device. Apple only supports updating devices to newer versions of the OS. Apple signs its software for production use, and older releases may be revoked to ensure that customers are not susceptible to downgrade attacks. Therefore, if an erase install is performed, it may be rejected by Apple if the version being erased has been revoked by Apple.
Typically, when a user navigates into the Settings app and taps on Software Update in iOS or iPadOS, they'll be presented with this screen. As you may note, the user has full control over their own update experience.
When you implement the managed software update restriction, you'll see this screen instead if an update is presently being deferred.
On macOS, software updates control more than just operating system updates, it also controls out-of-band updates such as Safari. Therefore, we provide extra options through the MDM interface. An administrator can schedule a scan across their fleet, fetch the list of available updates for all Macs, get the status of all updates in progress and schedule updates for installation. The remote management of updates requires the device to be supervised.
On the Mac, the automatic checking for updates, download and installation is controlled by the settings that the user has specified in the Software Update Preference pane in System Preferences.
These settings can be controlled via MDM and are fully manageable. IT Administrators are empowered to make software update settings a user choice, or to fully override them.
For macOS, the deferral process is similar to the iOS process as we've discussed earlier. You can deploy a configuration profile to delay updates for up to 90 days.
But here are some unique things about the Mac.
Deferred updates are transparent to the user in System Preferences. Once an update has passed its deferral window, the user will receive a notification to update and the update will become visible in System Preferences.
The Mac does not need to be supervised in order to defer software updates. A config profile can be installed to control these settings.
Updates are automatically deferred by date, not by their version number. This allows the deferral of multiple OS Updates in succession rather than only deferring one update at a time. For example, it is possible to defer 10.16.1 and 10.16.2 while 10.16.3 is currently released. As long as it has not been greater than 90 days since the update was released by Apple.
In prior releases of macOS, it was not possible to defer software updates while an update was in seeding.
Let's take a closer look at how you might choose to manage software updates.
In this example, macOS 10.16 will be released for approximately 30 days. Please note that this is only an example.
Typically, before Apple chooses to release an update, it undergoes rigorous beta testing. This is the time at which you should start getting involved in testing the release against your workflows. By qualifying your environment during seeding, gives you time, and Apple, to fix any issues that are discovered before the release ships.
Now, on day 30, Apple has decided that macOS 10.16.1 is ready to ship to the public. This is exciting because the bugs that you've been filing with Feedback Assistant may now be fixed. Now it's time to certify the final build against your environment. This is the time to defer the software update. Preferably for as short of a time as possible.
The update is then pushed out to your environment...
and then the cycle continues.
We want IT and enterprises engaged in testing the features that they know and love before they are deployed to their organization. Therefore, we are bringing support for deferring software updates while macOS Big Sur is undergoing seeding.
Administrators are encouraged to try out the deferral of software updates and to file us feedback using Feedback Assistant if they find any issues with the deferral of updates.
In addition, we received tons of feedback from Mac admins requesting the ability to defer major releases of macOS. As of macOS Catalina 10.15.4, we introduced the ability to defer major releases under the same deferral window as other software updates.
We plan on improving this in the future, and we value your feedback.
In macOS Big Sur, we have some exciting new security changes that better protect our users.
This year, we have unified our installation technology across all of our platforms. The Mac now uses the same reliable and secure installation technology as iOS.
In addition, we are snapshotting the system volume. This enables a quicker software update experience since the system snapshot is patched while the user is using their Mac. This is similar to the experience iOS and iPadOS users have come to know and love.
We are also cryptographically sealing those snapshots using authenticated APFS. This enables us to verify on boot that the user's system matches what was delivered by Apple. As file system blocks are read from disk, they are hashed up the file system chain and compared to the root hash. If the root hash does not match what was signed by Apple, the seal is considered broken and the device's kernel will immediately panic.
On macOS, we realize that there are power users and researchers that want to be able to modify the system volume. Therefore, Apple is permitting authenticated APFS to be disabled by modifying your security settings in the recovery OS, though this is strongly discouraged.
Lastly, the qualification of OS updates is now server-driven as it is on iOS. With these exciting new changes, we are deprecating some less commonly used technologies.
In macOS Big Sur, we have removed the ability for third-party software update catalogs. As it is on iOS, the installation catalog is managed by Apple.
We are also dropping support for deferring updates indefinitely. As we have discussed, updates contain critical reliability, performance and security updates. Therefore, we want our users to be on the latest software possible. For macOS Catalina and macOS Mojave, we will be reintroducing support for ignoring updates in the 10.15.6 aligned security releases as long as those devices are under supervision. However, in macOS Big Sur, and moving forward, ignoring updates indefinitely is no longer supported.
We are strongly encouraging you to utilize update deferral and participate in seeding.
As a reminder, make sure to actively participate in pre-release software. Get your feedback in early to ensure your organization is ready for the upcoming release.
Join AppleSeed for IT to gain access to in-depth documentation and resources.
Work with your extended Apple contacts such as your account team, sales team or AppleCare.
Make sure to utilize Feedback Assistant extensively. Apple values your feedback, and by providing feedback early, we can get your issues resolved before the release ships.
Take control over the software that is deployed in your organization by managing software updates, and limit the usage of update deferral by certifying your workflows early by participating in pre-release software.
Check out these other exciting sessions for more on managing Apple devices.
Thank you, and on behalf of everyone at Apple, we hope that you have a fantastic WWDC.
Looking for something specific? Enter a topic above and jump straight to the good stuff.
An error occurred when submitting your query. Please check your Internet connection and try again.