NOTE: This article refers to an iOS version that Apple and Imprivata Mobile Access Management no longer support. It is included for reference purposes only.
Apple’s new iOS 13 delivers a tremendous number of device management improvements to the enterprise.
With one exception, we’ve been satisfied with compatibility.
Preparing for iOS 13
- Upgrade to Launchpad 4.8.4 or later.
- Upgrade iTunes support software — “MobileDevice”
- Upgrade your MDM to support iOS 13’s new DEP setup screens.
- Customers using DEP and Restore from Backup will need to make changes. See below.
- Imprivata recommends you skip iOS 13.0 and upgrade directly to iOS 13.1.x. To be safe, remove the “Update iOS” action from your standard Workflows until you have thoroughly tested with iOS 13.
Known Issues with GroundControl 4.8.3
Restore from Backup & DEP
- The Restore from Backup action will break DEP enrollments using iOS/iPadOS 13. Backups are commonly used to enable settings and permissions beyond what is available to standard MDM, such as camera permissions, location services, and app configurations. However with iOS 13, the restore action will remove WiFi, so the device is no longer able to enroll in MDM.We understand this change will impact many of our users. Please review the options below and contact GroundControl support for assistance.
Option 1: Remove "Restore from Backup" from your workflows (Mac/Windows)
We’ve seen a few of our customers use backups with DEP workflow unnecessarily. Workflows without a backup will be quicker and more reliable.
Test your Workflows without a backup and observe the results. Our team at support@imprivata.com is happy to lend you our experience to see if you can make your deployments leaner and more efficient.
Option 2: Enable Network Tethering (Mac)
If you use a Mac to provision your devices, you may continue to use the Restore from Backup acton with your iOS 13 DEP devices if you enable network tethering. Devices will have no WiFi during MDM enrollment, but they can use the Mac’s shared network connection instead. Network tethering with macOS only works with the original Launchpad the iOS device was provisioned to.
- On the Mac, enable network tethering in System Preferences > Sharing > Content Caching > Share Internet Connection
Since many of our customers provision on Macs, this may be the best option for you.
Option 3: Use the cellular connection on your devices (Mac/Windows)
If your iPhones or iPads use a cellular connection, you may continue to use Restore from Backup with your DEP workflows. Devices will have no Wi-Fi during MDM enrollment, but they can use the cellular network connection instead. This feature works with both Mac and Windows.
Option 4: Remove your devices from DEP and use a non-DEP workflow (Mac/Windows)
NOTE: Imprivata does not recommend this option for most customers, as you will lose the assurances that come from Apple’s Device Enrollment Program. However, in places where no other workaround is possible, this remains an option.
- Use Apple Business Manager to unassign devices from your MDM.
- Use the GroundControl admin console to clone your Workflow, and convert it to a non-DEP model.
- Test the workflow on your devices
NOTE: Devices will continue to be supervised and enrolled into MDM, and your MDM will continue to assign and install VPP apps. However, users will be able to remove the MDM profile from devices, and there is no way to force devices to enroll in MDM if stolen.
Other Changes
- An upgrade to iTunes 12.10, or to iTunes support software (“MobileDevice”), is required to update devices to iOS 13. No update is needed to work with devices already running iOS 13.
- iOS 13 includes two new apps, Shortcuts (com.apple.shortcuts) and Find My (com.apple.findmy). These apps may appear on your devices. GroundControl Server 4.8.3 allows you to hide or arrange these new apps.
- Device Console currently does not function with iOS 13, on Mac. We are working on a fix.
- Apple Configurator should not be open at the same time as the Launchpad. We have filed a bug report with Apple.
- Enterprise App Trust is not preserved in backups. This is resolved in Launchpad 4.9.
Workaround: Add a custom option
Edit your workflow to add the action Advanced > Custom Options, and add the following option:
InstallAppPerformEarly: true
- The Restore from Backup action may be up to two minutes slower compared with previous Launchpad versions.
- You will need to update the DEP profile in your MDM to skip new Appearance setup screen in iOS 13. Even so, iOS 13.0 will not dismiss all setup screens, so app installs are blocked until users tap the device. iOS 13.1 resolves this issue.
- New wallpapers do not appear until reboot. We have confirmed this is an issue with iOS 13.0. iOS 13.1 resolves this issue.
- Mac users will need to sign into the Launchpad app again after upgrading to Launchpad 4.8.3. This is a one-time action. No workaround is expected.
- Backups earlier than iOS 9.3.0 are no longer supported.