This really shouldn’t be controversial. Apple seriously needs to introduce a mobile device management (MDM) system for its Vision Pro headsets, because enterprise deployments will demand that it do so.
Apple will soon begin selling Vision Pro, the first product in its eventual spatial computing range. Announced in June 2023 and set to ship next month, the device will cost $3,500 per unit and is expected to be sold to relatively affluent early adopters and consumers. It will also likely be picked up by developer and enterprise customers eager to understand what benefit, if any, it offers.
They will be looked at by business
The thing is, when it comes to real-world use, we already see a multitude of signs these devices will see the most urgent early business cases emerge in business/enterprise markets.
Apple knows this and alluded to these classes of apps in its visionOS announcement last year. (Think remote collaboration, design, warehousing, exploration, engineering, medical and beyond.)
All of those industries already make use of device management to protect the other devices in their fleets, so they'll want the same for Vision Pro.
Now, it’s reasonable to think visionOS is built using similar components to the rest of Apple’s operating systems. That means that Apple already has access to the code it needs to introduce APIs to enable MDM providers to use Apple Business/Schools Manager to enroll devices into their fleets.
Given the business focus of at least some implementations of spatial computing, it makes sense to put that code inside visionOS. (Bear in mind, Apple only recently introduced such support for Apple Watch, but might move faster as Vision Pro is effectively a wearable Mac, which means more sensitive data to protect.)
Enterprise adoption requires device management
IT will need to manage these devices, including for remote deployment and app installation. An API will eventually be required to return these solutions to factory fresh in between shares. Added to which, the information these devices access will be just as sensitive when worn on your face as when stored in your Mac. That means some form of endpoint security will be required.
You can also bet your bottom dollar that, just as we saw with the first iPad, C-suite executives are already trying to find some way to get hold of a set and expense it.
That means they'll be accessing some of the most sensitive corporate data on Vision Pro and will want IT to ensure they can do so safely. If I can guess that, then it won’t be long until criminals begin to explore these systems for vulnerabilities, and it suggests at least some IT pros are already attempting to figure out how to secure the devices. That’s yet another reason for tough device management (including support for Declarative Device Management).
Will they or won't they?
I’ve been through everything I can find on this topic concerning Apple’s Vision devices but see nothing that says you will be able to enroll them in Apple Business/Schools Manager.
The problem is that doing so is an essential step to protect any Apple device using any third-party MDM system, which means IT will be unable to manage them.
Lack of such protection could limit what some execs are permitted to do with their shiny new Apple products, at least at first. I suspect this may see some admins setting up managed Apple IDs for use with the products to at least limit access to some data.
That may change, of course. Apple’s teams might already have software patches in place to introduce such support once Vision Pro ships. But I’ve come across nothing to suggest it has.
Still, as enterprise, business, and educational uses of Vision Pro products seem likely to be the bleeding edge toward mass deployment, Apple will need to introduce MDM support sooner rather than later.
Perhaps someone at Apple already knows the plans for MDM on Vision devices? If so, maybe they should let people know before this year’s IT budgets are set in stone.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.