Good news for enterprise IT: MDM software will be able to constrain the use of Apple Intelligence on managed device fleets.
Apple has introduced new tools mobile device management (MDM) vendors can use to give IT the power to restrict Apple Intelligence across their fleets.
Understanding the significance of the on-going AI with everything war, Apple device management vendor Addigy was fast out the gate to announce its support for the tools, which other MDM providers are likely to support, too. The new tools basically consist of a set of restrictions that can be deployed against managed devices to prevent the use of Apple Intelligence features.
What Apple Intelligence features can be controlled?
The AI features Apple has announced so far include Genmoji, Image Playground, Image Wand, iPhone Mirroring, and Writing Tools. The new controls allow MDM systems to offer admins console-based management tools to enable or disable their use on a managed device. The tools I’ve found include:
- allowGenmoji.
- allowImagePlayground.
- allowImageWand.
- allowiPhoneMirroring.
- allowPersonalizedHandwritingResults.
- allowVideoConferencingRemoteControl.
- allowWritingTools.
It is worth noting that only the Writing Tools within Apple Intelligence have been made available in beta so far, and Apple has always said some of its AI functions won’t be available until next year. The idea is that IT will be able to disable the features if they’re concerned about use of company data with AI.
Addigy acts fast
In announcing its support for the new restrictions, Addigy CEO Jason Dettbarn said: “While Apple Intelligence is an exciting development, many organizations are rightly concerned about potential impacts. Some don’t allow AI on devices. Others want to fully understand its implications before deciding when, or even whether, to enable it — and they don’t want to risk waiting until AI ships to try managing it.”
Of course, as Apple Intelligence remains beta software, Addigy MDM is only available to organizations that are part of Apple’s AppleSeed for IT scheme, which lets users test upcoming Apple releases in unique work environments.
I expect other MDM vendors intend to include support for Apple’s restrictions in their own systems. (Some have begun such deployment in beta.)
Why does this matter?
The decision to enable MDM services to prevent the use of Apple Intelligence will be welcomed by enterprise users concerned their employees might inadvertently leak confidential or protected information while using the new AI service.
The release is also true to form. Apple’s commitment to privacy and security across all of its devices is more than skin deep; its extensive white paper explaining the Private Cloud Compute service is proof positive.
But data privacy is a journey, and the best way to protect anyone’s data is not to have any of it in the first place — that’s Apple’s constant aim in everything it does, including AI. The company’s decision to use as little information as it can to make services work is a very smart one, as it minimizes the potential attack surface. Giving MDM the power to forbid any such use also protects devices and their data.
Save the world
We know the company is working to build AI models that run on device, rather than in the cloud. That’s a good thing, as it protects privacy. But the move to ensure small models run at relatively low power could also help reduce the overall energy consumption we’re seeing from the growing use of generative AI (genAI). That seems particularly important now that some estimates indicate ChatGPT is consuming as much energy to generate its responses as would be needed to power 21,602 US homes for a year. Apple’s environmental commitments mean it will take energy consumption generated by Apple Intelligence into account in its environmental reporting.
(I do note that the new tools don’t seem to constrain the use of ChatGPT from Apple Intelligence on a managed device, but I imagine there will be some protection in place by the time integrated access ships.)
It’s time for Apple in business
One final note: Apple has introduced MDM code to prevent the installation of apps downloaded from websites on managed devices. That’s good, as it means European firms won’t be forced to expose their data to the risk of accidental malware installation via apps found outside of legitimate app stores.
Finally, of course, Apple’s painstaking preparation for the mass market introduction of AI on its platforms should be seen as proof positive, as if it were required, that its ecosystem is secure by design and quite ready for business.
More from Jonny Evans
- When was the last time a Mac caused a business disaster?
- What to expect at Apple’s Sept. 9 ‘Glowtime’ special event
- Jamf teams with Okta for enterprise-class simplicity the tyranny of ‘choice’
Please follow me on LinkedIn, Mastodon, or join me in the AppleHolic’s bar & grill group on MeWe.