WWDC25 · 25 min · Business & Education

Get to know the ManagedApp Framework

Discover how the ManagedApp framework helps your app adapt to managed environments. We’ll show you how to receive configuration data, manage app secrets securely, and tailor your app’s behavior based on organization-provided settings. We’ll also walk through real-world examples to show how you can build more flexible, manageable apps for enterprise and education environments.

Watch at developer.apple.com ↗

Transcript all transcripts

Chapters

0:00 — Welcome
2:51 — Introducing ManagedApp framework
5:14 — Workflow
7:26 — Example scenarios
12:17 — Implementation
21:27 — Best practices

Code shown on screen · 3 snippets

Your app's managed configuration swift · at 0:01 ↗

// Your app's managed configuration

struct LandmarksManagedConfig: Decodable {

    private(set) var collection: LandmarkCollection?

    private enum CodingKeys: String, CodingKey {
        case collection
    }

    init(from decoder: Decoder) throws {
        let values = try decoder.container(keyedBy: CodingKeys.self)
        collection = try values.decode(LandmarkCollection.self, forKey: .collection)
    }
}

Receiving the current configuration swift · at 0:02 ↗

// Receiving the current configuration

import ManagedApp

// [...]

var managedCollection: LandmarkCollection?

// [...]

func loadCollections() {
    // [...]
    Task {
        let configProvider = ManagedAppConfigurationProvider()

        for await config in await configProvider.configurations(LandmarksManagedConfig.self) {
            // config's type is LandmarksManagedConfig?
            managedCollection = config?.collection
        } // Loops forever
    }
}

Using an identity swift · at 0:03 ↗

// Using an identity

final class MyURLSessionDelegate: NSObject, URLSessionDelegate {

    func urlSession(_ session: URLSession,
                    didReceive challenge: URLAuthenticationChallenge)
        async -> (URLSession.AuthChallengeDisposition, URLCredential?) {
        switch challenge.protectionSpace.authenticationMethod {
        case NSURLAuthenticationMethodClientCertificate:

            // Look up the identity
            let provider = ManagedAppIdentitiesProvider()
            let id = "AssetDownloadClient"
            guard let identity = try? await provider.identity(withIdentifier: id) else {
                // No identity, cancel the challenge
                return (.cancelAuthenticationChallenge, nil)
            }

            // Use the identity to authenticate.
            return (.useCredential, URLCredential(identity: identity,
                                                  certificates: nil,
                                                  persistence: .forSession))
        default:
            return (.performDefaultHandling, nil)
        }
    }
}

Resources

Documentation Apple School Manager and Apple Business APIs
Documentation ManagedApp
Documentation Support - Apple Platform Deployment
Documentation Apple School Manager User Guide
Guide Apple Business Manager User Guide

What’s new in Apple device management and identity

WWDC25

20 min

Chapters

Code shown on screen · 3 snippets

Resources

Related sessions

What’s new in Apple device management and identity