Technology News
-
Tech layoffs surge even as US unemployment remains stable
Although the US unemployment rate held steady at 4.2% in May with 139,000 jobs added to the US workforce, nearly 100,000 layoffs were also announced — up 47% from last year, according to new data from the US Bureau of Labor Statistics and others. Tech and federal cuts led the way in layoffs, driven by economic pressure, programmatic firings and AI-driven shifts in workforce needs, according to outplacement firm Challenger, Gray & Christmas.
Technology remains a top sector for cuts amid ongoing disruptions, according to the firm’s data. In May, tech companies announced 10,598 layoffs, bringing the 2025 total to 74,716; that’s up 35% from 55,207 at the same time last year.
“Tariffs, funding cuts, consumer spending, and overall economic pessimism are putting intense pressure on companies’ workforces. Companies are spending less, slowing hiring, and sending layoff notices,” Andrew Challenger, senior vice president of Challenger, Gray & Christmas, said in a statement.
Uneasiness continues to weigh on tech hiring, according to CompTIA, a provider of IT training and certification products. The unemployment rate for tech jobs in May was 3.4%, roughly in line with April’s 3.5%, CompTIA data showed. The tech unemployment rate continues to sit below the national rate.
CompTIA
Tech sector companies added a modest 1,571 net new employees in May, analysis of the BLS jobs report by CompTIA showed. Job growth in cloud infrastructure and tech services was offset by reductions in the telecommunications sector.
Tech employment across the broader economy declined by an estimated 131,000 positions. “With prior month employment gains, tech occupation employment remains in the positive for the year,” CompTIA said.
“It is undoubtedly a challenging time for employers and job seekers facing uncertainty on multiple fronts,” said Tim Herbert, CompTIA’s chief research officer. “At the same time, it requires taking a measured approach given the data continues to hold up reasonably well.”
One bright spot for tech hires in May was the finance and insurance industry, which collectively saw a 21% increase in new tech job postings; new tech job openings also rose by 16% in the retail sector, according to CompTIA.
Even so, tech layoffs have continued as AI adoption soars and economic pressures drive a major shift toward new roles and skills in the workforce. “AI isn’t replacing jobs,” said Kye Mitchell, president of tech workforce staffing firm Experis US. “It’s fundamentally redefining how work gets done. We’re seeing AI augment skillsets and make professionals more capable, faster, and able to focus on higher-value work.”
Technology only displaces jobs when about 80% of tasks can be automated — and AI isn’t close to doing that, said Mitchell. Right now, AI is enhancing skills, boosting productivity, and freeing up time for higher-value work.
Hiring for AI positions and those requiring AI skills continues to grow rapidly, according to a CompTIA analysis of data from Lightcast and Stanford University study. CompTIA found that employer job postings related to AI are up 117% year-to-date year-over-year.
Challenger, Gray & Christmas
Skills-based hiring remains core to many employers’ recruiting strategies. About half of all tech job postings did not specify a need for a four-year academic degree, seeking instead a combination of work experience, training and industry-recognized certification, according to CompTIA’s and other data.
Even so, employers are hesitant to hire. “Economic uncertainty is absolutely creating a cautious hiring environment, but it’s more complex than tariffs alone,” Mitchell said. “Our data shows employers adopting a ‘wait and watch’ stance as they monitor economic signals, with job openings down 11% year-over-year.”
Still, the tech job market is adjusting as AI adoption grows. AI skill mentions in job postings fell 10% in May but are still up 10% for the year, showing steady demand, Mitchell said.
The tech industry had been nearly bullet-proof from mass layoffs prior to 2022. After a hiring surge between 2020 and 2022 to meet digitization efforts as more people worked from home, the market shifted and began slashing jobs to readjust to the new reality.
Tech companies such Google, Amazon, Meta (Facebook) and others laid off tens of thousands of workers as an adjustment to over-hiring during the COVID-19 pandemic. In 2023 alone, 1,186 tech companies laid off about 262,682 staff, compared to 164,969 layoffs in 2022.
In January 2024, job cuts leaped 136% over December and hit a 10-month high, according to Challenger, Gray & Christmas.
While the labor market remained steady, there are signs that hiring across the board is softening. Open job postings fell 7% this year and new postings dropped 16% in the past month — the first full contraction of 2025. Year-to-date, new postings are flat compared to last year, according to Ger Doyle, ManpowerGroup’s regional president for North America. Doyle, however, was optimistic.
“This is a chill, not a freeze,” he said. “Workers and employers are holding steady, awaiting clarity.”
For example, he said, project management roles are up 483% year-over-year, and as the broader outlook improves, a rebound could follow, he added.
Demand for data roles is surging as companies shift from AI experiments to execution. Database architect postings are up 2,140% year-over-year, with data scientist postings up 280% — clear signs of companies building the backbone for an AI-driven future, Experis’s data showed.
“This shift is also reshaping how talent enters the industry. Entry-level opportunities are becoming more limited, making it harder for recent graduates to gain a foothold,” Mitchell said. “For those looking to break in, deep analytical and technical skills are no longer optional.”
-
Apple details which governments make the most data requests
To get some sense of the speed with which we’re hurtling into dystopia, it’s always worth taking a look at Apple’s latest Transparency Report; it shows the extent to which governments are requesting information about people, the ways in which they seek it, and the scale at which the requests are made.
The report itself is a little inexact — this particular edition has been updated with information covering January-June 2024, meaning we have no insight into data requests across the last 12 months. There are also limits to what Apple can say. The company isn’t always permitted to be completely transparent in the information it shares about these requests, and in some territories it might no longer be permitted to decline some data requests.
The report has some concerning insights about the UK, where the government has decided people shouldn’t even be made aware of the extent to which it uses digital devices for state surveillance.
Which nation makes the most requests per head?
Ignorance is bliss, I suppose — but US politicians are not at all happy with the UK approach. That’s not surprising when you consider that on first glance, at least, the UK as a nation makes far more requests per head of population than most other countries.
This indicates the extent to which the nation, already insisting on deeply unsafe backdoors into personal data, is using technology to monitor people.
Returning to the Transparency Report, Apple shares information concerning several categories of data request:
- Device Requests
- Financial Identifiers
- Account
- Account Preservation
- Account Restriction/Deletion
- Push Token
- Emergency
- US National Security
- US Private Party
- Digital Content Provider Requests
- App Removal
The US continues to lead the world in the sheer number of such requests made.
No other nation, not even China, makes anything like as many. You can see for yourself, but China (population 1.4 billion) made 1,212 device requests, 465 financial identifier requests and 398 account requests (and one emergency request) in the reporting period, while the US (with 340 million residents) made 12,043 device requests, 1,341 financial identifier requests, 12,812 account, and 793 emergency requests.
The UK (population 68 million) made 2,925 device requests, 138 financial identifier requests, 2,550 account, and 726 emergency requests. By those numbers, the UK makes more requests per head.
Fun with numbers
Except, that isn’t quite true; while China made just 1,212 device requests, it specified 365,980 devices within those requests — and Apple complied with 96% of the requests.
In the UK, those 2,925 device requests specified 8,211 devices, and Apple complied 78% of the time. In the US, 42,747 devices were specified and 86% of those requests were met.
Fun with numbers aside, it’s pretty clear that all three nations are united by their zeal to access this kind of information, more so than anyone else, except possibly Brazil. (Brazil, with a population of 211 million, made 8,776 device requests and specified 42,276 devices in those requests, to which Apple complied 78% of the time.)
Looking through the data, on the basis of the number of requests made per unit of population, the UK has the dubious distinction of being the most invasive government in the world.
Though it is important to note that Apple exists under different legislation in each nation, which means it may not be able to report some of the information it has — we just don’t know whether that is the case.
Top of the spooks
There are other highlights. The data shows a surge in US (and global) requests for Push Token data. This is data that can identify which device receives a specific notification from an app and can sometimes help access message content. The report reveals that requests for this kind of data have surged, but indicates Apple is approving fewer of them. Another trend seems to be an increase in requests for financial identifiers, which generally seek information concerning fraudulent transactions. Taiwan is the world champion in making such requests and Apple complies with 97% of those. The US, Japan, and Germany are also high in the list.
Account requests are also increasing fast and in this category the UK is up there with Germany, Japan, China, and Brazil, with the US accounting for over half of all such requests worldwide. Data requests made in the cause of US national security have also increased.
Transparency, where possible
Finally, while all this information is interesting, it really has to be read with a pinch of salt, since in at least some of these cases the information Apple is permitted to report may, or may not, enable it to be completely transparent with the information it shares.
All the same, the implication is that data privacy continues to be something that must be fought for. “This is surveillance,” as Apple CEO Tim Cook told European privacy commissioners in 2018. Seven years later, of course, Europe is insisting Apple make your data more easily available to third-party firms. George Orwell’s book 1984 was, it seems, an instruction manual after all.
You can follow me on social media! Join me on BlueSky, LinkedIn, and Mastodon.
-
Atlassian moves toward bundling on collaboration tools
Atlassian this week said it is starting to focus more on pushing out bundles of its collaboration tools, including Confluence, JIRA, and Loom, in an apparent move away from selling those apps as standalone products.
The company’s bundling strategy will revolve around the recently announced Teamwork Collection, which was unveiled in April at its Team ’25 conference.
“When we look at Teamwork Collection, that is our strategy moving forward,” Brian Duffy, the newly appointed chief revenue officer at Atlassian, said during an interview at the William Blair 45th Annual Growth Stock Conference. “We will lead with Teamwork Collection and collections in general — that will be our de facto approach for our high-touch customers or our enterprise customers.”
The Teamwork Collection includes JIRA, which helps teams plan and track work; the Confluence platform for information exchange; and Loom for video communications.
In April, Atlassian bundled the products into Teamwork Collection as AI breaks down barriers to enable better collaboration across the platform. The company offers customers its Rovo generative AI tool for free.
“That means if customers currently have JIRA, they’re also moving forward going to have Confluence, and then there will be the opportunity for them to have Loom,” Duffy said.
Atlassian is making a larger push across the board in how it ships products. The company is also introducing other software collections that target different business and management processes. For example, the “Strategy” collection helps leadership teams analyze and execute strategies and manage talent and assignments.
The company has a strong footprint among IT buyers, especially in the software development productivity space, with 330,000 customers; it’s used by some 85% of Fortune 500 companies.
Atlassian sees bundling as a way to broaden its reach among existing customers. The current IT customer base can provide a springboard to reach new buyers that might include business leaders,such as human resources officers, chief strategy officers, and CFOs directly, Duffy said.
“It’s not going to be particularly easy. It will require hiring some new sellers to be able to have those conversations,” Duffy said.
-
Microsoft tweaks M365 support, pushes more frequent updates
Microsoft has made a series of changes to how Microsoft 365 (M365) support updates are done, and is encouraging enterprises to move to more frequent, or even monthly, software updates.
The company currently offers options for frequent, monthly, and semi-annual feature updates. With new and updated AI and Copilot tools being added to M365 at a brisk pace, more frequent updates could provide a more predictable rollout cycle.
For one, the company is scrapping a whole channel in which customers can preview features before mainstream enterprise deployment. Microsoft is discouraging customers who upgrade M365 twice a year from testing features before mainstream rollout.
Instead, the company is extending the ability to roll back features from one to two months in its monthly support plan. Essentially, it is telling companies to just roll out features into mainstream environments and giving them more time to rollback if updates don’t work.
“To remain secure and supported, organizations should immediately migrate devices to either Current Channel or Monthly Enterprise Channel to continue receiving early access to new features,” Microsoft said on its support page.
Specifically, the company is scrapping the preview version of the “Semi-Annual Enterprise Channel,” which includes twice-a-year feature updates for devices running automated workloads without the need for human operators.
The “preview” channel is typically for customers who want to test features before proper deployment in critical environments where IT downtime isn’t an option, such as in financial or retail environments.
Beginning in July, M365 enterprise customers updating features once a month — or on the “Monthly Enterprise Channel” — will be able to roll back features within two months, giving them twice as long as the earlier timeline allowed.
Microsoft is making no changes to its mainstream “Current” channel, which provides updates as soon as new features are released. The company is also making no changes to a separate preview version of the Current channel in which customers can test features.
Regardless of channel, Microsoft provides bug fixes and security updates on a monthly basis to all customers. Microsoft also said it is also cutting the support timeline for the monthly software bug and security fixes in its “Semi-Annual Enterprise Channel” to from 14 months to eight.
That shifts the channel’s focus on unattended devices without human operators. These machines typically run automated operations such as number crunching or content delivery that do not require human intervention.
-
The ins and outs of Apple identity management in the enterprise
It used to be simple: users had a local account on the PC that they used or they had a network account in Active Directory that could be used to login to their assigned computer or others in the network.
Adding Macs to the equation took a certain amount of work, especially if you wanted to manage those Macs. But Apple’s adoption of Active Directory support in Mac OS X Panther in 2003 made the process both doable and reasonably straightforward.
Things are different today — the migration of virtually everything to the cloud has opened up new opportunities from authentication to single sign-on access to cloud applications to user and device management. Not surprisingly, one of the biggest challenges is integrating all these cloud services in a coherent way.
That challenge isn’t specific to Apple devices by any means. Users and the services that support them (including MDM) do rely on multiple services that need to be integrated as part of an enterprise IT infrastructure.
Exactly what that means and how best to go about that integration can be confusing, especially when it comes to the Mac.
Directory service binding
Macs have long been able to be joined (bound) to Active Directory. There was a time when Apple maintained its own directory service (Open Directory) that was LDAP- and Kerberos-based like Active Directory. Apple’s directory service support allowed a Mac to be joined to a Mac server hosting Open Directory and/or an Active Directory domain.
Apple deprecated its own directory service and then canceled it altogether when it discontinued macOS Server. But the underlying directory service support still exists in macOS, meaning you can still join a Mac to Active Directory (or another LDAP system). The process will work for authentication but no longer supports Mac management as it once did – that functionality has long been transferred to MDM. It is also considered a legacy technology so modern-day organizations should rely on more modern options.
The differences between macOS and iOS (and iPadOS, tvOS and visionOS)
It’s important to understand why macOS is a different beast than other Apple platforms. Modern macOS has always been designed as a multiuser system that continues to support local accounts.
iOS (and its descendants) is not designed as a multiuser system; mobile devices are designed to be used by individuals – one person per device (the exception being shared iPad). iOS is designed to rely on a user’s Apple Account for the principle identity rather than local or network user accounts. It is also designed to rely solely on MDM for device management. (While there is support for accessing multiuser systems such as email and calendaring, even those configurations are designed to support a single user.)
So, while there are more options for working with Macs in an enterprise environment, the methodology that creates those options also creates headaches that are sidestepped on other Apple devices.
Federating and Apple Business Manager
Apple Business Manager is designed to be the primary management tool for Apple device and identity management. It maintains Apple device inventory, manages device assignments (and/or ownership) for users, handles app licensing (for any App Store titles), controls managed Apple Accounts, connects to MDM and federates with identity providers for authentication and authorization tokens. It also syncs user account data with those identity providers to handle managed Apple Accounts.
At this point, Apple Business Manager can federate with the major identity providers, including Microsoft Entra, Google Workspace, Okta, and Ping.
Managed Apple Accounts
Apple Accounts handle a user’s identity across the Apple ecosystem, managing everything from device ownership to music and service subscriptions, health and fitness data, FaceTime, iCloud and family sharing. They’re the glue that makes Apple’s seamless experiences work across devices and enable Continuity features such as universal control, handoff, continuity camera and sidecar.
To square an Apple Account as the sole identity for most Apple devices with the need for enterprise identities, Apple created managed Apple Accounts in 2016 — and it’s worked to refine the tool in the years since.
Managed Apple Accounts do almost all the things that regular, personal Apple Accounts do, but they’re created and paired with a user’s enterprise identity through Apple Business Manager. On an iOS device, they show up as a second Apple Account and can be used for account-based device enrollment in both BYOD and company-owned device scenarios.
Federating Apple Business Manager with an identity provider enables managed Apple Accounts to be created based on a user’s enterprise identity/account (they’re typically named after their business email address). When properly connected, Apple Business Manager can create a managed Apple Account on a user’s first login or setup of an Apple device. Managed Apple Accounts can also be set up by hand – federation is optimal, but it isn’t strictly required.
One point of confusion is that while managed Apple Accounts aren’t exactly new, many of their functions – the ability to be created through federation and to support most Apple and iCloud services – are. As a result, many organizations that have long supported Apple devices are likely to have instances where devices were configured (and apps provided) using personal Apple accounts.
This can mean two different things. Either a user set up their device using the same personal Apple Account they used in their non-work lives, or an organization created (or had the employee create) a personal Apple Account specific to work-related or company-owned Apple devices.
Apple allows a personal Apple Account to be converted into a managed one —appropriate because the company account was always intended for work purposes. (This shouldn’t be considered an option when you’re talking about a truly personal Apple Account; in that case, creating a new managed account is a better move.)
It’s easy to see how managed Apple Accounts work with iOS devices since the only identities on the device are a user’s personal Apple Account (in a BYOD context) or a managed Apple Account for work.
Shared iPad is a bit more involved. When an iPad is configured to be shared, individual users can sign in to use it if they have a managed Apple Account. iPadOS will partition the available storage so that each user’s preferences and data are separate. Functionally, however, the iPad will act as though if the managed Apple Account is the only identity once a user is signed in. That makes it a quasi-multiuser system rather than a full one seen with macOS, Windows or Linux.
A Mac is a true multi-user system: each user has a local account and home directory as well as file system permissions that govern the drive/partition and any additional drives or partitions such as USB sticks. Those local accounts may or may not be tied directly to a managed Apple Account (or even a personal Apple Account).
The result? There isn’t a single source of identity as there is on an iOS device. Even so, Apple still cites managed Apple Accounts as the best practice for Macs and other devices.
Ideally in practice, the Mac will have a local user account that matches a user’s managed Apple Account. Some aspects of that managed Apple Account are defined by a federated identity provider; others are defined in Apple Business Manager. Identity for network authentication and the enforcement of policies such as passcode requirements and multifactor authentication are among the policies handled by the federated identity provider.
This works well sometimes — but it can create problems, too.
Keep in mind that while Apple Business Manager uses an identity provider to create managed Apple Accounts when federated, the managed accounts aren’t stored by the provider. They reside in Apple Business Manager, which is capable of creating managed Apple Accounts and user/device assignments independent of federation.
The big problem is when Macs are shared by multiple people. Each user ends up with a local account on every Mac that they log into — and since local accounts have local home directories and local preferences, users can end up with different files, settings, and other attributes on different Macs. (This can happen with shared iPads, but since the iPad OS file system isn’t truly exposed and focuses more on syncing with various services it’s less problematic.) Managed Apple Accounts do now support the major features of iCloud, including sync services, which helps somewhat, but isn’t a full-fledged solution.
FileVault, Apple’s file and disk encryption, can also be problematic because a Mac typically requires a local user account to unlock FileVault on boot or restart — and that account needs the appropriate permissions to do so. Outside of work, this is less a problem; a user will typically login with an account that has sufficient privileges and isn’t tied to anything other than that particular Mac.
Macs and single sign-on
Local accounts aren’t the only issue that can arise when using managed Apple Accounts instead of directory service binding. Single sign-on is another. When a Mac is joined to Active Directory, single sign-on is automatic and similar to a Windows PC with Kerberos powering the process. Users simply login with their enterprise credentials at the macOS login window.
This is not an automatic feature for managed Apple Accounts – remember, these reside in Apple Business Manager and are synced with your identity provider when federated. Apple’s Platform SSO extension is intended to resolve this issue; it lets apps and websites support single sign-on via a federated identity provider and can be called at the login window or via an installed app. One advantage Platform SSO does offer is support for multifactor authentication.
In practice, Platform SSO is not ideal. It’s designed for BYOD and one-to-one deployments where each user has his or her own Mac and doesn’t match as well as directory service binding for Macs that support multiple users. Although broadly employed, there may be situations where it isn’t supported.
While Apple provides limited administrator tools for using Platform SSO, third-party vendors have created better implementations, including JAMF Connect, Kandji Passport, and SimpleMDM. These tools also simplify support for multifactor authentication and user access to a Mac, often replacing the standard macOS login window. But they also require another investment in cost, time and complexity.
Identity and MDM
Mobile Device Management (MDM) software interacts with enterprise identities through Apple Business Manager. Once the MDM setup is in place and connected to Apple Business Manager, it can access users, devices and groups available to Apple Business Manager and use them to provision devices and manage configuration profiles; handle user account assignments; and send MDM commands. (The data required for these functions is stored by the MDM service, not Apple Business Manager or any federated identity provider.)
In practice, this means several components need to interoperate to support Apple devices in enterprises. At a minimum, there’s the underlying identity provider, Apple Business Manager, and MDM solutions. Tools for managing Kerberos and single sign-on through Apple’s Platform SSO are best included, too, whether they are part of an MDM vendor’s offerings or something additional.
Why so much confusion?
The main reason this can be so confusing is that Apple has been making things up as it goes. Managing identities was simpler when it was handled largely by Active Directory (AD). Then came MDM tools to complicate things, followed by managed Apple Accounts. Basically, Apple has had to follow the path created by cloud-based infrastructure, putting in place patchwork system rather than a consolidated vision based on today’s IT landscape.
(Respondents to the recent Six Colors survey on Apple in the enterprise acknowledged that very issue; Apple has yet to resolve it.)
So, where does this leave things?
Putting together a fresh setup to manage, secure and support Apple products in business environments begins with an identity provider populated with the requisite user information. This is then federated to Apple Business Manager, which uses that information to generate managed Apple IDs as users are onboarded and assigned devices (or who enroll their own devices). For Macs, a third-party tool, ideally one offered by a chosen MDM vendor, is installed to manage Apple’s Platform SSO.
Starting with a clean slate, it’s a relatively straightforward process. But local accounts on Macs, FileVault, personal Apple IDs, users who work on multiple Macs and other legacy hangovers make everything much more complicated. The reality is that there will be patchwork of systems that must work together, regardless of whether you’re starting fresh or developing a modernization/transition project.
Companies will be watching to see whether Apple can streamline things next week at WWDC; at the very least, let’s hope it doesn’t add even more components and complexity to the equation.