Apple have released an official for major changes in iOS 12 and macOS Mojave.
Changes introduced in iOS 12
- Apple products will completely distrust Symantec CAs as early as Fall 2018. (Information about distrusting Symantec certificate authorities - Apple Support (NZ))
- The Federal Common Policy Root CA has been removed from the iOS Trust Store (Available trusted root certificates for Apple operating systems - Apple Support (NZ)). Organizations that require the Federal Common Policy Root CA can distribute it in a profile payload.
- FTP and File URL schemes for Proxy Automatic Configuration (PAC) are deprecated. HTTP and HTTPS are the only supported URL schemes for PAC. This includes PAC URLs configured by a user in Settings, or by a configuration profile.
Changes introduced in macOS Mojave
- Apple products will completely distrust Symantec CAs as early as Fall 2018.
- The Federal Common Policy Root CA has been removed from the macOS Trust Store (Lists of available trusted root certificates in macOS - Apple Support (NZ)). Organizations that require the Federal Common Policy Root CA can distribute it in a profile payload.
- FTP and File URL schemes for Proxy Automatic Configuration (PAC) are deprecated. HTTP and HTTPS are the only supported URL schemes for PAC. This includes PAC URLs configured by a user in System Preferences, or by a configuration profile.
- 32-bit processes will trigger an alert (32-bit app compatibility with macOS High Sierra 10.13.4 and later - Apple Support (NZ)) on launch. To prevent the alert, create and install a custom configuration profile payload in the com.apple.coreservices.uiagent domain, setting the CSUIDisable32BitWarnings key to True.
- For increased security, using the kickstart (Use the kickstart command-line utility in Apple Remote Desktop - Apple Support (NZ)) command to enable remote management (https://help.apple.com/remotedesktop/mac/3.9/#/ard8B1C65BD) on a Mac will only allow you to observe it when sharing its screen. If you wish to control the Mac while sharing its screen, enable remote management in System Preferences.
- Using either the Full Security or Medium Security Secure Boot (About Startup Security Utility on a Mac with the Apple T2 Security Chip - Apple Support (NZ)) setting on your Mac computer that has the Apple T2 chip (Mac models with the Apple T2 Security Chip - Apple Support (NZ)) will prevent your Mac from starting up into single-user mode (https://support.apple.com/en-nz/HT201573). Boot into macOS Recovery instead (If you can't start up from macOS Recovery - Apple Support (NZ)).
- You can allow apps to access certain files used for system administration, and to allow access to application data. For example, if an app requests access to your Calendar data, you can allow or deny the request. MDM administrators can manage these requests using the Privacy Preferences Policy Control payload, as documented in the Configuration Profile Reference (https://developer.apple.com/enterprise/documentation/Configuration-Profile-Reference.pdf).
Official Apple Article: Prepare your institution for iOS 12 or macOS Mojave - Apple Support (NZ)