Manage Macs properly in the enterprise

Fact is: Many users want freedom of choice in terms of operating systems. And for good reason, because current studies In fact, according to research, employees are more productive when they can work on the devices that suit them best. So it's no wonder that companies are becoming more open and want to enable their staff to work with Macs as well. The problem: IT administrators sometimes simply don't (yet) have the Expertise regarding the management of Mac devices.

Macs conquer the corporate world

It is therefore not uncommon for individual employees to already be working with (private) Mac devices that are not, however, under the management of corporate IT. Often, these employees are then given full administrator rights to install required software themselves. But this not only means enormous effort for the employees, it is also fatal in terms of security. If IT is not involved, it can neither install regular software updates, nor does it have an overview of the device status - or even access to the system in the event of an emergency. All of this can open the door to hackers. If the administration is done manually, the workload for administrators increases with the number of Macs. At this point, at the latest, it becomes clear that in order to continue to hold the reins, IT must proactively offer colleagues different technologies, manage them from the outset, and develop a management strategy for macOS devices as well.

UEM: High productivity, low effort

It is obvious that the high and constantly growing number of end devices to be managed can no longer be handled manually. This is because employees often have several devices at the same time, such as computers, mobile devices, tablets or even rugged devices. This is where automated solutions come in, which allow the individual devices to be managed seamlessly across the board and remotely. For example, UEM systems (Unified Endpoint Management): Such platforms make it possible to connect all end devices with the different operating systems like Windows, Android and macOs, iOS or iPadOS to manage and secure against security vulnerabilities. Since the majority of companies already use a UEM system, a new solution is usually not even required.

Management of Macs with the UEM system

Mac devices can also be managed perfectly using UEM systems. This is because as of OS X 10.7, these devices come with an integrated MDM framework (Mobile Device Management Framework) that enables a connection between Mac and UEM system.

There are basically two different types of UEM systems for Mac management. On the one hand, there are the common UEM systems that allow the management of all operating systems - including Mac devices. The other is those that specialize exclusively in the management of Apple devices. While more general UEMs are well-suited for organizations that have a broader footprint and need to manage a wide variety of technologies, the latter provide early access to new Apple features, for example, and allow for the implementation of more specific scenarios.

In particular, however, it is these functions that a UEM system should (also) have for Mac management:

1. Automated and scheduled patch management: This ensures that all Mac computers in the corporate network are always updated with the latest software versions and security patches for macOS, and that the applications used are also up to date.
2. Modern management of old and new hardware: Modern management makes it possible both to integrate new hardware into the corporate network in compliance with guidelines and to register devices that are already in use by users.
3. Asset Management: This provides a stock and inventory overview of existing hardware and software and allows software licenses and warranty information to be managed.
4. Mac configurations: These are particularly helpful because they make it easier to complete repetitive administrative tasks - such as defining who gets which software package or access to resources and functions. For example, administrators can also define stricter security policies for individual teams or situations.
5. Remote access for macOS: Remote access simplifies IT support for employees who work on the move, such as in a home office.

All of this makes it possible to configure Macs so that users can start using them right away - securely, conveniently, and regardless of where they work.

The small difference

Although the basic structure of Mac and Windows systems is fundamentally different, managing the different devices is basically the same. Nevertheless, there are some tools from Apple itself that simplify device management by extending the functionality of the UEM system used. Especially the following ones should be known by administrators when dealing with Mac management:

• Apple Business Manager: Apple Business Manager is an easy-to-use, web-based portal for IT administrators that works with a third-party UEM solution and serves as an interface between UEM and the Mac machine. Part of the Apple Business Manager is the Apple Device Enrollment Program (DEP for short)which makes it possible to place devices under UEM management and roll them out to users without physical contact with IT. When new devices are turned on, predefined configurations are automatically made and required apps are installed. This simplifies the initial setup of Apple devices for IT, while users are quickly up and running. Also part of the Apple Business Manager is the Volume Purchase Program (VPP), which is used to purchase apps in bulk from the App Store for enterprise use - the easy way.
• Apple Global Service Exchange (GSX): The Apple Global Service Exchange (GSX) allows administrators to retrieve device details such as display model name, purchase date and warranty status directly from the UEM console.

Managed service

So there are many ways to successfully deploy Mac devices in the enterprise. But in view of the complexity involved in using different technologies within a company, it can make sense to enlist the help of external specialists. It is important that these specialists act as partners to customers and actively support them in their projects. Managed service providers, for example, have extensive expertise and can support companies in the introduction of Macs, the selection of the right system or the rollout of new functions - or take over these activities completely and thus relieve the IT department. In doing so, they are in close contact with the manufacturers and can, for example, place individual customer challenges in the right place. Especially for IT departments that have not yet dealt with administration with Apple devices, it is helpful to have someone on hand who has the necessary expertise required for smooth implementation of the system and also knows the usual hurdles. After all, if the initial configuration follows best practices, this will save a lot of time later on in ongoing processes.

Conclusion: Move with the times!

It's hard to argue with the fact that companies need to give their employees a say in technology. A suitable UEM system makes it easier for the IT department to avoid dangerous shadow IT, to keep track of all the devices and tools in the company and to ensure their security. This makes it extremely easy for IT administrators to keep up with the times and provide the workforce with the desired operating resources - without sacrificing the necessary security and ease of use. At the same time, the personal work tool of choice also improves employee loyalty to the company.

More information about device management

Apple's 34th Worldwide Developers Conference (WWDC) was held on June 5, 2023. In the English-language report "WWDC 2023 - new device management options for enterprises", interested parties will learn what changes, opportunities and challenges arise in device management for companies as a result of the new features presented, such as hardware. The report is available for free download here: https://ebf.com/resources/wwdc-2023-neue-management-optionen-und-funktionen-fur-unternehmen/

Author:
Surendiran Velauthapillai is an IT expert with 20 years of experience in the IT industry. As Head of IT Services at EBF-EDV Beratung Föllmer GmbH (ebf.com), he is responsible for the areas of internal IT, hosting, consulting and support and is at home in many technologies of the digital working world.