Macs have infiltrated the enterprise – a domain that once was in the firm clutches of Microsoft Windows. Over the last several years, Mac enterprise management for both users and systems has become an incredibly important part of an IT organization’s task list.
Let’s take a look at how Mac has gained tremendous ground in the enterprise, and then examine some of the difficulties IT has faced with this change in IT resources.
The Ascension of Mac Enterprise Management
Erp
Enterprise project management software provides companies with the tools needed to efficiently manage all of a company’s projects at an enterprise level. This involves viewing projects from a strategic perspective, allowing executives to prioritize projects and delegate resources, and determining how different projects fit into company. Search a portfolio of IT Asset Management software, SaaS and cloud applications for Mac. Save time with reviews, on-line decision support and guides. GetApp is your free Directory to Compare, Short-list and Evaluate Business Solutions. Save time with reviews, on-line decision support and guides. Dec 31, 2019 Sure, there are many Mac management solutions to choose from. But most lack the functionality for full lifecycle management, connection and state-of-the-art security. And Windows management solutions for Mac management only offer a limited feature set to manage Mac.
Macs started their resurgence in the enterprise after Steve Jobs returned to Apple in 1997. With the advent of the iPod and then the iPhone, Apple technology started to become interesting again. Their innovations on the Mac platform, sleek design, lightweight laptops, and easy-to-use operating system converted a number of business professionals. Add to that the tight integration between the iPhone and the Mac, and Windows was on the way out.
Today, 20% of devices within an organization are Windows (Forbes). So, it makes a great deal of sense that IT admins are searching for new ways to obtain Mac enterprise management over users and systems. Traditionally, IT management tools have been provided by Microsoft because the infrastructure was Microsoft. Windows was the dominant platform and applications were largely Windows based. Virtually the entire infrastructure was located on-prem, so Microsoft took advantage of these characteristics and developed IT management tools such as Active Directory® for user management and SCCM for systems management. Both tools would go on to become significant players in the IT management space with AD being a virtual monopoly for user management. The challenge for IT admins has been that Microsoft management tools work best with Windows, while macOS and Linux are an afterthought and not a focus. So, as more Macs appeared in the infrastructure, IT admins started searching for tools to help manage Mac users and systems.
The Necessity of User and System Management
User and system management are crucial aspects in maintaining a secure environment. IT absolutely needs to have the ability to manage users. This isn’t just about onboarding and offboarding, but also about security. Users have a well-earned reputation for choosing convenience over security in their day-to-day work lives. Reusing the same password, downloading insecure software, and using apps IT isn’t aware they’re using, are just some of the poor choices users are prone to making. Having a user management platform in place helps IT to take away the option for users to make some of these poor choices.
System management is just as important as user management. Without the ability to manage the system, security takes a nosedive and configuration and maintenance become tedious. If you don’t have system management in place, you run the risk that OS updates are ignored and you have no automated way of granting and revoking access. Forgotten passwords and other system maintenance tasks become huge time sinks.
Past Options for Mac Enterprise Management
IT admins know the security risks when systems go unmanaged in their environment. With Active Directory ruling the core identity provider market, IT had to turn to a few other options for user and system Mac enterprise management. One option was to incorporate a directory extension that would sit on top of Active Directory and provide IT with some system management capabilities. The downside to this solution is that these legacy directory extensions were expensive and cumbersome to work with. Those that didn’t want to take on the cost of a directory extension would fall to manual management. However, manual management doesn’t give IT total peace of mind because they don’t know for certain that users are following password guidelines, updating software when they are supposed to and avoiding untrustworthy software. Plus, this option can cost IT admins valuable time.
IT organizations needed another option. Mac enterprise management needed to cover both user management and systems management without an insane cost to time or budgets. In a sense, the solution needed to be the next generation of Active Directory. AD managed Windows users and systems, so an analogous management tool would be helpful. But the idea wasn’t to just have a Mac focused IT management tool, but rather a cross-platform management tool from the cloud.
Mac Enterprise Management with a Cloud-Based Directory
Directory-as-a-Service® has become this solution for organizations with heterogeneous environments. As a cloud delivered directory service, it is Active Directory reimagined for the modern era of cloud, web applications, and Macs. Directory-as-a-Service unites your disparate fleet of Mac, Linux, and Windows systems and offers IT the ability to gain full control over user accounts as well as the Mac system itself.
While user and system management is at the core of the Directory-as-a-Service platform, this cloud-based Active Directory alternative also grants IT centralized control over wired and wireless networks, legacy and web-based applications, and virtual and physical storage. Your organization can not only achieve secure Mac enterprise management over users and systems, but also secure access to all of the modern IT resources used in your environment.
For more information on Mac enterprise management for users and systems, consider watching the whiteboard video below or contact our team for more information. You are also more than welcome to test our system management or any other product features by signing up for a free account. Your first ten users are free forever.
To read this blog post in Spanish, please click here.
Apple® Mac devices are growing in corporate popularity by the day. It’s up to IT departments to make sure that these devices utilize all resources in the environment, as well as ensure they’re visible and managed.
This can be a challenge, as Mac and Windows are very different, and Mac devices remain a minority in Windows-dominant environments. Determining how to incorporate Mac into a Windows infrastructure includes a number of factors, such as: the number of devices that need support; what type of access they require; and what tools and systems an organization already has. IT departments also need to figure out how to integrate Mac with existing Windows and Active Directory domains.
In Windows-centric organizations, managing Mac is not the highest priority on the IT project list for a variety of reasons. Few IT teams have expertise in managing Mac. Familiar techniques for managing PCs don’t help, and the best practices for dealing with Mac in a complex enterprise infrastructure can be convoluted and are not widely known.
IT teams take four main approaches when trying to accommodate Mac devices:
- Incorporate Mac devices into the Active Directory (AD) domain using existing tools meant for Windows computers.
- Use special third-party tools to manage Mac devices in the AD domain.
- Manage Mac like mobile devices.
- Manage both Mac and PC computers in Microsoft SCCM.
Some teams decide to have unmanaged macOS® devices in the environment, but this is a big security risk. You won’t necessarily lose a job if a Mac gets hacked and your infrastructure becomes vulnerable, but this can be destructive in many other ways.
Let’s take an in-depth look at these four approaches to managing Mac devices in a Windows environment.
![Project management software for mac Project management software for mac](/uploads/1/2/6/3/126335406/276317287.png)
1.Incorporate Mac devices into the Active Directory domain using existing tools.
This is the preference of many IT administrators. It’s possible to a certain degree; Mac desktops and laptops include the client component necessary to join AD and other standards-based directory services. Binding a Mac to the domain is relatively simple. Windows Server automatically creates the computer object in AD (unless it already exists), just like it would with a Windows desktop.
Recent macOS releases make it even easier to integrate Apple products, as the OS can work with Microsoft System Center Configuration Manager (SCCM) and Microsoft Exchange ActiveSync.
The fact remains, however, that Mac computers are not Windows desktops, and most management products are built for Windows. Native SCCM capabilities for Mac devices are limited and insufficient for full macOS lifecycle management. Compatibility issues inevitably come up. One way to smooth these issues is to extend the AD schema to better accommodate Mac computers. However, that requires development resources and technical expertise beyond what many companies can commit, especially if Mac devices are in the minority.
2. Use special third-party tools to manage Mac devices in the AD domain.
AD and command support in macOS make integrating Mac devices easier, but many administrators still like to use other tools to help with management. For example, IT admins can join Mac devices to AD domains and then use Apple Remote Desktop™ to push commands out to Mac clients.
An alternative is to implement Mac OS X® Server on its own system; Apple Profile Manager can then be used to set Mac policies based on AD groups. This entails setting up an Apple Open Directory domain alongside the AD service, which can make management easier in the long term. The Mac devices are still bound to AD, so there is seamless communication between the two environments, as well as shared file and printer services.
If this sounds too complicated, there is Centrify User Suite (Mac Edition), which can administer Mac devices and centrally manage authentication, policy enforcement, and single sign-on. Another option is Jamf Pro, a comprehensive endpoint management product.
3. Manage Mac like mobile devices.
Apple is moving toward a mobile device management (MDM) model, rather than a traditional directory services model. This means that IT admins can use the same management tools on Mac computers, iOS, and Android devices.
The new Apple MDM framework allows administrators to initiate AirPlay® sessions on managed devices and push enterprise applications to Mac computers. Improved OS X Server and platform capabilities also make it more MDM-friendly. Users can register Mac devices, and vendors can make use of a greater number of application programming interfaces available to third-party security and management solutions.
![Enterprise management software for mac os x Enterprise management software for mac os x](/uploads/1/2/6/3/126335406/426222780.jpg)
Many MDM vendors have quickly embraced new Mac features, such as VMware AirWatch. AirWatch allows admins to manage Mac computers alongside smartphones and tablets and perform a wide variety of tasks.
Organizations can also implement a separate tool, such as MobileIron or an Apple server not bound to AD. This allows IT admins to implement user access through virtual private networks without having to join the devices to the domain. This is useful when incorporating users’ personal Mac laptops.
4. Manage both Mac and PC computers in Microsoft SCCM.
This approach works best for organizations that already use Microsoft SCCM to manage PC. However, Microsoft SCCM alone has only a few features for managing Mac devices—not enough for managing Mac in enterprise. SCCM allows for the following:
- Setting up support and enrolling macOS clients.
- Deploying settings to macOS clients.
- Performing hardware inventory of macOS clients.
- Deploying applications to macOS clients.
While SCCM is capable of managing these devices, additional items need to be installed and configured to support Mac. You’ll need to implement a public key infrastructure for Active Directory Certificate Services. These certificates are used to communicate with SCCM through SSL communications. Each Mac with a SCCM client installed acts like an Internet-based client.
Since the Mac devices are acting like Internet-based clients, you’ll need to have a Configuration Manager Site server with a fully qualified domain name, as well as a minimum of one HTTPS-enabled management point and one HTTPS-enabled distribution point.
You’ll also need to configure the enrollment point and enrollment proxy point features in SCCM. This will allow your macOS clients to be enrolled in the SCCM environment after the client is installed. In order to enable the management of these macOS clients, you’ll need to configure custom client settings.
SCCM’s built-in support for Mac OS does work great, but there are certain limitations to the features and functionality of this support. To manage Max OS X clients, you must have PKI infrastructure and additional SCCM site systems. If you’re not planning on enabling HTTPS communications for your entire corporate environment, you’ll need to have multiple management points and distribution points. One management point will be configured for HTTP communications, and one will be configured for HTTPS communications, as is the same for the multiple distribution points.
Extend SCCM for Enterprise-Level Mac Management
What if you could add the same right-click management that Windows devices receive in SCCM to Mac devices? What if you could do it with a short learning curve, no silos, and the same system administrators?
There is a solution that can do all of this and more: Parallels® Mac Management for Microsoft® SCCM. Parallels Mac Management gives SCCM all the missing tools for Mac management, including FileVault® 2 encryption, macOS deployment, application delivery, Apple Device Enrollment Program, and compliance via SCCM configuration items and baselines.
Mac Os Enterprise Management
With Parallels Mac Management, you simply add full macOS lifecycle management to Microsoft SCCM and manage PC and Mac computers in a single pane of glass. There’s a minimum learning curve and no additional infrastructure required. The solution leverages your Microsoft SCCM investments and enables Windows admins to manage Mac computers.
Enterprise Management Software For Clubs
For further information on Parallels Mac Management, please feel free to contact our sales team to request a free trial.