At our recent Office Hours panel discussion on August 28, JumpCloud® Product Manager for Apple® devices, Scott Reed, explored how the release of macOS® Big Sur will affect Mac® management.
Apple’s upcoming release of macOS 11 Big Sur means that organizations must use Apple’s MDM protocol to manage their Mac machines. Here, we’ll recap the session and give you tips to begin preparing your fleet now.
With macOS Big Sur: MDM is Required
With Big Sur, Apple will require that configuration profiles are deployed to devices via Apple’s MDM protocol.
“The line has been drawn in the sand, and in macOS Big Sur and into the future, the MDM framework will be the only method to deploy configuration profiles to devices,” Reed said. “An MDM is no longer optional for admins looking to remotely manage a system — an MDM is now required.”
He advised that IT administrators ensure their macOS machines are enrolled in an Apple MDM before macOS Big Sur is released.
Although you can still use Apple Configurator 2 to manage machines, that requires physical access to the devices — so a third-party MDM is the way to go if you want to manage machines from the cloud and in remote work environments.
Using JumpCloud MDM
JumpCloud offers Apple MDM as one segment of its cloud directory platform. You can use the platform to manage user identities, IT resource access, and macOS, Windows®, and Linux® devices, regardless of location.
The JumpCloud agent and the MDM protocol let you manage machines from the web-based Admin Portal. Here are some of the features that you can use to prepare for macOS Big Sur before it arrives and configure your machines:
- Mac Block Upgrade Policy: Deploy a pre-built Policy to JumpCloud-enrolled machines to block users from upgrading to Big Sur, which gives you more time to prepare before and after its release.
- Mac MDM Enrollment Policy: Use a pre-built Policy to enroll all JumpCloud-managed machines in JumpCloud MDM.
- Mac Custom Config Policy: Pair a pre-built Policy with a tool like ProfileCreator to build custom configuration profiles and deploy them to JumpCloud MDM-enrolled machines.
- Apple MDM Security commands: Wipe, lock, restart, and shutdown JumpCloud MDM-enrolled machines directly from the Admin Portal.
- Toolbar app: Users can change their JumpCloud passwords and have one-click access to their User Portals and SSO applications via a native toolbar application on their machines. JumpCloud is also developing a notification that will appear in the application to prompt users to approve their MDM profiles and ensure their machines can receive all MDM payloads.
JumpCloud’s Device Management Roadmap
During Office Hours, Reed also delved into the JumpCloud device management vision and roadmap. An important part of the platform is continuity in how you can manage devices, regardless of OS.
“As a former IT person who’s worked in the Active Directory® domain, one of the biggest challenges is that there’s no continuity in the AD domain for managing Windows machines and managing Macs,” Reed said. “Windows, you can do everything. Macs, you can do basically nothing.”
Device security is such an important component of organizational security, as users access most IT resources via their devices. JumpCloud strives for feature parity and is actively working on ways to expand the functionality of the platform, including application management for macOS and Windows.
With JumpCloud MDM, you can deploy security commands, including remote wipe, from the Admin Portal to enrolled end user Mac laptops.
Otherwise, if you’d like to learn more about the platform, create a JumpCloud Free account. With your account, you get full access to the JumpCloud platform, including MDM, for up to 10 users and 10 devices for free. Pair that with 10 days of free premium chat support with our team to get the most of your account.