The following article is associated with a JumpCloud webinar on Mac management featuring leading Apple industry speakers and practitioners Bradley Chambers, writer at 9to5Mac and IT Director, and Tom Bridge, host of the Mac Admins Podcast and Principal Apple Product Manager at JumpCloud. Watch the full webinar recording here.

Mac admins are a resilient bunch, but mostly because they’ve had to be. With a new version of macOS released every year, admins need to be aware of what’s coming down the pipe and keep their Apple fleets as up-to-date as possible. On top of that, Mac admins are used to dealing with differences within their environments and supporting whatever is thrown their way. 

We are living in a fragmented OS world and it will continue to be that way. Although the days of Windows having the vast majority of market share in the enterprise are over, few organizations as they scale can maintain a 100% Mac environment. IT providers need to figure out how to manage multiple operating systems together in a way that’s both functional and secure — and, without feeling like they need to manage or learn three different tools.

The best way to do that? By following best practices from the manufacturers, and leaning into the vendors that support those best practices while still providing a great user experience. Whether you go with multiple vendors for each operating system in your environment or a single vendor that works with all of them, you need to be able to develop an approach that covers the entire environment.

This article will focus specifically on some of the unique challenges and trends Mac admins need to consider in pursuit of optimal Mac administration.

Current Challenges for Mac Admins

M1 Processors

The move towards the M1 processor has taken up a large portion of time for Mac admins this year. There are unique challenges associated with the switch to this silicon, including:

• Ensuring compatibility with existing tech stacks to keep everything working properly
• The inability to install a firmware password, particularly a concern for those in education environments who do not want students removing blocking software, etc
• Redeployment looks different. Since M1 Macs carry the same permission model as iOS devices, the first person with a user on the machine is considered the owner. Admins must carefully manage the activation lock process with their MDM.

Update Compatibility

Part of why I love being a Mac admin – you have to stay current. The half-life of knowledge is 12 months. Half of what you know you not only have to forget, you have to learn new material. In every 12 month cycle. It is both delightful and infuriating all at once.

Tom Bridge, Principal Apple Product Manager at JumpCloud

Mac admins do not have the luxury of getting comfortable. In the last five years, Apple OS updates have been moving at a much faster pace, which is great for security but not for compatibility or user workflows. The world where IT had control over every aspect of the user experience is gone. 

For example, Apple has had issues with security and compliance routines around the upgrade cycle. It is not an easy task for admins to make sure their MDM-managed macOS machines run Software Update but the consequences of not keeping a fleet up to date are substantial, especially in environments where security is a priority.

Although we’re still talking about the challenges of Big Sur, macOS 12 Monterey is already headed our way. Things are constantly changing for Mac admins, so the best course of action is to try and design innovative workflows that incorporate an awareness of constant change. It needs to be somebody’s job to manage app infrastructure and think through new processes in regards to what’s coming.

On the plus side, Mac admins are community-oriented and often willing to share solutions. Apple has also gotten better at releasing things outside of WWDC, so new software updates and features come out in a steady trickle rather than a firehose all at once.

The Challenges Specific to Big Sur

There are two specific challenges faced by Mac admins in the era of Big Sur that are worth mentioning:

1. Individual command line tools no longer have access to the user configuration profiles. You cannot install profiles that way and expect them to work all the time. You have to have a user who is willing to open system preferences and assent to that profile being installed on their machine. This is a big change for organizations who were using various tools to force install MDM configurations.
2. There was another big change to the Privacy Preferences Policy Control payload. In previous OS’s, no matter the user’s level of admin rights, they could approve the screen recording, mic, and camera for all applications. In Big Sur, non-admin users have to create a more detailed privacy policy for their MDM to deliver so users can still approve the ability to share a screen. This primarily affects new installs and new machines.

Trends in Mac Administration

Unification of Applications

The days of locally installed apps are coming to a close as SaaS dominates the enterprise cloud computing market. Even now, locally installed apps are often just windows into the cloud back end. For example, Jira has a native Mac app, but it is simply a UI into an organization’s Jira platform hosted externally. There is a larger trend towards unifying all applications under a single sign-on (SSO) vendor to provide a seamless experience for end users.

This is especially true for new employees. By unifying these services together, onboarding can happen remotely. Admins can ship out a Mac in a box associated with their MDM, HR can kick off the identity system, and the employee can access all of their applications from the initial login. The unification trend can be taken a step further with a cloud directory platform that unifies SSO with both device and identity management.

Remote Work Lifecycle

Thanks to the unintentional diaspora of 2020, IT admins have been forced to go through the process of enabling “work from anywhere.” Fortunately for Mac admins, Big Sur came with additional tools for remote management, including a better workflow for zero touch enrollments that make an admin’s job significantly easier. 

The shift from centralized deployment to remote, user-led deployment has given Apple a chance to shine. Mac admins now have the ability to drop ship a machine from the Apple supply chain and put it into the user’s hands without ever having seen it. Directly out of the box, a Mac can enroll in an MDM, have an identity placed, and deploy applications specific for that user.

Traditional onboarding workflows used to have a major checklist of complicated tasks for admins to complete, from accessibility setup to user creation to software installs and more. Now device deployment can be turned into an automated process and Mac admins can focus on more strategic priorities, such as keeping up with the latest updates to come out of WWDC 2021.

Make the Most of Being a Mac Admin

It has never been a better time to be a Mac admin. There are a wealth of solutions available for organizations, and a ton of opportunities for IT practitioners to bring a streamlined experience to users. Employees want the computer to get out of the way of them doing their job, and the onus is on IT to Make Work Happen® in the most efficient way possible. Achieving that with a great MDM and an identity management system is table stakes for any organization bigger than just a few people. 

While there are a dozen options for MDMs, SSO, and identity management, the ability to consolidate these tools into a single solution is powerful. IT admins using the JumpCloud Directory Platform benefit from granular controls and a comprehensive view of not only their Mac fleets, but Windows and Linux machines as well. To gain a better understanding of how JumpCloud’s MDM can help you optimize your organization’s Mac administration, sign up for free today for your first 10 users and 10 devices. You’ll also get 10 days of 24×7 Premium in-app chat support to get you started.