In Blog, Device Management

One of the most powerful features of Microsoft® Active Directory is its ability to set and manage policies on Windows devices.

AD does this through a feature called Group Policy Objects. AD can remotely set and execute policies on any Windows devices connected to it. The scope of capabilities is impressive – you can set security variables, connect to network drives, and control user management features. And, that’s just the start. You can script virtually anything you want on the device.

But Microsoft AD only works for Windows. What do you do for Macs?

How to Set and Manage Policies on Macs

Modern directories should be able to perform three major functions across a wide variety of devices: authentication, authorization, and management.

AD serves these three functions as well, but only all three work for Windows. OpenLDAP, the leading open source directory services solution, doesn’t even try to do management and struggles at authenticating and authorizing Macs.

On the other hand, Directory-as-a-Service™ solutions were created with the intent of not only authenticating and authorizing Mac users, but also of managing their devices.

How Device Management Works on the Cloud

Directory-as-a-Service device management is executed with the help of a lightweight agent that sits on each device. The little agent on the Mac device connects back to the cloud-based directory and grants IT admins full control over the device. Not only does DaaS control the users on the device, but it also can execute policies.

This article is focused on Macs, but all of the same functionality applies to Windows and Linux devices as well.

Full Policy Control for Macs

The policies can be created in any language that the Mac device can support and is often done in bash or a scripting language. The policy can be uploaded directly to the commands tab within JumpCloud or it can be executed as a file.

Policies can be as simple or complex as IT admins want. Policies can include settings such as the timeout for locking the computer, remote wiping the device, run scripts during startup or shutdown, and many others.

JumpCloud’s Directory-as-a-Service can enable IT admins to execute on these policy settings through existing templates included with JumpCloud. If JumpCloud’s templates do not suffice, IT admins can customize policy settings to match their requirements. Any setting or variable that is available to the agent is available to the IT admin.

As policies are executed, the success or failure of those are reported back to the Web-based console. All results are exposed to the IT admin including error codes. Policies can be executed on a scheduled basis, ad hoc, or triggered via a Web hook.

A New Chapter in Mac Management

Macs have historically been self-managed. Without strong tools to integrate them into an organization’s infrastructure, Macs tend to be treated as islands. Especially in heterogeneous environments, Macs end up being second class citizens.

With Directory-as-a-Service Macs can have the same control and management that Windows devices have enjoyed with AD. Now, through Directory-as-a-Service, all three major platforms can be controlled and managed centrally with full task and policy execution capabilities.

If you would like to learn more about how Directory-as-a-Service can support your Mac policy management requirements, say hello. We’d be happy to talk to you about it.

Recent Posts