Why Enterprise Mac Management: Trends & How To

By Rajat Bhargava Posted August 30, 2015

mac management enterprise

IT has long stayed away from Macs in the workplace – and wisely so.

In 2008, market research firm Forrester declared, “Macs pose too many problems for IT departments…unless your market is a niche business group, Windows is the only desktop you need support.”

But then in 2011, Fortune announced Hell Freezes Over: Forrester Urges IT to Support the Mac.  Over the next three years, Macs slice of the enterprise market has doubled (ComputerWorld). Why the sudden U-turn?

We’ll explain the trends driving adoption of Macs in enterprise, the advantages and challenges that come with it, and the most effective tools you can use for Mac user management. Organizations that don’t support Macs risk being left behind.

The Trends:

  • Enterprise Mac Adoption on the Rise:  A 2014 survey of IT professionals found that over 90% of businesses use Apple products, with 91% supporting iPhones, 89% supporting iPads and 60% supporting Macs (JAMF).
  • Mac Users tend to Work and “Think Different”:  Mac users are 13 percent more likely than PC users to say that they want to be unique and “make my own mark” (Ruhani Rabin). Forrester identifies them as part of a group they call HEROs (Highly Empowered and Resourceful Operatives), that is, “the 17% of information workers who use new technologies and find innovative ways to be more productive and serve customers more effectively.”
  • Major Enterprise Deployments:  Macs in-office was once mainly for smaller niches, design firms, or cloud-forward companies. Accenture, Cisco, American Airlines, Deloitte and GE are all examples big companies that now boast fleets of Macs as part of their enterprise (ComputerWorld).
  • Mac Adoption is Still Growing:  98% of IT professionals surveyed in 2014 expected Apple device growth to increase by at least 25% over the next three years (JAMF).
  • IT is Scrambling to Keep Up:  The 2014 JAMF survey of IT professionals that a whopping 80% were not very confident in the Apple device management solutions currently in use. They also expect their resources in dealing with this growth to be limited:  just 40% say they will get additional IT budget and only 20% report they plan to hire more staff.

Reasons to Embrace Enterprise Mac Support:

So far we haven’t really delved into why this is happening. What are the benefits and reasons driving adoption of Macs in enterprise? If you’re wondering “How can I convince my manager / IT department to support Macs?”, we’ve got ammunition for your argument below.

User Preference:

The biggest factor driving IT departments to bring Macs on board is simply that their employees want to work on Apple devices. A whopping 78% of IT professionals surveyed cited user preference as the main reason for supporting Apple (JAMF).

Attract Better Employees:

Mac users tend to be young, highly educated, and devout in their preference for their Macbooks, et al. In other words, a wide swath of today’s best and brightest job candidates are Mac users who may actually factor an employer’s support for Apple devices into their selection.

Gregory Simpson, CTO of GE, cited their support as a “positive recruitment tool” and an indicator to potential employees that they’re a “contemporary company” (NetworkWorld).

microsoft losing market share

Enterprise IT Homogeneity is On its Way Out Regardless:

Thanks to mostly to mobile, Microsoft’s share of the consumer computing market plummeted from 95% down to 20% between 2004 and 2012 (Goldman Sachs). With the rise of BYOD, IT departments are going to have to deal with a variety of operating systems and devices no matter what. So you may as well bite the bullet and support Apple devices, along with Linux, Android, and others.

A Happier, More Productive Staff:

You’ve probably heard about Apple’s speedy solid state drives and buttery-smooth workflows, both of which contribute to the idea that Mac users are more productive.

But happiness is also linked to productivity and employees simply like having the power of choice when it comes to their work device. Peter Yared, CTO of CBS Interactive, said of their adoption of Macs, “Employees are happier and that makes them more productive. We might see over time that 90% of employees want Macs.”

Positive Impression:  

The appearance and reputation of a device is trivial compared to what you actually do with it. But that won’t stop a sleek Macbook air or iPad from impressing a potential client, employee, or investor. Whether in the board room, a coffee shop, or at the office, Apple devices used by your team indicate that your company is contemporary and does good work.

Security:

“One thing we found is it’s clear that there’s more confidence in the Mac for the perception of security — it’s more secure than a Windows machine. That’s hard to argue, because historically there have been relatively few intrusions on the Mac,” says analyst Dave Johnson, at Forrester Research.

How to Manage Mac Users at the Enterprise Level:

Conventional Management Solutions

For many years, the existing “solutions” for managing Macs weren’t much of solutions at all. A directory should be able to accomplish three primary functions:  authentication, authorization, and management.

While Microsoft AD can authenticate Macs, by itself it doesn’t allow for the full functionality of device management. If a company or organization is going to have more than a handful of Macs, it become highly cumbersome and inefficient for IT to manage and provision all these devices/users through AD.

OpenLDAP is the leading open source directory service and has presented another option for IT admins. But even just connecting Macs to OpenLDAP is a highly technical, highly tedious tedious process. As with AD, the system truly was never built for Macs and it doesn’t scale well. Even if it were more efficient, using OpenLDAP by itself doesn’t grant full control over Mac devices.

This leads us to the third conventional management solution for Macs:  self-management / no management. This route is most common with smaller organizations, but it has even been implemented by Cisco with 2,500 Mac users. Vice President Sheila Johnson explains their perspective:  “It should be a last resort to call the help desk when you have a support problem. To avoid this, within the community we provide actions, content and policies, and chat.” Johnson paints a rosy picture, but for companies that need true control over their devices and users, this isn’t an option.

Ultimately, the three conventional options above are all workable, but they all fall short of ideal. Thankfully, service-based innovations in the cloud have allowed for a complete directory control over Macs, from authentication on to authorization and management.

Modern Mac Management with the Cloud

In fast-moving, increasingly heterogeneous business environment, IT admins would like a directory that can stay ahead of the curve and work equally well for Mac, Linux, and PC. They want to be able to tightly control access, remotely troubleshoot issues on the machine, and set policies.

That’s what the cloud can offer. IT departments are beginning to embrace Software-as-a-Service (SaaS) directory options that grant them the central control and security that they’ve long needed. These services can grant businesses full control over their Mac devices – including the critical ability to completely wipe data off of a device remotely in case of a terminated or “rogue” employee.

You may not have heard about this relatively new approach to the directory, but it’s already making a big splash in the IT industry. JumpCloud’s own Directory-as-a-Service® (DaaS) platform swept the 2015 Interop Awards (Forbes).

How it Works

Installation is either achieved with a simple command or distributed out via a software distribution system. Management is done through a Web-based console, rather than at the command line as with LDAP.

Admins can take one of two approaches with Directory-as-a-Service:

  1. Extend AD through a bridge to DaaS and have DaaS control Mac devices
  2. Leverage DaaS as the full directory service for the organization

Either choice grants IT admins complete user management and device control over Macs. Of course, this works for Linux or PC devices as well. With DaaS, IT can leverage LDAP, SAML, RADIUS, and other authentication protocols all in one.

DaaS device management is executed with the help of a lightweight agent that sits on each device. The agent on the Mac device connects back to the cloud-based directory and gives IT admins full control over the device.

Policy Control for Macs

One of the huge elements that has been missing from Mac management solutions is policy control. Without it, things just aren’t very efficient. With DaaS, policies can be created in any language that the Mac device can support and is often done in bash or a scripting language. The policy can be uploaded directly to the commands tab within JumpCloud or it can be executed as a file.

Policies can include:

  • settings such as the timeout for locking the computer
  • remote wiping the device
  • run scripts during startup or shutdown

This list is nowhere near complete. Any setting or variable that is available to the agent is available to the IT admin. Existing and custom templates are available to make the process more efficient.

As policies are executed, the success or failure of those are reported back to the Web-based console. All results are exposed to the IT admin including error codes. Policies can be executed on a scheduled basis, ad hoc, or triggered via a webhook.

The Cost of Implementing a Directory Service

Having a highly trained team keeping your directory available 24/7 must come at a high price, right? Surprisingly, SaaS solutions can be highly cost-effective.

They can save startups from having to purchase and maintain on-premises servers. The biggest cost-saver is in not having to hire additional staff. Generally, they offer pay-as-you-go options that give organizations of all sizes the ability to assess and manage their directory. JumpCloud’s offering is actually free for the first 10 users.

Enterprise Mac Management is Possible

Whether you came here because you’re an IT admin recently tasked with managing Macs, a CEO wondering if it’s a wise business move, or a humble user who just loves your Macbook Air, we hope you’ve found this page helpful.

All signs point to more types of devices in the workplace – and Apple is truly leading the charge. So charge up your iPhone, power-on your iMac, and get ready for Macs in the office. It’s happening, with or without your organization.

If you’re looking for more reading about Macs management, take a look at our four part series:

Got questions or comments? We’re always available to talk on our contact page.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts