For the past few years, you could count on two things in fall: new macOS® updates and trick-or-treating. This year, the only one of those that will happen for sure is the latest version of macOS shipping. That’s probably a good thing because it’s an important one, so IT organizations are going to need all hands on deck.
Introducing macOS Big Sur
macOS® Big Sur introduces several changes for end-users, but it’s also an important one for enterprise Apple® environments. With the immense growth in ‘Work from Home,’ (WFH) the need to remotely manage, secure, and update your fleet of Apple devices has never been more vital to your organization’s IT environment. macOS Big Sur introduces several essential security enhancements that require organizations to use official Apple MDM vendors. Apple’s commitment to privacy doesn’t stop in the home as the company wants even enterprise end-users to trust what their company’s IT department can see about their Mac®.
Organizations that rely on manual management of their Macs or a third-party vendor that doesn’t use Apple’s native MDM protocols or APIs are sweating when looking at the coming months. Or, worse, they’re blissfully unaware what’s about to hit their IT department. Once they realize that the ‘old way’ isn’t going to work going forward, one of the first web search terms they will type in is ‘free MDM.’ For extremely small companies, free or open-source MDMs might work for basic management and even some basic configuration, but nothing is truly free in life. These solutions are often only free for a few devices, and they often require you to manage an on-premise infrastructure, manually install updates, troubleshoot connectivity issues, and much more.
Before you purchase a device management system, there are some core features that you need to evaluate and consider.
As much as many of us in the IT field love Apple products, they still make up a small (but growing) percentage of the overall device portfolio. A key factor when choosing a device management system is if it will work with all of your devices. If you select a free vendor that only works with Apple products, then you’ll need to set up a different solution for Windows and Linux. Having multiple solutions will require an IT organization to duplicate work, have multiple deployment processes, and stay up to date on different technologies.
The security functions of a device management solution are also critical to consider. Is a free or open-source solution going to be PCI, CI, HIPAA, SOX, SSAE16, or ISO-27001 compliant? If your industry requires such security checks, keep that requirement in mind as you make your selection.
After your Macs are in the hands of your employees, what configuration options do you have? Are they required to be on-premises to download new apps or receive recent security policy changes? Will your MDM consider a home network the same as a corporate network? In a ‘work from home’ culture, it will be critical for employees to work wherever they are all the while IT can assure their company laptops are secure regardless of location.
Software deployment on macOS comes in two flavors: App Store apps and non-App Store apps. For apps sold through the Mac App Store, they can be purchased through Apple Business Manager and then installed remotely through an MDM solution without any action required by the end user. For non-App Store apps, they must be packaged up and installed manually. Many paid MDMs will offer an ‘App catalog’ with popular enterprise apps pre-packaged and ready to install. If a free solution doesn’t provide that, then consider the time it will take to package up your apps to install.
Software is an ever-changing security threat, and it’s something that has to be regularly patched to stay ahead of the latest threats. Patches include the latest updates from macOS as well as your software library. When considering a mobile device management solution, one should consider how easy it is to keep your fleet of Macs up to date on all software patches. A final note on patch management to consider is if your MDM solution can confirm patches have been installed for compliance reasons.
Zero Touch Deployment
Zero-touch deployment was necessary for 2019, but it’s a requirement in 2020. How will your IT department deploy devices when there is no office? Zero-touch deployment is a critical component of any MDM solution. You should investigate the integration with Apple Business Manager before choosing a vendor. With the right solution in place, it’s possible to order a laptop from Apple, have it shipped directly to an employee, and have the laptop enroll in your MDM, apply all policies, and install all of your chosen apps without additional time required by IT. Practically the only thing IT will have to do is purchase the device.
User management has become more complicated as companies have increased the number of SaaS products in their core app library. A key factor in your MDM decision should include understanding how your new MDM will work with your directory services. Will you be able to connect them together to automate user management on your devices?
Not all free or open-source mobile device management solutions will check all the boxes for every requirement. The next step should be evaluating what needs are met and can your organization live without the ones not available. It’s critical to pick the right solution as it’s incredibly costly to change after employee devices are already onboarded.
Anyone can try JumpCloud MDM and the entire cloud directory platform by setting up a JumpCloud Free account for up to 10 users and 10 systems, with free premium chat support in-app for 10 days.