Mobile device management (MDM) has gone from a ‘should probably have’ to a ‘must-have’ for IT organizations with Apple products. Thanks to the release of macOS Big Sur, it has become crucial to pick the right vendor with the feature set that meets your organization’s needs.
For many IT organizations, though, this must-have solution – an Apple MDM – dramatically increases the costs to operate their fleet of Apple devices, so the question becomes whether there is a free Apple MDM solution available.
The Apple MDM Landscape
macOS Big Sur introduced several changes for end users, as well as changes for the management of enterprise Apple environments. With the immense growth in ‘Work From Home,’ (WFH) the need to remotely manage, secure, and update your fleet of Apple devices has never been more vital to your organization’s IT environment.
Of course, many of these changes to require MDM pre-dated the global pandemic, but the right MDM solution can enable easier remote management.
There were several essential security enhancements added to macOS that require organizations to use official Apple MDM vendors. Apple’s commitment to privacy doesn’t stop at home—Apple wants even enterprise end users to trust what their company’s IT department can see about their Mac.
Or said another way, IT organizations must be transparent and communicate what they are doing with an end user’s device, even if it is corporate controlled.
Organizations can no longer rely on manual management of their Macs or third-party vendors that don’t use Apple’s native MDM protocols or APIs. For extremely small companies, free MDM or open source MDM might work for basic management and even some basic configuration, but nothing is truly free in life.
These solutions usually have device limits or time limits, and they often require you to manage on-prem infrastructure, manually install updates, troubleshoot connectivity issues, and more.
All organizations have different requirements they need to consider when choosing the best Apple MDM solution for their use case. It’s essential to focus on your organization’s functions and needs first, as each solution puts its unique spin on the MDM APIs. The following sections detail the core features you may want to evaluate before leveraging a device management system.
Things to Look For in a Free Apple MDM Tool
Although many in the IT field love Apple products, they still make up a small (but growing) percentage of the overall device portfolio. If you select a free vendor that only works with Apple products, then you’ll need to set up a different solution for Windows and Linux. Multiple solutions will require an IT organization to duplicate work, implement multiple deployment processes, and stay up to date on different technologies.
Bottom line: Make sure your device management technology is a cross-platform, multi-protocol, provider-agnostic, and location-independent solution to ensure you can support whatever tools your organization currently uses. An MDM tool shouldn’t limit your choice of other vendors and technology.
The security functions of a device management solution are also important to consider. If you have employees working remotely, you need to be able to manage all aspects of each machine with features such as remote wipe, lock, restart, shut down, mandatory password strength, multi-factor authentication (MFA), and more.
Is a free or open-source solution going to be PCI, CCPA, HIPAA, SOX, SOC 2, or ISO-27001 compliant? If your organization determines that a new security policy needs to be in place, how easy is it to deploy and activate on your devices?
And, do you have the reporting and analytics to support those audits? With the rise of domainless enterprises that allow users to securely access their IT resources from anywhere, security capabilities are an important aspect of your MDM.
Bottom line: Look for security capabilities that are mission critical to your organization. A good starting point includes features like user management, MFA, full disk encryption, screen lock, and many other core security features.
Remote Configuration & Enrollment
For the Macs in the hands of your employees, what configuration options do you have? How will your IT department deploy devices for new employees when there is no office? Do you have a way to create custom configuration settings and automate onboarding profiles based on the group your new employees will be joining?
In addition to remote configuration, zero-touch enrollment is a highly beneficial feature to have in an MDM solution. With the right solution in place, you can order a laptop from Apple, ship it directly to an employee, get the laptop enrolled in your MDM, apply all policies, and install all of your chosen apps without additional time required by IT – and, without them ever touching it.
Bottom line: Make sure to check what configuration management is available not just at onboarding, but also over the course of the user’s employment. Your MDM tool should be able to accommodate all use cases that are important for your team
Software Deployment & Patching
Software deployment on macOS comes in two flavors: App Store apps and non-App Store apps. For apps sold through the Mac App Store, they can be purchased through Apple Business Manager and then installed remotely via an MDM solution with no action required by the end user.
For non-App Store apps, they must be packaged up and installed manually. Many paid MDMs will offer an ‘App catalog’ with popular enterprise apps pre-packaged and ready to install. If a free solution doesn’t provide that, then consider the time it will take to package up your apps manually.
Also keep in mind that software installation is just one part of the experience. Keeping software patched and up to date is just as important as the initial installation. Software presents an ever-changing security threat. Will you be able to remotely ensure your company devices are patched with the latest operating system updates as well as your software library?
Bottom line: When evaluating a free Apple MDM solution, make sure to consider how easy it is to both install apps and keep your fleet of Macs up to date on all software patches.
User management for Apple devices has become more complicated as Apple has evolved macOS. Their shift to SecureTokens as a way of ensuring trust caused a great deal of challenges for IT admins. A key factor in your MDM decision should include understanding how your new MDM will work with your directory services and whether one solution can seamlessly manage the device and the users on the device.
Will you be able to connect them together to automate user management on your devices or do you have two separate solutions? Will you have control over which users can access which devices, networks, and individual applications?
Do you have control over FileVault which is intimately tied to the user and their profile? And most importantly in today’s world, can you manage access to your employees’ Macs remotely?
Bottom line: The integration of system and user management can be extremely valuable for IT organizations as they scale up their employee count.
Finding the Right Apple MDM Solution
Not all free or open-source MDM solutions will check all the boxes for every requirement. You’ll need to decide which features are absolutely essential for your organization and which ones you can live without. It’s best to choose the right solution from the start as it can be costly to switch after employee devices are already onboarded.
If a cloud-based Apple MDM solution integrated with identity management sounds right for your organization, JumpCloud may be the answer. It’s a cloud directory platform that centralizes MDM with other critical functions like SSO, cloud LDAP and RADIUS, MFA, and more to keep your company resources secure.
JumpCloud even offers Zero Trust capabilities to ensure that only the right users on the right devices have access to critical applications and IT resources. Try our free Apple MDM solution for yourself and sign up for JumpCloud Free today. You’ll receive:
- 10 users and 10 devices free for as long as you need until you scale
- 10 days of free premium 24×7 in-app chat support
- Full platform functionality – including software management, Zero Trust, and more with no credit card required