GPOs for macOS

Written by Vince Lujan on June 29, 2020

Share This Article

Microsoft’s Group Policy Objects (GPOs) are one of the most valuable functions of the Active Directory platform. With GPOs, IT administrators can configure and tightly control Windows® systems. The problem, however, is that GPOs do not extend to non-Windows operating systems, including macOS® and Linux®. In this post, we’ll walk through why GPOs are so valuable and then explore cloud-based solutions that give admins the same control of the macOS systems in their fleets.

Characteristics of Active Directory GPOs

AD’s GPOs are effectively templated commands and scripts designed to help admins manage an on-premises network of Windows systems in a non-programmatic way. GPOs control guest access, disable USB ports, configure screen lock timeout, and manage a wide variety of other system behaviors, for example. The key benefit is that GPOs enable admins to manage a fleet of Windows systems from a central location by automating tasks that would otherwise have to be configured on a per-system basis.

However, GPOs can be challenging to implement, and admins must dedicate time to ensuring they understand the overlap and inheritance among competing GPOs. Plus, admins with macOS and Linux systems in their fleets must seek third-party solutions to manage those systems, as they can’t do so natively through AD. Emerging cloud-based platforms can integrate with AD and extend analogous system management capabilities and GPO-like controls to these systems.

Group Policy Management for macOS, Windows, & Linux

One cloud-based platform is JumpCloud® Directory-as-a-Service®. JumpCloud can either serve as a comprehensive AD identity bridge or as a standalone cloud directory service. Admins can use it to securely manage and connect users to their systems, applications, files, and networks — and cross-platform GPO-like capabilities are a core function of this cloud based platform.

Like GPOs, JumpCloud Policies are effectively templated commands and scripts that enable admins to control and configure machines, and they can be applied to macOS, Windows, and Linux machines. For macOS in particular, admins can use Policies to manage FileVault 2, disable mass storage devices, prohibit System Preferences changes, control system updates, set lock screens, and much more. Admins can also create custom scripts and commands to deploy on remote machines for tasks such as installing and updating software. These commands and scripts can leverage any language supported by the device (i.e., PowerShell, Bash, Perl, Python, etc.). For macOS systems, JumpCloud also implements the Apple MDM protocol for additional controls.

JumpCloud MDM Enrollment Policy

JumpCloud has integrated Apple MDM functionality, as well as a pre-built Policy to install the JumpCloud MDM enrollment profile on target machines. Once machines are configured, admins can lock, restart, shutdown, and wipe them with a click of a button in the web-based Admin Portal. Admins can also integrate JumpCloud with Apple Business Manager or Apple School Manager to initiate zero-touch enrollment workflows. 

Learn More about GPOs for macOS

With JumpCloud, admins can manage fleets of heterogeneous systems from one management platform in the cloud. JumpCloud goes beyond cross-platform GPO-like policies to provide a comprehensive set of identity management tools for virtually any IT resource — including on-premises and web applications, file servers and storage solutions, cloud infrastructure providers, and RADIUS networks.

Click here to learn more about cross-platform system management from the cloud. Otherwise, check out our whiteboard presentation below to learn more about JumpCloud’s GPO-like Policies for macOS (and Windows and Linux) machines:

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter