Webinar: Learn how to improve WFH security in our Sept. 29 webinar with a former General Electric CIO & an industry analyst Register today

Managed Services Using AD with Macs




Managed Service Providers (MSPs) know that Microsoft® Active Directory® (AD or MAD) is a cornerstone of IT. For the past two decades, MSPs have used MAD to manage their client organizations. MSPs rely on AD for user and system management with Windows devices, and it has been highly effective at securing access to on-prem resources. 

But when these clients use Macs, MSPs run into serious user and system management roadblocks. Let’s understand this common scenario to see if there’s a more streamlined, cost-effective way forward for managing Macs with AD. 

Active Directory—What is it Good for?

For MSPs, knowing your way around AD and understanding how to manage Windows environments, devices, Azure cloud services, Sharepoint, etc. remains a valuable skill for winning Microsoft-heavy client organizations. However, many other kinds of resources are emerging that present challenges for AD, such as AWS, G Suite / O365, web apps, Linux, Macs, and more. 

Most clients these days want to use Macs, Linux, web apps, and more, and they expect their MSP to have a solution ready. Furthermore, they are often indifferent to the back-end complexity, and leave that entirely to the MSP to figure out. Let’s dive further into how MSPs can overcome these hurdles specifically to manage Macs with AD.

How to Manage Macs with AD

So, if a client already has AD, or their MSP has already installed AD on-prem to manage the network, Macs present a problem. Why is this? User provisioning, deprovisioning, password management, and enforcing policies can’t be performed natively across Macs by Active Directory. So while manually binding Macs to AD is possible, it’s not practical or scalable for the MSP long-term, nor does it allow for effective Mac user management or policy enforcement. AD simply wasn’t designed to work well with Macs.

Instead of manually binding Macs to AD for limited user management (which quickly eats up an MSP’s time and patience), another option is to purchase add-ons to pave over the inefficiencies. To do this, a directory extension and a system management solution are often required. These add-ons are then integrated together with the on-prem AD instance, effectively handcuffing the client’s IT to the on-prem server and adding more operating costs to MSPs. The irony here is that the client really is just trying to leverage modern IT tools which are often delivered from the cloud. Furthermore, these add-on solutions aren’t cheap and add extra steps to the management process for the MSP.

A third option, known as AD Integration, is now available for managing Macs with AD from the cloud. This alternative combines the functions of a directory extension with a system management tool into one, all-inclusive, cloud-based solution. On the system management side, AD Integration enables GPO-like policy management for Mac and Windows (and Linux), script execution, multi-factor authentication (MFA) for Macs and Linux, and much more, without requiring a VPN connection. On the directory extension side, AD user accounts and groups can be extended to authentication protocols, such as RADIUS, LDAP, SAML, and more. 

So, while the focus of this piece is Mac management, JumpCloud enables MSPs to extend Active Directory to much more than just Macbooks. End users can retain their AD credentials while securely accessing cloud-based and non-Microsoft resources. The client organization achieves greater freedom of choice for IT resources, while the MSP has stronger control and security with fewer tickets from end users.

Learn More About Managed Services for Macs Using AD

Are you a service provider looking to provide managed services for macOS systems using Active Directory? We’re here to help guide you to a solution that best fits your needs. Contact us today and begin exploring our Partner Program for training, resources, and co-marketing campaigns. 


Recent Posts
IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.

Blog

The JumpCloud Lounge Q&A Roundup: Enrolling in JumpCloud MDM, Pulling Disk Space, & Using Hardware for MFA

IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.

Read this blog to compare using a handful of solutions to manage your IT environment versus using a single cloud directory platform. Try JumpCloud free.

Blog

JumpCloud versus AD + Okta + Jamf

Read this blog to compare using a handful of solutions to manage your IT environment versus using a single cloud directory platform. Try JumpCloud free.

Security is simultaneously the number one priority and challenge for most IT teams. Use JumpCloud to secure your identities free.

Blog

How to Ensure Organizational Security With JumpCloud

Security is simultaneously the number one priority and challenge for most IT teams. Use JumpCloud to secure your identities free.