By George Lattimore Posted October 2, 2019
Managed Service Providers (MSPs) know that Microsoft® Active Directory® (AD or MAD) is a cornerstone of IT. For the past two decades, MSPs have used MAD to manage their client organizations. MSPs rely on AD for user and system management with Windows devices, and it has been highly effective at securing access to on-prem resources.
But when these clients use Macs, MSPs run into serious user and system management roadblocks. Let’s understand this common scenario to see if there’s a more streamlined, cost-effective way forward for managing Macs with AD.
Active Directory—What is it Good for?
For MSPs, knowing your way around AD and understanding how to manage Windows environments, devices, Azure cloud services, Sharepoint, etc. remains a valuable skill for winning Microsoft-heavy client organizations. However, many other kinds of resources are emerging that present challenges for AD, such as AWS, G Suite / O365, web apps, Linux, Macs, and more.
Most clients these days want to use Macs, Linux, web apps, and more, and they expect their MSP to have a solution ready. Furthermore, they are often indifferent to the back-end complexity, and leave that entirely to the MSP to figure out. Let’s dive further into how MSPs can overcome these hurdles specifically to manage Macs with AD.
How to Manage Macs with AD
So, if a client already has AD, or their MSP has already installed AD on-prem to manage the network, Macs present a problem. Why is this? User provisioning, deprovisioning, password management, and enforcing policies can’t be performed natively across Macs by Active Directory. So while manually binding Macs to AD is possible, it’s not practical or scalable for the MSP long-term, nor does it allow for effective Mac user management or policy enforcement. AD simply wasn’t designed to work well with Macs.
Instead of manually binding Macs to AD for limited user management (which quickly eats up an MSP’s time and patience), another option is to purchase add-ons to pave over the inefficiencies. To do this, a directory extension and a system management solution are often required. These add-ons are then integrated together with the on-prem AD instance, effectively handcuffing the client’s IT to the on-prem server and adding more operating costs to MSPs. The irony here is that the client really is just trying to leverage modern IT tools which are often delivered from the cloud. Furthermore, these add-on solutions aren’t cheap and add extra steps to the management process for the MSP.
A third option, known as AD Integration, is now available for managing Macs with AD from the cloud. This alternative combines the functions of a directory extension with a system management tool into one, all-inclusive, cloud-based solution. On the system management side, AD Integration enables GPO-like policy management for Mac and Windows (and Linux), script execution, multi-factor authentication (MFA) for Macs and Linux, and much more, without requiring a VPN connection. On the directory extension side, AD user accounts and groups can be extended to authentication protocols, such as RADIUS, LDAP, SAML, and more.
So, while the focus of this piece is Mac management, JumpCloud enables MSPs to extend Active Directory to much more than just Macbooks. End users can retain their AD credentials while securely accessing cloud-based and non-Microsoft resources. The client organization achieves greater freedom of choice for IT resources, while the MSP has stronger control and security with fewer tickets from end users.
Learn More About Managed Services for Macs Using AD
Are you a service provider looking to provide managed services for macOS systems using Active Directory? We’re here to help guide you to a solution that best fits your needs. Contact us today and begin exploring our Partner Program for training, resources, and co-marketing campaigns.