Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Jun 19, 2020
11 min read
While the use of desktop PCs has been predominant in the enterprise world, Macs are fast becoming a new favorite desired for their higher security, manageability, and a lower total cost of ownership. Most of us are familiar with Windows PCs, hence managing the Macs can be a daunting task for IT Admins. The modus operandi for managing Macs for experts and novices alike is to use a Mobile Device Management (MDM) solution. MDM solutions like Hexnode lets organizations to securely manage the Mac devices in a business environment, push configuration profiles to the device, and secure corporate data.
Deploying devices in a large scale poses a multitude of challenges in any scenario. Apple seeks to resolve these challenges and has provided various services and programs for making the device management considerably easier and cost-effective. While choosing an MDM, it is essential to ensure that it supports these Apple services:
For bulk deployment of devices, organizations have to sign up for Apple Deployment programs. The educational institutions can sign up for Apple School Manager and enroll the devices, deploy apps and books directly from a single web portal. An enterprise can sign up for Apple Business Manager for availing these features.
Also known as Apple Device Enrollment Program (Apple DEP), the Zero-Touch Deployment allows you to configure any Mac purchased from Apple or an authorized Apple reseller without even touching the device. The devices can be enrolled in a device management solution using just the device serial number or the order number. This allows the end-user to directly use the device out of the box.
Formerly known as the Volume Purchase Program (VPP), Apps and Books allow bulk purchasing and licensing of apps and books from Apple. These purchased apps and books can then be distributed directly to the devices without using an Apple ID.
Apple IDs are personal account credentials used to access Apple services like Facetime, iMessage, App Store, and iCloud. Depending on the business needs, the Apple IDs can be avoided entirely.
Managed Apple IDs are owned and used by an organization for accessing standard Apple services, iWork, Notes, and Apple Business/School Manager. The Managed Apple IDs allow you to perform password resets and role-based administration.
Management of macOS devices with OS X 10.7 Lion or later can be achieved with ease using Hexnode MDM. For Mac device management, Hexnode MDM has a basic framework with two components:
For efficient management of the Mac computers, it is crucial to support, manage, and monitor the devices right from the initial deployment to the end-user involvement. There are eight critical elements for managing the entire lifecycle of macOS computers:
To communicate with the macOS computers, the Hexnode MDM server sends a notification to the APNs server which in turn communicates with the Macs. Apple Push Notification service (APNs) is a service provided for communication between Apple devices and third-party servers.
The first step for Mac management is configuring APNs certificate in the Hexnode Web Portal.
The Macs have to be enrolled with an Apple device management solution before they can be deployed to the end-users. There are different methods to achieve this. For enrolling a large number of devices, Zero-Touch Deployment also known as Apple DEP is the most recommended option. You can also go for user-initiated self-enrollment where the user can enroll using an enrollment URL unique to your Hexnode MDM server.
After deployment, comes configuration. The configurations can be applied to individual devices or groups of devices based on your requirements. You can create either static or dynamic groups for applying the configuration profiles and policies.
|Static groups||Dynamic Groups|
|Defined groups with a fixed number of devices or users.||The devices/users in a dynamic group is determined by the conditions specified. It keeps changing according to the changing data.|
|Useful to manage a small and fixed number of devices/users.||Key to manage bulk devices/users with smart targeting in mind.|
With Hexnode, you can manage your enrolled Macs using Policies or Scripts. Policies allow you to define settings such as Wi-Fi, VPN, dock and screensaver settings, email configurations, and more. You can also install printers, remotely bind the Mac computers to the Active Directory, sync with Directory Services like LDAP, and even schedule OS updates. The policies are pushed to the Macs as configuration profiles to reflect the changes.
Mac Scripts are icing on the cake for Mac device management. Anything that can be run on the Terminal can be converted to a script. A script contains a set of commands for performing specific operations. Beyond the limit of the policies, different custom scripts for Mac computers can be pushed from the Hexnode Web Console.
Whether it is a company-owned device or a personal one, it is essential to ensure that the corporate data can be accessed across the managed apps in a secure manner. Managed Apple IDs can be used for this purpose. The organization or the educational institution can create these using Apple Business/School Manager. For personal devices, the Managed Apple IDs can be used alongside their personal Apple IDs.
A crucial element in managing Mac computers is app management. With Hexnode, you can deploy both store apps and in-house enterprise apps (PKG files). If the organization is enrolled in any of the Apple Deployment Programs, the Apps and Books service can be used to purchase and deploy apps in bulk to the device. There is no need for any user interaction or Apple ID in such a case.
For effective management of any devices, it is mandatory to maintain clear and concise reports. The reports have to be maintained dynamically and be always up to date with the latest data. The reports for device management should contain all pertinent info such as hardware info, software details, management details, and more for informed device management. With Hexnode, you can generate complete device or user reports at any time or schedule the reports as needed.
For every IT Admin, security is a top priority in device management. There are a few foolproof methods to keep your Macs secure from ignorant actions or malicious intentions:
Enforce strong passcode policies to secure the corporate data in the Mac. The passcode can be made mandatory and you can set a passcode age so that the passcode is changed frequently.
Configure Firewall settings for creating a barrier between the internal and external networks.
Enhance the internet security of the organization by blacklisting/whitelisting specified websites. Access to the websites can also be blocked on the basis of inappropriate content.
App Store access can be limited according to the user requirement. The access can be limited to admin users, or the users can be limited to just the software updates. The device security can also be increased by restricting features such as Autofill Password or Requesting passwords from nearby devices.
FileVault is Apple’s full-disk encryption program. The disk content is encrypted and the users have to provide a passcode on booting the device to access the data and files. It highly increases device security as it actively prevents unauthorized users from accessing sensitive corporate data. Hexnode provides you with three methods for encrypting your macOS computers:
While being feature-rich, OS X updates also have added security and fixes to the existing vulnerabilities attached to them. With Hexnode, you can schedule the OS updates to ensure that the Mac computer is kept up to date with all the security fixes.
Even with the utmost care, it is possible for a corporate device to be misplaced. In such an event, you can remotely wipe the device with Hexnode Remote Actions to ensure that the sensitive corporate data does not fall into wrong hands.
The quality of a good manager is that the managed do not feel as if they are being managed. Similarly, for good device management, end-user empowerment is a desirable quality. The use of App Catalogs is a good method to provide users with the tools they need in one place. The repetitive and redundant tasks like installing printers can be done from the Web Console itself saving precious time for the employees. Broadcast messaging is yet another feature that allows the IT admins to communicate with the employees in an efficient manner.
Similarly, using a suitable MDM for managing Macs helps the employees as well. For example, with Hexnode, the users have a self-help destination with an intuitive UI for installing the apps from the app catalog. The common IT complaints arising from printer installations and software updates can also be resolved with ease.
Get started with Mac Management for your organization here.