Apple @ Work is brought to you by Kandji, the MDM solution built exclusively for organizations that run on Apple. Kandji is a modern, cloud-based platform for centrally managing and securing your Mac, iPhone, iPad, and Apple TV devices, saving IT teams countless hours of manual work with features like one-click compliance templates and 150+ pre-built automations, apps, and workflows. Request access.
It’s a new year, so it’s time to put away what was before and start fresh. That applies to our knowledge of Apple’s enterprise and education platforms as well. In January, I am kicking off a new series here on Apple @ Work, getting back to the basics of Apple device management for businesses and schools.
About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Why do you need device management for Apple products?
A device management system in 2021 is required for Apple products if you are using them for your organization. The amount of work that it would take to manage devices individually more than outweighs the costs of purchasing and implementing a device management system.
Consider tasks like App deployment, security configurations, OS updates, and reporting. Without an adequately implemented MDM solution, you’ll have to go to each device individually to make changes or trust that your end-users will be able (and will) accomplish them.
App deployment
While you probably aren’t deploying all of your apps from the Mac App Store on the Mac side, you most definitely are on the iOS side. If you need to force an update to your CRM application for your fleet of devices, MDM will allow you to do that. If your organization is moving to Microsoft 365 and wants everyone to use Outlook for email, an MDM will enable you to install it without any end-user interaction.
OS updates
Sometimes you want devices on the latest version of macOS or iOS, and sometimes you don’t. Apple allows IT administrators to either force update an operating system or delay updates for up to ninety days to test for compatibility with existing systems and workflows.
Configuration profiles
Configuration profiles are how Apple IT administrators make changes to the features that end-users have access to. Have you deployed iPads, but don’t want employees to add accounts to the email app? A configuration profile makes that easy. Do you want to disable the camera on an iPhone you’ve deployed? Even easier. If you deploy iBeacons, you could even disable certain features when in specific locations. An example here would be to turn off an iOS devices’ camera when in a secured area. There are countless examples of using configuration profiles to control macOS functionality and iOS devices.
You can create a single configuration profile that contains all payloads for your organization, but you should consider creating separate profiles based on what you’re trying to do. This setup will ensure that changes made to one profile don’t affect another. Settings that rarely change may include device restrictions, Wi-Fi, security and privacy, email, and calendar. macOS and iOS settings that may change often include VPN, approved certificates, and company Web Clips (intranet, etc.). By keeping them separate, it’s easier to change one thing without breaking another.
What’s next?
Over the next few weeks, I’ll cover the basics of Apple School & Business Manager, Apple device selection, app selection, accessories, and more.