The huge growth in remote and hybrid working following the COVID-19 pandemic, together with the increasing use of Apple devices in the enterprise environment, created something of a headache for IT systems managers. They needed a way to be able to manage Apple devices in use by employees and incorporate them in company systems for security, network access, and software use that didn’t involve lots of different tools. Apple Enterprise Management is one solution to that problem.
The developer of Apple Enterprise Management, Jamf, describes it as filling ‘the gap between what Apple offers and the enterprise requires.’ It allows companies to integrate Mac users and users of other Apple devices into company single-sign-on and multifactor authentication systems, provide for operating system updates, and deploy VPN configurations.
Devices can be deployed to new starters with what’s called a ‘zero-touch’ approach, meaning everything can be done remotely. Setup is automated and can be integrated with existing Apple programs like Apple Business Manager and Apple School Manager.
Employees can be provided with a company-branded self-service app that allows them to install and update approved software applications and services. Other management tools include a password change tool. App Store apps can be deployed by the company directly to employees, and licenses can be reassigned when necessary. Custom apps and software packages make it relatively simple to deploy and update groups of applications.
Apple Enterprise Management allows companies to use hardware, software, and security data to manage inventories and keep an eye on devices so that operating system updates and other essential upgrades can be deployed. It’s also integrated with the Jamf Marketplace, which features tools for system management and security from third-party developers.
Security
Device security is a huge issue for systems managers, especially where employees are accessing networks from their homes or other remote locations. To that end, Apple Enterprise Management has several features that are specific to Apple devices. For example, it detects, prevents, and deals with malware and attacks that specifically target Apple devices but doesn’t inconvenience users by checking for or protecting against attacks that target Windows.
It also implements Apple security features like enforcing encryption on macOS and passcodes on iOS and iPad OS. It enforces File Vault encryption on Macs, restricts the installation of malicious software, and applies security patches automatically.
Systems managers can monitor devices and are able to see which deployed devices don’t comply with company policy.
Zero-touch
One of the key features of any enterprise management system is the ability to deploy devices to new starters or new devices to existing employees remotely without any intervention from support staff. This is known as ‘zero-touch’ deployment. Apple Enterprise Management is designed to provide that. When a device is sent out to a user, they open the box, connect it to the internet, and follow the instructions on the screen. Everything else is automated, and any software not already installed can be downloaded via a self-service app preinstalled on the Mac. Once the device is connected to the company VPN, systems support staff are able to monitor it on the network.
Identity and multifactor authentication
Apple Enterprise Management allows users to sign into company networks, content management systems, and other software tools using a single username and password. Integration with Microsoft tools like Authenticator means that users can authenticate access using a passcode, TouchID, or Face ID on a second device. Users are given reminders using macOS notifications when it’s time to change passwords, and when they do that using a custom app, the password change is rolled out across all company systems.
Integration with other services
One of the strengths of Apple Enterprise Management is the way it integrates with other services. These include Cisco VPN clients, Tableau, Salesforce, and Microsoft tools like Sharepoint.
Self-service
Most IT departments don’t want to have to take calls whenever a user needs to install a printer driver or configure a content management system. Apple Enterprise Management allows for drivers and settings to be included in a self-service app so that users just double-click an icon, and the drivers are installed or the correct settings configured. For users, it involves waiting for help from a busy support team. The self-service app can also host approved applications that users can install, and these applications can be grouped according to team so that, for example, only those working in sales have access to Salesforce or only those working in data visualization can install Tableau.
Inventory management
Keeping track of the software that’s installed on every device in an organization is tricky. Add to that the need to monitor the security status of each device, and it’s a huge job. Apple Enterprise Management’s inventory tools allow you to see the hardware specifications of each device, the software and version numbers installed, the security status, and its managed status. As well as monitoring potential security issues, that data allows organizations to see which applications and licenses are being widely used and which may not be needed. It also allows managers to see the age of each device in use and plan for future upgrades.
Summary
Apple Enterprise Management is a widely used tool for deploying and managing Apple devices like Macs, iPhones, and iPads in large organizations. It can be integrated with Apple Business Manager or Apple School Manager, as well as with tools from companies like Cisco, Google, and Microsoft. Support staff can configure a device and have it shipped to users so that when the user opens it, no help from IT support is needed to get it connected to company networks. A self-service app allows users to install the apps and services they need and that are approved for them, and inventory tools allow management to see the status of each device that has been deployed.