Apple @ Work is brought to you by Mosyle, the leader in modern mobile device management (MDM) and security for Apple enterprise and education customers. Over 22,000 organizations leverage Mosyle solutions to automate the management and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
In the final week of my series of looking at some of the critical decisions that Apple has made in the design of its enterprise programs, I want to explore how Apple implemented mobile device management, and why it strikes the balance of not interfering with employees doing their jobs while giving IT the controls they need to secure employees’ devices.
About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
As I’ve mentioned multiple times in this series when employees find out their devices will become “managed,” their first thought is, “Great, now my Mac will be slow.” Thankfully, Apple has designed mobile device management in a way where it natively integrates with the devices.
Apple configuration profiles
At the heart of Apple’s MDM integration are configuration profiles. Apple’s configuration profiles are XML files containing payloads, and payloads manage specific settings on Macs, iOS, and tvOS devices. A configuration profile can control more than one setting, and an Apple device can have more than one configuration profile installed at a time. If a profile has a competing setting, the most restrictive will be enforced.
If you want to get a deeper understanding of configuration profiles without setting up an MDM, you can read more about Apple Configurator and even try installing a few profiles on a spare iOS devices.
If you spend some time installing profiles to see how they impact usability, you’ll find that outside of not being able to access settings or apps that have been disabled, it’s still a great Apple experience. There is no slowdown and no performance hit from having these profiles installed.
Why Apple’s approach to MDM matters
Apple’s approach to MDM matters to everyone involved because it preserves the Mac experience, regardless of which vendor your IT department uses.
Post-macOS Big Sur, there is no way to manage Macs without using Apple’s MDM APIs. This means that any Mac being managed running macOS Big Sur is using the methods blessed by Apple as best practices.
For end users, this design means that they can be using a Mac that is forced to use FileVault 2, a security program using Apple’s Endpoint Protection API, and be enrolled in mobile device management and never know it from a performance aspect. If you think about technology like FileVault 2, you realize that Apple has brought enterprise-grade technology to consumers (any Mac can and should enable FileVault 2) to consumers. Apple doesn’t sell business-specific SKUs of its software. Anything that has to work for consumers has to work for enterprise customers and vice versa.
Apple has brought enterprise-grade security to consumers and consumer-grade experiences to the enterprise.
Apple’s design for MDM means ultimately means that consumers get to enjoy the Apple experience with their devices. In contrast, IT gets to put the controls in place that meet their regulatory and compliance needs. So it’s the best of both worlds. Apple has brought enterprise-grade security to consumers and consumer-grade experiences to the enterprise.
Photo: Slim Emcee/Unsplash