<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=446209&amp;fmt=gif">

4 Best Practices for Deploying Mac in the Workplace

  David Fafel     Aug 13, 2020

MacbookPro-smallWhen it comes to employee productivity, few things are as beneficial as allowing each user to choose the tools that work best for them. For IT, this means creating an environment that allows employees to pick their preferred OS platform. When given the choice, many users will choose a Mac.

In order to properly integrate Mac into the enterprise network, IT needs the knowledge to ensure smooth implementation and ongoing support. Mac is not particularly difficult or overly complex to manage; but the processes for provisioning, securing, patching and updating are different compared to the processes associated with other operating systems. Therefore, IT teams do not usually have a solid understanding of how to apply the same deployment and management processes to Mac.

To help make your Mac deployment as smooth as possible, we’re sharing best practices from the WEI team, based on our own experience in managing Mac in the workplace.

1. Understand How Apple Provisioning Works

While provisioning Mac is not overly complex, the process differs significantly from the more traditional imaging process. More specifically, Apple provisioning is done through the Device Enrollment Program, which runs in the cloud and can be accessed through the Apple Business Manager application.

After registering device serial numbers in DEP, IT will enroll the devices in a mobile device management (MDM) tool. The tool allows IT to set up group policy objects (GPO), which includes settings for the configuration profiles of users according to their designated user group. It also indicates which applications users should see on their desktop and their security access settings. This process, while not complex, is often completely foreign to IT teams who have only worked in Windows environments.

The most important benefit of Apple’s process is that, because the MDM installs the applications and the settings to the devices via the Apple cloud, end users can start working without IT ever having to physically touch their Mac during the provisioning process.

2. Deliver Updates to Mac Efficiently

The process for applying security patches and OS updates for Mac is simplified with a free service from Apple called macOS Updates.

For Mac, it can be especially important to test different device configurations to make sure patches and updates won’t break any operating systems and applications in the environment. Specific services to test include the ability to log into email, utilize VPN services, and access files in shared drives. It’s especially important to test when deploying antivirus software, which can sometimes break the OS and cause machines to crash.

To manage the process, it’s best to utilize a dedicated Apple Software Update Server, but an alternative to purchasing it is to manage and test patches on Windows and Linux machines. Open source tools, such as Reposado and Munki, which run on MDM platforms from Jamf and AirWatch, can act just like Apple’s software update mechanisms, allowing IT to push updates to end users the same way they would do so from the update server.

[Featured  video]

3 Reasons Why Employees Prefer Apple Devices in the Digital Workplace

3. Secure Mac With Authentication Measures

The primary way to ensure Mac security is two-factor authentication. In addition to requiring user names and passwords, IT can require users to request a code that is sent via a text message that they have to enter to gain access. Alternatively, IT can give users a thumb drive to plug into their devices. Without either the code or the thumb drive, users cannot log in and authenticate their identity.

For user identity services, Active Directory is the primary tool that IT teams will be familiar with. However, Mac can have performance issues when joined directly to it. To simplify the process, IT teams can use tools like Apple Enterprise Connect and Jamf Connected to eliminate the need for local machines to be directly joined to Active Directory, while also tracking account credentials on local machines. This approach simplifies the login process for end users while still giving IT departments the ability to enforce policies, such as requiring users to change passwords every three months.

4. Simplify Support for Mac

Our final best practice tip is the most important: Do everything in your power to simplify technical support for your Mac users. The easier it is for users to get the technical support they need, the easier it will be for IT to deploy and administer Mac. The first step is ensuring that your Mac device users know exactly who to contact when they have issues. This will ensure users can get the help they need quickly and efficiently, reducing the likelihood of security risks or other issues going ignored and speeding along the updating and patching process.

Self-service applications, run by tools from Jamf and Munki that behave similarly to the App Store, can reduce support desk phone calls and tickets. This is due to users having access to already approved and safe applications whenever they need them.

Additionally, the ability to run simple maintenance tasks to fix minor issues will also help users feel empowered and ensure little problems get fixed quickly, instead of sitting in the IT queue.

Are You Ready To Deploy Mac?

Implementing Mac for those employees who consistently request them drives productivity, collaboration and creativity throughout the enterprise. For IT teams, especially those without prior Mac experience, initial deployment can seem complex, but by following the best practices we outlined above, as well as making use of the business tools Apple offers, your users can be up and running in no time.

NEXT STEPS: As an Apple Authorized Reseller, WEI has extensive knowledge of Apple products. Our Apple services are customized to your unique business and always incorporate Apple deployment and management best practices. Learn more by visiting our Apple page or check out our refreshed tech brief, "Five Steps For Digital Workplace Success With Apple."

Download Now

Tags  apple Apple Devices Apple Business Manager data protection Apple Authorized Reseller

David Fafel

Written by David Fafel

David Fafel, Chief Architect, leads WEI’s long-term technology vision, and is responsible for spearheading development of complex solutions, architecture, as well as application development. David engages with our clients to drive technology design across datacenter environments, cloud architecture and IT strategy. David holds several technical certifications from HP, Cisco, IBM and other leading technology innovators.

About WEI

WEI is an innovative, full service, customer-centric IT solutions provider. We're passionate about solving your technology challenges and we develop custom technology solutions that drive real business outcomes.

Subscribe to WEI's Tech Exchange Blog


see all
Contact Us