When it comes to employee productivity, few things are as beneficial as allowing each user to choose the tools that work best for them. For IT, this means creating an environment that allows employees to pick their preferred OS platform. When given the choice, many users will choose a Mac.
In order to properly integrate Mac into the enterprise network, IT needs the knowledge to ensure smooth implementation and ongoing support. Mac is not particularly difficult or overly complex to manage; but the processes for provisioning, securing, patching and updating are different compared to the processes associated with other operating systems. Therefore, IT teams do not usually have a solid understanding of how to apply the same deployment and management processes to Mac.
To help make your Mac deployment as smooth as possible, we’re sharing best practices from the WEI team, based on our own experience in managing Mac in the workplace.
1. Understand How Apple Provisioning Works
While provisioning Mac is not overly complex, the process differs significantly from the more traditional imaging process. More specifically, Apple provisioning is done through the Device Enrollment Program, which runs in the cloud and can be accessed through the Apple Business Manager application.
After registering device serial numbers in DEP, IT will enroll the devices in a mobile device management (MDM) tool. The tool allows IT to set up group policy objects (GPO), which includes settings for the configuration profiles of users according to their designated user group. It also indicates which applications users should see on their desktop and their security access settings. This process, while not complex, is often completely foreign to IT teams who have only worked in Windows environments.
The most important benefit of Apple’s process is that, because the MDM installs the applications and the settings to the devices via the Apple cloud, end users can start working without IT ever having to physically touch their Mac during the provisioning process.
2. Deliver Updates to Mac Efficiently
The process for applying security patches and OS updates for Mac is simplified with a free service from Apple called macOS Updates.
For Mac, it can be especially important to test different device configurations to make sure patches and updates won’t break any operating systems and applications in the environment. Specific services to test include the ability to log into email, utilize VPN services, and access files in shared drives. It’s especially important to test when deploying antivirus software, which can sometimes break the OS and cause machines to crash.
To manage the process, it’s best to utilize a dedicated Apple Software Update Server, but an alternative to purchasing it is to manage and test patches on Windows and Linux machines. Open source tools, such as Reposado and Munki, which run on MDM platforms from Jamf and AirWatch, can act just like Apple’s software update mechanisms, allowing IT to push updates to end users the same way they would do so from the update server.
[Featured video]
3 Reasons Why Employees Prefer Apple Devices in the Digital Workplace
3. Secure Mac With Authentication Measures
The primary way to ensure Mac security is two-factor authentication. In addition to requiring user names and passwords, IT can require users to request a code that is sent via a text message that they have to enter to gain access. Alternatively, IT can give users a thumb drive to plug into their devices. Without either the code or the thumb drive, users cannot log in and authenticate their identity.
For user identity services, Active Directory is the primary tool that IT teams will be familiar with. However, Mac can have performance issues when joined directly to it. To simplify the process, IT teams can use tools like Apple Enterprise Connect and Jamf Connected to eliminate the need for local machines to be directly joined to Active Directory, while also tracking account credentials on local machines. This approach simplifies the login process for end users while still giving IT departments the ability to enforce policies, such as requiring users to change passwords every three months.
4. Simplify Support for Mac
Our final best practice tip is the most important: Do everything in your power to simplify technical support for your Mac users. The easier it is for users to get the technical support they need, the easier it will be for IT to deploy and administer Mac. The first step is ensuring that your Mac device users know exactly who to contact when they have issues. This will ensure users can get the help they need quickly and efficiently, reducing the likelihood of security risks or other issues going ignored and speeding along the updating and patching process.
Self-service applications, run by tools from Jamf and Munki that behave similarly to the App Store, can reduce support desk phone calls and tickets. This is due to users having access to already approved and safe applications whenever they need them.
Additionally, the ability to run simple maintenance tasks to fix minor issues will also help users feel empowered and ensure little problems get fixed quickly, instead of sitting in the IT queue.
Are You Ready To Deploy Mac?
Implementing Mac for those employees who consistently request them drives productivity, collaboration and creativity throughout the enterprise. For IT teams, especially those without prior Mac experience, initial deployment can seem complex, but by following the best practices we outlined above, as well as making use of the business tools Apple offers, your users can be up and running in no time.
NEXT STEPS: As an Apple Authorized Reseller, WEI has extensive knowledge of Apple products. Our Apple services are customized to your unique business and always incorporate Apple deployment and management best practices. Learn more by visiting our Apple page or check out our refreshed tech brief, "Five Steps For Digital Workplace Success With Apple."