Managing MacOS or iOS updates doesn't have to be difficult to standardize alongside your existing processes.
For many years, security has followed the path of vulnerability: namely, it has focused on PCs. With the rise of Mac and mobile malware, many organizations find themselves unprepared to anticipate or deploy MacOS and iOS patches or manage an ecosystem made up of multiple device types and operating systems. These devices may not be “new” to organizations, but there is a need now to play catch up on management and security.
As Jon Towles points out in a recent article, the primary challenges for IT admins starting to manage Mac are workflow related - both for IT admins as well as for end users. IT admins need to be more aware of what is coming in each macOS patch and how these changes could impact user experience. While awareness is important, at FileWave we don’t believe that IT admins should need to reinvent the wheel with each new update or technology shift. There are tools that can future-proof your processes and help smooth the transition of patches and updates for end users.
Future Proof IT Processes
When we see articles asking, “How can you deal with the new _____” of any new OS update, we say - yes you can! It’s easy to get lost in the details and wonder if you’re prepared.
With the release of macOS High Sierra, we saw a shift away from monolithic imaging toward OS installer-based firmware updates and a new Apple File System (APFS) shared by all iOS, macOS, watchOS, and tvOS systems. More recently, macOS Mojave included new enhancements to DEP and configuration profiles as well as greater security and privacy controls.
For many organizations dealing with Apple management for the first time, there was a steep learning curve involved with these changes. Perhaps Apple devices were being handled independent of PC devices, or under one or more siloed management products. IT admins had to know a lot and prepare for these shifts - but much of this confusion could have been avoided by leveraging a unified endpoint management solution such as FileWave.
When High Sierra was released, FileWave customers experienced a seamless transition to Apple DEP, since all of that integration took place on the back end. For our customers, it was business as usual - one unified, intuitive platform to manage all computers and mobile devices.
In the most recent updates, Apple has reflected the need for unified endpoint management (UEM) and greater flexibility over managing and securing Apple devices. But the reality is, organizations are not Apply-only environments - they are are instead a complex and ever-changing mix of new and legacy operating systems. You need a UEM solution that is truly “unified”, beyond device, OS, and even new vs legacy environments.
Improving the End User Experience
While every new update will have potential impacts on UX behaviors, one of the challenges in Apple management has been with user expectations. Going many years without oversight, some organizations find that users are hesitant about the idea of endpoint management or data security being added to their devices. Thankfully, today’s endpoint management can be quite a hands-off process, with zero touch deployments and background patching to minimize impact on end user productivity.
There are some instances where new updates will have a significant impact on end user workflows that need to be managed. For example, the update to Mojave triggered authorization prompts for third-party applications to continue to run, which caused a number of IT headaches for organizations managing Apple devices without the support of an endpoint management solution. Within endpoint management solutions, organizations were able to manage these authorizations on the IT side, improving the end user experience.
In many ways, managing Apple devices is exactly the same as managing PCs - particularly if you are leveraging the common interface of a unified endpoint management platform such as FileWave. Indeed, many IT admins quickly realize that some of the ‘differences’ between managing macOS and PC devices are actually improvements, such as leveraging Apple’s DEP zero-touch deployment to build settings, configurations, restrictions, and personalizations directly into the out-of-box experience for macOS computers.