Over the past few years Apple has made significant changes in the basic security posture of macOS. With macOS Big Sur in 2020 and now even more so with Monterey in 2021, Apple is shifting to a security model which requires your business to have an MDM platform in order to manage your fleet.
MDM is Mobile Device Management. A cloud-based tool which provides IT admins with robust tools to manage computers anywhere they happen to be, and helps protect and track your business hardware and software investments.
Apple has built a new security paradigm which requires a new(ish) type of subscription service called MDM. Cost is about $1-$3 p/device p/month depending on features. The good news is that the platform provides IT with capabilities to manage settings, applications, licenses, and more, remotely over the internet. The cost of setup and ongoing subscription will be counterbalanced with the increased security features and the robust IT capabilities, bringing down labor cost for management and maintenance of your computers.
To clarify, in our opinion, it’s no longer an option. Why? Because if you don’t have it in place, then working with Monterey and the new Apple Silicone computers will be a manual and time consuming process, and they will be less secure. So technically it’s still an option, but we think the alternative is so impractical that it’s not really an option for any business these days. In other words, after using the carrot method for many years to encourage the use of MDM, Apple has now implemented the stick.
Anyone who has been running macOS Catalina or newer is familiar with security prompts telling you that some application would like to access your Camera or your Downloads folder. Behind these prompts is a much larger paradigm shift of individual applications requiring specific permissions sets before they can access different parts of your operating system. Some of these cannot be managed by requiring end user prompts, and now must be managed using a pre-approval process only available via an MDM tool. The alternative is a scenario where end users must be administrators on their computers, and be capable of shutting down the machine to boot into recovery mode, and manually choose to downgrade the security of the operating system. This is not only inconvenient, it introduces larger security risks.
When combined with Apple Business Manager, a free cloud tool Apple provides for its business customers, MDM creates a relationship of trust and ownership of Apple devices. This combination of platforms not only protects your investment as a business owner but should bring down the total cost of ownership on your Apple products. IT management and inventory tracking are streamlined, and support costs will be reduced due to the convenience MDM tools provide.
MDM is a “swiss army knife” tool and every organization will have different uses for it. As a platform, it allows administrators to automate actions on behalf of your staff resulting in less downtime, less confusion about security prompts (i.e. Should this app should be allowed to access my Documents folder??) and allows you to purchase and deploy apps through the App Store automatically. IT can setup apps, printers, and scripts to be installed with one-click by end users, even if they aren’t administrators on their computers. These are all things we used to have easy access to do when the computers were on your network, at your office. With remote and hybrid workforces these days, our previous tools and methods are no longer an option.
While Apple has been moving very fast to implement this new paradigm, not all software vendors have been able to keep up. Many core business applications like anti-virus, VPN clients, and Network monitoring software, among others, will require MDM payloads in order to properly function on newer hardware.
Apple has been signaling for years that this time is coming, and many vendors have entered the market to provide tools which integrate with Apple’s new MDM protocol. While the industry is pushing you in this direction, the good news is that the cost of the tools will be outweighed by the features and convenience which they provide. It’s time to let the momentum take you along before you have to play catch up.