In today’s digital world, the technology you deploy in the enterprise can make or break the productivity of your business. The blending of work life and home life is becoming more intertwined, and users wants to be able to do the best version of their work on the devices in which they feel most comfortable using. This growing popularity and favoritism of Apple products really isn’t new per se, but there’s been an influx of questions from IT professionals regarding the best strategies for integration and management of , , and in their established IT environment.

We spent some time collecting our thoughts on the critical steps an organization can take to position them for success when offering and managing Apple products across the enterprise, and we hope you will find these tips helpful as you address your own Apple device management strategy.

Questions to ask before integrating Apple products in your enterprise

Let’s start at the top with key questions to ask when initially considering offering Apple as a choice for your business. These questions will be instrumental to the design and/or refinement of your Apple strategy.

1. How tightly integrated do these devices need to be within the organization?
   Your business is unique, as is your IT environment and your IT processes. A marketing agency may require Mac throughout the office and for remote workers, a retailer may be interested in utilizing iPad for store management apps or iPhone for quick checkout and returns, while a healthcare organization may only seek to augment their mobile strategy with iPhone and iPad for more accessible patient care. All these scenarios require a unique approach and discussing them with key stakeholders will be important in determining your requirements.
2. How will the addition of these devices benefit performance and productivity?
   Where are you seeing an abundance of support tickets? Can Mac or other Apple devices circumvent these common issues? In a global survey of those who use , 70% of respondents experienced 2 or fewer issues on their Mac within the last 12 months, and half of those reported zero issues in 12 months.
3. How widely available do Apple devices need to be throughout the enterprise?
   Will only specific employees need to utilize Apple devices, or should they be available to every employee? Are there any unique job requirements that would be better served if the work is done on Mac? Do you manage a distrusted enterprise or large campus? Consider the implications of device use at your branch offices and data center locations.
4. Where and how are users connecting to the network?
   Are all users on-premises or does the enterprise support a large remote workforce? Do most employees connect over wired networks, or is it all about wireless? How many different devices could be connected to the network at the same time by one user? Should some apps get restricted access based on user location or will they require two-factor authentication for access? These questions fuel great conversation that can help you fully understand how your users will connect and their unique requirements.

How important is VPN support? In regulated industries, compliance can be a defining factor in determining which devices gain adoption within the enterprise. That’s why it’s also a good idea to examine the elements of compliance that need to be upheld, and factor them in when creating an Apple deployment strategy.

3 Success Factors for your Enterprise Apple Device Management Strategy

Success with Apple in the enterprise is twofold: you have to keep users happy and productive, as well as the IT team managing and executing the strategy. To ensure your enterprise can effectively utilize Apple, we have shared our top three factors for success below.

1. Prioritize the Most Important Integration Points

   
   

When implementing Apple in the enterprise, it is critical to have a firm plan in place and a deep understanding of the integration points where Apple devices and your enterprise will intersect.

Authentication is one of, if not the most important integration point when implementing Apple in the enterprise. One key method to ensure all technology, including Apple devices, align with your enterprise’s global security and compliance standards is to adopt authentication tools and techniques that accommodate a broad set of use cases while still offering granular access control. This requires the ability to authenticate based on user, device, or application, and to enforce policies for Apple devices whether they are being used on-site, via VPN, or even in airplane mode.

Device provisioning and management is another important integration point and is often an area of challenge for IT organizations due to the sheer volume of devices that must be managed for enterprise-scale businesses. However, there are a number of mobile device management (MDM) solutions that can help simplify the process and help ensure the successful integration and utilization of Apple in the enterprise. , we’ve helped a number of our enterprise customers deploy different MDM solutions that align with their unique business.

2. Consider the Skillsets of Your IT Staff

   
   

When planning your Apple device management strategy, it’s important to consider the impact of the required processes on your IT staff. Depending on the skillsets and workload of your IT team, as well as the scale of your Apple device deployment, you may need to hire specific staff to manage the Apple devices used throughout your enterprise.

A good rule of thumb for staffing is to ensure you have enough capacity to manage Apple devices throughout their entire lifecycles, from the early stages of purchasing and provisioning, to ongoing maintenance and updating.

It’s also critical to consider working directly with an Apple Authorized Reseller that can take on many of the deployment and management aspects, as well as the repeated tasks, so you can free up your staff for more specialized troubleshooting or innovative projects.

3. Plan For Lifecycle Management

   
   

Overall, managing Apple devices is not all that different from Microsoft, Google, or Linux operating systems. However, there are several key differences that can require additional planning when compared to other devices, and lifecycle management is one of them.

The following areas all have minor differences that must be considered when utilizing Apple, and developing a plan for full lifecycle management will set you up for success.

1. Purchasing – The procurement process could be slightly complex for those who do not have experience procuring Apple products for business, and to reduce costs and simplify acquisition, many enterprises work with an Apple Authorized Reseller. Having a specific vendor for Apple can also simplify the institutional ownership process for those devices, as well as the Apple device enrollment process. As an Apple Authorized Reseller since 2012, we highly recommend collaborating with us during the procurement and deployment process. We have tried and true best practices engrained in our processes and we transfer that knowledge directly to your team.
2. Provisioning and Maintenance – In addition to the wide array of third-party MDMs available to simplify the provisioning process, you can also make provisioning a part of the purchasing process and involve your Apple Authorized Reseller in the process. The right partner can take on delivery of all Apple devices and configure their access levels, OS versions, settings, and application sets for the users who will ultimately receive them. Did we mention we can ship them directly to each user complete customized and ready to go right out of the box? We do this regularly for several of our largest enterprise customers, and from what we hear, our customers really appreciate this extra level of care.
3. Secure Repair – This is a subject even those outside IT have experienced. Apple device repair may not be as simple and straightforward as it is for other devices. It’s the security aspect that requires a different level of care. It’s the job of IT to develop and enforce a repair service level agreement that provides the following assurances:
   • A warranty provider of repair services
   • Device lockdown during transport
   • The ability to audit for compliance and enforce custom security measures
   • Secure disposal of components and devices, including wipe clean service
   • Rapid provisioning and delivery for loaner devices during service
   • Stocking replacement devices so they’re ready when needed

[Get the full picture of how WEI can help with Apple in our Service Brief below]

Where are you running into challenges? How can we help?

Despite the unique considerations that must be taken into account when implementing Apple at the enterprise level, it is not nearly as intimidating as it may seem. And once implemented, Apple devices throughout the enterprise. Overall, the key to Apple device implementation success can be summarized in a simple word: planning. And you’ll benefit from partnering with WEI regardless of where you are in your Apple device management strategy. Ask us how we can augment what you’re already doing, increase efficiencies, and reduce operational costs throughout the lifecycle. to start a discussion.

Next Steps: Explore more about Apple! Our eBook is jam-packed with best practices, tips for improving efficiencies, and additional points to consider when planning your Apple or Mac as a Choice program. We invite you to download a copy below and share it with your team.

The post Top 3 Success Factors for Your Enterprise Apple Strategy appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.

Deploying Mac introduces several “new” concepts for how to effectively provision and support the devices. Apple methods are different from traditional methods, such as those used in Windows environments, and therefore must be well-understood.

To help your IT team improve operational processes associated with managing Mac devices, this blog post highlights three tips for a smooth and successful deployment. We’ll also explore the tools and skillsets that can empower IT teams to provision and support the devices securely and efficiently, while delivering the best possible experience for end users.

1. Provisioning New Mac Laptops

An IDG Research poll found that 43% of IT decision makers feel their companies need to improve the efficiency of their Apple device management strategies. (Source IDG Research commissioned by WEI, March 2019) Most IT teams are accustomed to provisioning Windows devices. However, provisioning Mac devices is quite different. In a Windows environment, IT either wipes the devices and lays down a captured OS, or uses a thin-provisioning model. With Apple devices, these methods are not easy to achieve and therefore, not desirable. That’s because modern Macs include security features that can prohibit the devices from booting to network volumes or external drives to initiate an imaging process. In addition, some Mac models may include special drivers to help manage parts of the hardware, which can be difficult to capture in a traditional imaging workflow. While it is possible to work around these security features, it is often a multi-step process that is not considered best practice.

To overcome these issues, Apple provides a process that makes Mac provisioning easier, the Device Enrollment Program (DEP). Devices are registered into the program by the Mac reseller, and the company that purchases the Mac devices can access the program using Apple Business Manager, which runs in the cloud. Through Apple Business Manager, IT can register the serial numbers and enroll the devices in a Mobile Device Management (MDM) tool. In the MDM tool, IT sets up configuration profiles, which include the settings for the device as well as the user according to the designated user group. These settings might indicate, for example, which applications users should see on their desktop. The settings can also help devices auto-connect to a secure Wi-Fi access point and designate the level of security access for each user.

When end users boot their device and connect to the internet, their device serial number is picked up by Apple. Apple Business Manager then redirects the device to the organization’s MDM tool so devices can be enrolled into the MDM and automatically receive their designated applications and configuration settings. This Apple provisioning method uses the operating system that is pre-loaded on the , rather than wiping them clean. Because the MDM installs the applications and the settings to the devices via the Apple cloud, end users can start working immediately without IT having to physically touch their laptop.

If preferred, IT has the option to handle the devices, enroll them, and execute the downloads for applications and configuration profiles on behalf of end users. The IT team can then verify that the configurations work before delivering the devices, and employees can log in to start using their machines right away.

2. Securing Devices and Authenticating Users

For Mac security, two-factor authentication is the primary solution. There are two methods that go beyond requiring people to enter their user names and passwords.

• Sending users a code via text message that they have to enter to gain access
• Giving users a thumb drive that they must plug into their devices

Without either the code or the thumb drive, users cannot log in and authenticate their identity.

For user identity services, Active Directory is the primary tool in Windows environments, and it can also be used for Mac laptops added to the network. IT can bind the Mac devices to Active Directory so people can log into their devices with their local user name and password. This set-up is handy when users need to move back-and-forth from an Apple application and a Windows application, such as Microsoft Outlook, which Mac users may rely on for email. With one set of credentials for both systems, end users can work more efficiently.

However, many companies are moving away from this approach because Mac devices often perform better when not joined to Active Directory. Under certain circumstances, there may be password synchronization issues that prevent users from getting into their systems and doing their jobs. This also causes IT to get involved and spend valuable time resolving the issue.

To eliminate this burden, many IT teams use tools like Apple Enterprise Connect and Jamf Connect (formerly known as NoMAD). Both tools eliminate the need for local machines to be directly joined to Active Directory while also tracking account credentials on local machines. Users can log in with a local account rather than the credentials derived from Active Directory. The tools then synchronize the credentials to Active Directory for identity authentication. Apple Enterprise Connect and Jamf Connect also provide some additional features. As examples, an icon in the menu bar indicates how many days until a password expires to simplify the process for end users, and common network shares can be mounted automatically when the Mac devices are connected to the organization’s internal network.

With these advanced tools, when the credentials are changed, either on the local device or in Active Directory, the tools will synchronize the account again. This approach simplifies the login process for end users while still giving IT departments the ability to enforce policies, such as requiring employees to change passwords every three months.

3. Applying Patches and Updates

For applying security patches, OS updates, and updates for frequently-used applications such as Safari and iTunes, IT teams have the option to leverage a free service that Apple provides called Software Update. All Mac devices are directed to the service by default, which runs in the cloud and automatically notifies end users of any patches and updates they need to apply, and prompts them to execute the downloads.

Apple no longer provides an on-premises software update mechanism, but there are alternative solutions that IT departments can use to manage the Apple catalog of software patches and updates.

Available third-party open source update servers include Reposado and Jamf Software’s NetBoot/SUS Appliance. Both operate on-premises and can function on any OS platform, including Apple, Windows, and Linux, utilizing Python code that runs in the background. IT can utilize an MDM platform, such as and AirWatch, to point all Mac devices to the platform in order to control which updates are published to those devices. Managing updates in this manner comes in handy, for example, when Apple releases a security patch. IT can disable the notifications so end users won’t receive a message each time a patch or update is available for download.

By utilizing an on-premises patch management and update tool, IT can test the patch on different device configurations to make sure it doesn’t break the OS or any of the applications. Once the patch is ready for the machines to install, IT enables the patch through the open source tool. The patch then shows up as available for users to install, and IT can push the patch out through the MDM platform, where users can install it with just a few clicks.

In addition to managing updates, it’s also a good idea to buy extra Apple devices as testing devices. Ideally, IT will want to run machines with hardware specs and software similar to what end users have on their devices. IT can use the test machines to become familiar with user environments, as well as enroll the devices in the MDM platform to test how well the provisioning process and various services work.

Specific services to test include the ability to log into email, utilize VPN services, and access files in shared drives. It’s especially important to test when deploying antivirus software, which can sometimes break the OS and cause machines to have performance issues if not done properly.

Enabling Enterprises to Offer More Choices for End Users

Today’s end users want the freedom to choose when it comes to the desktop environments that they use to do their jobs every day. Increasingly, Mac laptops have been the devices of choice. WEI recommends embracing this trend, while giving your IT team the tools and skills they need to ensure the devices perform at a high level, employees are productive, and digital assets are secure.

If you’re about to bring into your enterprise, or if you’d like to work with a partner who has expertise in managing the devices that are already deployed on your network, we’re here to help. As an Authorized Apple Reseller, We specialize in helping enterprise customers roll out new Mac devices, along with providing ongoing maintenance and support. Many of our customers have already made the transition to a hybrid Windows-Apple environment to improve productivity and enhance the end user experience, and we’re ready to support you as you embark on the same journey.

NEXT STEPS:

Learn more about WEI’s expertise with all things Apple in our Apple Services Brief below.

The post 3 Tips for Deploying Mac Devices in the Enterprise appeared first on IT Solutions Provider - IT Consulting - Technology Solutions.