In the keynote session at WWDC 2014, Apple’s Senior Vice President of Software Engineering Craig Federighi called iOS “a huge hit in the enterprise,” noting the breadth of iOS-tailored enterprise apps, as well as enterprise manageability features Apple has added to the operating system over the years. Federighi also noted the new productivity features that would make Mac OS X Yosemite an appealing desktop platform for enterprise users.
As Federighi noted, 98 percent of Fortune 500 companies are already using iOS, and Apple has steadily rolled out features aimed squarely at the enterprise market in both operating systems over the last few years. The latest Apple software updates, iOS 8 and Mac OS X Yosemite, introduced new features that simplify both enterprise use and management.
New continuity features enable users to switch freely between Apple devices, picking up on one device where they left off on another. To enable a seamless user experience, Apple is establishing continuity both between its hardware and software and between its Mac OS X and iOS operating systems.
Device and OS convergence can also help simplify the management process for IT. Apple began aligning management profiles in Mac and iOS software more than two years ago so that Macs could be managed alongside iOS devices with mobile device management (MDM). According to Nielsen, people now spend more time in front of their mobile devices than their desktops or laptops. And people are more likely to own multiple mobile devices than computers. Apple has in part driven this trend, and each subsequent OS update has delivered additional MDM controls.
Along the same timeline, AirWatch has added enhancements to the AirWatch Mac Management solution, enabling IT departments to streamline device management in a single console. IT is beginning to see mobile devices and legacy Macs as a single set of endpoints to secure, manage and enable with access to enterprise resources. This unified view of all devices will help IT departments streamline processes and prepare for the future.
Traditional Mac Management
Historically in the enterprise, Macs have been managed separately from iOS devices in separate consoles, sometimes by different groups within IT. Traditional domain-joined management poses several problems for today’s modern enterprise:
- It makes managing the desktops and laptops of remote workers impossible unless they physically come on site
- It can cause fragmentation and inconsistencies across different platforms, which is problematic for BYOD
- It is much more difficult to separate work and personal data with these systems, and because of that, employees may resist subjecting their personal laptops to domain-joined management
- With the advent of mobile device management, enterprises are now having to manage parallel device environments in separate software systems, and users do not have a seamless experience across devices
EMM for Mac Management
Managing Macs like mobile devices means they can be configured over the air, without ever having to be domain-joined. That’s a major plus for global organizations, remote workers and companies who use contractors or freelancers. Unifying parallel device environments enables streamlined oversight, management and distribution of content across Macs and iOS devices.
With AirWatch EMM, IT can implement a BYOD program and policy for all device types, ensuring personal information remains private. IT has a consistent management experience for all device types and operating systems, enabling a single-pane-of-glass view of all endpoints in an enterprise.
AirWatch supports Mac OS versions 10.7 (Lion), 10.8 (Mountain Lion), 10.9 (Mavericks) and 10.10 (Yosemite), and all devices running those operating system versions, including MacBook Air, MacBook Pro, Mac mini, iMac and Mac Pro.
AirWatch Mac Management provides enterprises with the following capabilities:
Configuration Management: Configuration management, or provisioning, provides a way to build a task automation flow including multiple files and scripts. AirWatch allows enterprises to provision custom products to distribute apps, create and modify files, run scripts and perform commands. Administrators can configure software update source, execute remote scripts and complex packages and manage VMware Fusion enterprise license keys. Products can be configured to deploy automatically during enrollment or on-demand. The same configuration can be deployed in bulk to all devices, or administrators can create a dynamic configuration based on directory service and domain memberships.
Apple Device Enrollment Program Support: Through integration with Apple DEP, AirWatch users can unbox a new mac, turn it on and have it enrolled automatically. Security policies and user configurations are installed automatically over the air, based on configurations the administrator has pre-set.
Remote Management: Managing Mac OS X devices from the cloud allows for the devices to be treated truly as mobile devices, helping free IT from the old desktop management model. When all devices are treated equally and managed from the cloud, IT can approach security and management with consistency, regardless of the endpoint, and maintain a single-pane-of-glass view of all devices, whether they are running OS X or iOS.
Remote Assistance: Administrators can provide remote support to end users through the AirWatch console. Capabilities include sending users push notification, remote screen lock, device query, remote access to file system logs and configuration files, remote device lock and remote device wipe.
Streamlined BYOD: AirWatch Mac Management streamlines enrollment and policies for BYOD deployments. Administrators can treat Mac OS X devices just like they would mobile devices, managing only corporate data and leaving end-user privacy intact. Unlike traditional domain-joined management systems, IT can ensure that no personal information is collected.
Content Synchronization: To enable secure content collaboration between devices, users can share content through personal folders in the self-service portal from their Mac. These folders are synched with and can be accessed through the AirWatch Secure Content Locker application on the user’s smartphone or tablet. The desktop client, AirWatch Secure Content Locker Sync, allows users to drag and drop files directly from their Mac into the application, ensuring they have the most up-to-date version of content on all their devices.
Comprehensive Endpoint Protection: In addition to requiring a passcode, administrators can configure certificate authentication on Macs for an added layer of security. AirWatch directly integrates with certificate authorities and automatically distributes certificates to devices without user interaction. From the AirWatch console, administrators can see installed, expiring and revoked certificates through the certificate management dashboard. Administrators can also configure restrictions to prevent user actions on the device, including access to applications, system preferences, the App Store and device sharing. The AirWatch compliance engine monitors for non-compliance. When non-compliance is detected, the engine triggers escalating actions that have been pre-set by an administrator.
Streamlined App Distribution and Management: Administrators can upload and deploy enterprise applications to laptops with defined app descriptions, images and categories in the AirWatch App Catalog. Apps can be distributed using dynamic smart groups and removed when a user unenrolls a device.
Within the AirWatch App Catalog, users can view, browse, search for and install public, internal, recommended and web applications. The web-based catalog is unified across device types, making it easy for users to get the apps they need on all of their devices.
UEM, EMM and the Future
Using a mobile paradigm for management of all devices will help enterprises prepare for the post-PC era, in which computing will be increasingly defined by mobile devices. Adopting a device-agnostic solution will ensure your enterprise is prepared to secure and manage other devices and operating systems, should the need arise. Administrators can prepare for a future of unified endpoint management that includes not only mobile and desktop operating systems, but also wearables and connected objects, by adopting a device and OS-agnostic solution that can scale to meet the increasingly mobile needs of today’s modern enterprise.