Three Ways to Manage Macs in a Business Environment

Posted on | In
  |   Words count in article 732

While Macs are less common than Windows PCs, they have successfully entered the IT landscape of many enterprises. IT teams need to find solutions that integrate Macs with existing Windows Active Directory (AD) domains and determine the necessary tools or systems. Deciding how to integrate Macs into a Windows infrastructure is no simple task. Organisations need to clarify the number of Macs requiring support and the type of access required for existing tools and systems.

Compared to Windows PCs, many employees prefer Macs. With the influx of iOS devices into businesses and Apple’s promise of seamless integration, the reality can often lead to unexpected challenges. Despite this, Macs maintain a place in predominantly Windows environments. Balancing support for Macs with protecting corporate assets and maintaining resource control, IT teams can achieve integration through three main approaches:

  1. Integrating Macs into the AD domain using existing tools.
  2. Using dedicated tools to manage Macs within the AD domain.
  3. Managing Macs as standalone mobile devices.

Three Ways to Manage Macs in a Business Environment

Integrating Macs into the AD Domain

Many IT administrators prefer seamlessly adding Macs to the AD environment alongside Windows desktops. To some extent, macOS supports this method, as Mac desktops and laptops include the necessary client components and standard directory services to join an AD domain.

The process of binding a Mac to the domain is relatively straightforward, provided users have the required computer access and domain credentials. When a Mac joins the domain, Windows Server automatically creates a computer object in AD (unless one already exists), just like a Windows desktop.

The latest versions of macOS make Apple devices easier to integrate, as macOS supports Microsoft System Center Configuration Manager (SCCM) and Exchange ActiveSync. SCCM now supports macOS 10.10 (Yosemite) and newer versions. However, Macs are not Windows desktops, and most management products are designed for Windows PCs. This can lead to compatibility issues. One way to mitigate these issues is by extending the AD schema to better accommodate Macs. However, this requires development resources and technical expertise, which can be challenging for organisations with limited Mac users.

Fortunately, administrators can enhance existing tools by leveraging macOS commands. These commands allow IT teams to configure idle screen lock times, language settings, and disable autocorrection, among other functions.

Using AD with Third-Party Tools

Although AD and macOS commands simplify integration, many administrators find it easier to use additional tools for management. For example:

  • Macs can be joined to an AD domain, while Apple Remote Desktop is used to send commands to Mac clients.
  • Alternatively, organisations can deploy macOS Server to manage Macs using Apple’s Profile Manager. This approach requires setting up an Open Directory domain alongside AD, allowing remote management. AD retains control over Windows and Open Directory/OS X servers, facilitating seamless communication between the two environments for shared files and printing services.

If this approach proves challenging, consider third-party solutions like Centrify User Suite (Mac edition). Centrify allows IT teams to manage Macs using AD authentication infrastructure for centralised management, policy enforcement, and single sign-on.

Another popular option is JAMF Software’s Casper Suite, a comprehensive endpoint management product that integrates with AD and Open Directory. Casper Suite supports every stage of the Mac management lifecycle, including device enrolment, software distribution, asset inventory, updates, and security settings.

Using Microsoft tools to integrate Macs with AD is not the only option. Often, the most effective way to manage Macs is to treat them as Unix systems rather than Windows desktops. Outside of integration with existing infrastructure, Macs can be treated as a standalone device type.

Managing Macs as Mobile Devices

Since macOS 7, Apple has adopted a Mobile Device Management (MDM) model, replacing traditional directory services. This allows administrators to manage Macs, iOS, and Android devices using the same tools.

For example, macOS enables administrators to query a Mac’s iTunes account to check if the associated Apple ID has changed—similar to iOS device management. This ensures resources such as apps and books purchased through Apple’s Volume Purchasing Program are assigned to the correct user.

Apple’s modern MDM framework also allows administrators to:

  • Initiate AirPlay sessions on managed devices.
  • Push enterprise apps and eBooks to Macs.
  • Take advantage of macOS Server’s enhanced platform capabilities for MDM.

Users can register their Macs, and vendors can use an expanding array of application programming interfaces (APIs) to support third-party security and management solutions.

By leveraging MDM, organisations can effectively manage Macs alongside other devices while maintaining security and operational efficiency.