Apple@Work is brought to you by VMware Workspace ONE, a true Unified Endpoint Management platform that manages all device types on all platforms across all use cases, including macOS and iOS. Try for free.
A few weeks ago, I took a look at what I believed Apple would do with FleetSmith long term, and how other MDM vendors shouldn’t be concerned about Apple offering a free solution because 2021 Apple would love a recurring subscription from enterprise customers. I have heard Apple is completely retooling its MDM APIs, and this acquisition may be part of it. So what does Apple needs to do with MDM in the future to better compete with Google Chromebooks in K–12 and Windows in the enterprise? Let’s dive in!
About Apple @ Work: Bradley Chambers has been managing an enterprise IT network since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Table of contents
Instant policy push
One of Apple’s current MDM implementation challenges is that when you push changes, it’s not always instant. Sometimes it is, but sometimes it’s not. With ChromeOS, devices are meant to be connected to the internet, so they always listen out for Google’s new changes. iOS and macOS devices, while work offline, are generally always going to be online in an enterprise setting.
I’ve been asking for IAP support in enterprise environments for some time, but I will keep asking until it comes. As more apps move to subscriptions and another IAP unlocks, it’s going to be important for Apple to figure out a way for schools and businesses to take advantage of it.
I envision IAP with Volume Purchase Program working where an organization would either buy a set number of subscriptions or IAP type. Then, there would be a way for MDMs to assign the IAP/subscription to a device like they do an application. We already have “device-based app assignment,” so the technology is there to extend to IAP. When a user went to upgrade, they’d find the device would purchase history and restore the functionality.
Built-in Remote Support
In a world where employees are all working remotely, an official API for remote support through Apple’s MDM would be great. Several vendors are offering their own flavor of remote desktop support for Apple. Still, I’d love to see Apple take their existing remote desktop technology and integrate it tightly into its MDM API to be an easy way for all organizations to have remote access. Still, users would have a clear understanding of when/where someone from their IT department could connect remotely. Apple has already built the building block of this with their new support of remote Apple Classroom management for schools.
For supervised iOS devices, I could see an option to always allow remote connections without any interaction by the end-user if a device was in a kiosk-type situation. For macOS, there should be more granular controls to protect the privacy of the end-user. Apple could implement an alert that would pop up that would say something to the effect of “Your company’s IT department is requesting remote access to your Mac, would you like to approve the connection?” Apple should implement technology that would disable all webcams and microphones, but also hide all personal data that is stored in iCloud like:
- iCloud Photos
- Desktop Wallpaper
- Files in iCloud Drive
- Non-Corporate Email
Wrap up on the future of Apple’s MDM APIs
Apple’s decision to build APIs for their MDM protocol has empowered many great businesses that all offer unique solutions. Companies like Jamf, JumpCloud, Addigy, Kandji, Mosyle, and others all have unique takes on the best way to manage Apple devices, so the future is bright for enterprise customer who deploys and manage Apple devices, and as long as the APIs continue to advance, it’ll become an even better enterprise device.
Apple@Work is brought to you by VMware Workspace ONE, a true Unified Endpoint Management platform that gives you the tools to manage the entire macOS and iOS lifecycle. You can dramatically improve the Employee Experience by deploying Macs over-the-air with Workspace ONE and Apple Business Manager, resulting in zero touch for IT. Try for free.