Apple has made huge inroads with Macs over the last decade. Mac laptops and desktops have become a popular choice across organizations of all sizes in what was once a market dominated by Microsoft® Windows® systems. However, while Macs have become a common sight in the modern office, Microsoft Active Directory® (AD) has remained the identity provider.
Managing Macs with Active Directory presents a number of challenges. The most imposing being the fact that Microsoft never designed AD to support Macs in the same way as Windows, nor are they all that interested to do so. As the IT world shifts away from Windows to macOS and Linux, a lot of IT admins are asking what are the best practices for integrating Macs with Active Directory.
Mac Management with Active Directory Falls Short
IT organizations have traditionally leveraged AD as their identity provider as well as their choice for managing Windows devices. AD offers a number of user and device management capabilities as an identity provider for Windows users and systems. However, the majority of these management capabilities are not available for Mac (or Linux). This presents a few major issues for IT admins.
The first issue is the lack of full control and management for macOS users. In large part, user management capabilities are limited to user authentication and password management. That means admins often have to implement third party add-ons to have the same level of control for Mac systems as they do for Windows endpoints in a pure AD environment. This not only adds a lot of complexity to user management, but also substantial added costs.
The other issue is the lack of device management capabilities for macOS systems. For example, one of the most powerful is AD’s Group Policy feature. Group Policy refers to a device management feature that enables IT admins to deploy commands and scripts in the form of policy documents that apply their settings to the computers and users within their control. (Technet) Microsoft calls these commands and scripts Group Policy Objects (GPOs).
While GPOs are certainly powerful tools, their (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/best-practices-integrating-macs-active-directory/