With 91% of enterprise organizations using Macs (Jamf), many IT admins can’t help but ask, can I integrate Macs with Active Directory?
Actually, yes. It is possible to integrate Macs with Active Directory, and there are a few methods for doing so. Past solutions have involved implementing a directory extension, or manually managing the Mac systems in an environment, but these approaches are costly and inefficient. This new approach is a cloud identity bridge that federates AD-bound identities to your Mac systems. You don’t have to worry about adding new infrastructure to deploy and manage, and you leverage your existing Active Directory instance.
Of course, many organizations are considering moving off of Active Directory altogether. For them – and for companies that don’t yet have a directory – getting a fresh started with a unified cloud directory is often the best approach.
In either case, it is in IT’s best interest to gain control over Macs in their environment. But first, let’s take a look at why organizations are in this predicament to begin with.
How Unmanaged Macs became a Reality
In the 1990’s, Tim Howes created LDAP, a lightweight protocol used to authenticate users to resources. In the spirit of LDAP, Microsoft built Active Directory®, a directory service that helps IT admins manage users and resources in their environment. Group Policy Objects (GPO’s) was one of Active Directory’s features that provided IT with optimized control over the systems in their environment. GPO’s made it possible for IT to remotely and securely control Windows systems and it worked great as long as IT organizations used Microsoft resources.
In the mid 2000’s, the workplace started seeing an increase in Mac and Linux use. Microsoft wasn’t too excited about these new non-Windows systems taking over their monopoly, so they made it challenging to integrate Mac and Linux systems with AD. Directory extensions and manual management surfaced as two approaches some IT admins took to managing Macs in their environment. Many have opted for no management at all due to the cost and time sink that came with both options.
So, now let’s take a look at why unmanaged Macs in an IT environment are a bad idea.
Unmanaged Macs Create Unmanaged Users
An uncontrolled system in an environment, affects IT’s ability to properly manage users. IT will not know for certain whether or not a Mac user is following company policies when it comes to passwords and acceptable applications. IT will have a difficult time enforcing system updates and the use of antivirus software. When it comes time to deprovision that user from company resources, IT will never know for certain whether or not they successfully revoked access to all of the company assets the user had access to. Unmanaged Mac users create major vulnerabilities within your infrastructure, and it doesn’t get any less frightening when it comes to the actual unmanaged system.
Problems with Unmanaged Mac Systems
If a Mac system is lost or stolen, there is no way to revoke permissions to that machine or revoke access to the information that is on the machine. If a cyberattack is wreaking havoc and IT has a patch to roll out, they would need to go to each Mac in their environment and carry out that execution manually. In addition to being a security risk, unmanaged Macs create hurdles when it comes to IT supporting their end users. When the system decides to malfunction, or the user forgets their password, the process to troubleshoot these issues can become time consuming.
Integrate Macs with a Cloud Identity Bridge
Recently, a new approach has emerged that shifts the problem to a third-party SaaS vendor. Called AD Bridge, this technology enables organizations with AD to extend their credentials to Mac systems, Linux servers, AWS, Google Cloud Platform, and much more.
If you’d like to learn more about how AD Bridge works, consider watching this whiteboard video which can also be found above. We hope to hear from you if you’re interested in learning more about how your organization can integrate Macs with AD by leveraging AD Bridge. In the office or from a coffee shop, users can finally easily access all of the IT resources they need using Mac, Linux, and Windows systems. For IT, peace of mind is finally attainable as their IT environment becomes optimized for the modern workplace. They can finally achieve centralized user and system management in their organization.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud