macOS Catalina Policies

By Cassa Niedringhaus Posted November 19, 2019

macOS Catalina Policies

Macs® have been making huge inroads into enterprise organizations, so it’s critical for IT admins to be able to manage them.

The rise in Mac use for business is due to multiple factors, including improved hardware, SaaS-based software, and the tight integration between iPhones®, iPads®, and Mac systems. In fact, AppleInsider reported that 100% of Fortune 500 companies are now using Apple® products to some degree. Beyond that, 78% of respondents to a Jamf survey agreed they would not be as effective in their jobs without Macs. 

Mac management is no longer a hypothetical: It’s an imperative. With the release of new macOS versions — most recently Catalina — IT admins want to ensure they can continue to manage their Mac fleets, including through the use of group policies. 

Challenges in Mac Management

Historically, IT admins used Windows-based IT management tools such as Microsoft® Active Directory® (AD) and System Center Configuration Manager (SCCM), but such tools did not provide the same capabilities in managing Macs systems as they did with Windows® systems.

Although it’s now a fairly straightforward process to bind Mac machines to AD through each machine’s system preferences the same cannot be said for managing machines or enforcing Microsoft’s Group Policy Objects (GPOs) on them. (Note that the user management process — provisioning, deprovisioning, Secure Token management, etc. — is not so easy.) IT organizations previously avoided or prohibited Macs, rather than trying to manage them through AD.

IT admins have come up with AD workarounds — like installing macOS® server on a spare Mac — and a new generation of Mac management tools and mobile device management (MDM) companies have sprung up to fill the AD void. Apple offers its own MDM protocol to allow “administrators to securely and remotely configure enrolled devices,” but it doesn’t provide the policy suite IT admins need to ensure proper security settings across their fleets.

Not all of these solutions necessarily provide the equivalent, comprehensive management that AD provides for (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Cassa Niedringhaus. Read the original post at: