Apple MDM
What is it and why use it?
Fear not this isn't a technical document or deep dive into how Mobile Device Management works, it's a guide to it's benefits and some idea of what's involved.
What is it?
MDM is a coverall for a few technologies. The first is the MDM protocol. This is the method in which the laptop talks to the cloud service that provides the settings and configuration.
MDM is also a framework built into the operating system so that it simple to manage. By using the communication tool and framework it allows for "things" to happen on the computer
But what is it?
That is a VERY basic overview of what involved in Mobile Device Management but doesn't explain what it is actually for. That is also simple to explain as well. It's a tool to allow the control of various aspects of the computer.
A simple example is the control of the dock icons. (Yes it's possible to add items to stop them from being deleted from the dock).
You have noticed that the word control is starting to pop up a-lot and that is the key to this all. Using a third party cloud vendor to provide the MDM service to the laptop it becomes possible to manage your laptops, desktops and mobile phones.
Why do I want it?
Do you know what's going on with the computers in your business? You should have some idea of what they are being used for and how they are setup.
More importantly is the need to follow various regulatory frameworks. Being GDPR compliant is a must these days, so how do you do this?
MDM is a good solution. Laptops need to have data stored on them be encrypted. Encryption is a method in, which the data in scrambled on the hard disk in such as fashion that it's not human readable. Further it's uses an algorithm that scrambles the data using a key pair. A public and private key, these are needed in order to scramble and unscramble the information.
This is achieved using the Filevault service built into OSX and BitLocker on Windows. For Apple it's possible to create a MDM configuration to instruct the computer to encrypt the data on the computer. It also takes a copy of the key and stores it with the cloud vendor just in case something goes wrong and the data needs to be retrieved.
MDM Configurations
The cloud vendor providing the MDM service will offer up MANY options to setup your laptops in order to control the aspects via MDM configurations, here's just a few;
- Set the laptop background for business branding
- Legal statement when logging into the laptop
- Password policy, to set them to expire after a certain period of time
- Default settings for certain programs
- Enable the Firewall and control it
- Disable the guest account to stop random login
How do I get this?
There are a few hoops to jump through but nothing complex
Talk to your Apple representative and get an Apple Business Manager account. This requires some verification to happen, but ultimately you will get access to ABM. Here all your purchases will be listed. Devices can then be enabled for MDM. Already purchases devices cannot be enabled for Auto enrollment but can still use MDM manually.
After the Apple process has been completed then you need to find an MDM. A quick Google search will help here, here's just a few to start with
There are many more with different price points and services available.
Once that has been decided upon you can get down to the nitty gritty of setting up laptops to work with the MDM solution and provide you with the requirements to meet the demands of a modern business.
TNS can help you with this process. Please feel free to reach out for a consulatation.
©Copyright. All rights reserved.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.