Bringing Macs into an existing IT environment can make any Windows admin feel a little wrong-footed. Everything is familiar, in terms of the tasks and settings, but with enough of a twist to seem a bit foreign at first. Our ongoing series of Mac management tips is here to help guide you in rolling out Macs securely and productively.
In part one of this series, I looked at the essential requirements for integrating Macs into enterprise environments, including how to join them to enterprise systems. At scale, large Mac deployments often require a unique set of skills and tools to be successful. The same goes for applying management policies to Macs, which I cover in this article. Here, you will get an overview of Mac policies and insights into how to plan a strategy for deploying them.
In final piece of the series, I'll look at the specific tools used to apply policies, as well as tools that offer additional management and deployment features.
The upshot on Mac management policies
How to go about managing Macs is a question of scale. Technicians at organizations with a small number of Macs can often configure each Mac individually or create a single system image that applies a uniform configuration to every Mac. In larger organizations, the challenges are more complex. Different users or departments will have different configuration needs, and they will require different access privileges. Moreover, they will often have configuration needs related to individual users and groups, as well as needs related to specific Macs based on their use (and sometimes their hardware). Because of this, manual configuration is simply too inefficient. Here, automation is key.
To this end, Apple offers a range of policies that can be applied to your Mac fleet to enforce security requirements, to aid in automatically configuring Mac machines to specific profiles, and to enable and restrict access to resources on your network.
If you're already familiar with Windows Group Policies, you'll be happy to know that you can fully manage the Mac user experience in a similar manner using Apple's policies for Macs. Most of these policies can be applied either to specific Macs (or groups of Macs) or to specific user accounts (or group memberships). Some policies, however, can only be tied to Macs or to user accounts. Familiarity with how policies can be configured is vital to creating your Mac management strategic.
For example, as with Windows Group Policies, policies related to user needs and access controls are often managed based on group membership related to department, job roles, and other factors. Departmental app and Mac security setting requirements are best set based on Macs (or a group of Macs), rather than users (or group memberships). Some policies, such as Energy Saver policies, are Mac-specific rather than user-specific by default.
Sign up for CIO Asia eNewsletters.