Apple Device Management
A Unified Theory of Managing Macs, iPads, iPhones, and Apple TVs
2nd ed.
The Apress logo.
This Apress imprint is published by the registered company APress Media, LLC, part of Springer Nature.
The registered company address is: 1 New York Plaza, New York, NY 10004, U.S.A.
Apple distributed 25 releases of the Mac operating system across 35 years. Then came iPhone, iPad, Apple TV, a watch, and a HomePod. The success of the iPhone and the unique challenges to manage mobile devices mean that new paradigms in device management had to be established. This meant the world of managing Apple devices had to change. That evolution was inevitable, from the second the iPhone sales doubled those of the Mac, and has only gotten more and more clear.
That evolution in device management is now undeniable and irreversible. The end result of that evolution is a fate not yet determined. But change is afoot. This book is meant to codify those changes and identify best practices.
Who This Book Is For
Simply put, this book is for administrators of organizations that want to integrate with the new Apple. Many organizations have started building what’s next. And many complain about aspects of how they have to build out infrastructure and services. But the world’s most valuable company has shown no desire to allow exceptions.
This book outlines what organizations need to achieve work effectively with the Apple platform and includes not only infrastructure but a mode of thinking that you have to adopt to find success, a mode of thinking that forces you to leave 30 years of IT dogma at the door. And you can feel free to complain, but the faster you embrace, the faster you find success with the platform.
This book is here to help you embrace the new style of management. Because it’s not going anywhere.
Chapters at a Glance
This book provides guidance. This guidance is split up into a number of chapters that provide insights for each larger theme of Apple device management. Most will go through the philosophy and design of the Apple device management story. Unless specified in the title, we work to unify that management story across the operating systems, covering iOS, macOS, and tvOS, noting the differences within each chapter.
Chapter 1: The Evolution of Apple Device Management
How did we get here? It helps to understand the history of how Apple management has evolved in the past 20+ years. Understanding where we have come from should make you more accepting of Apple’s choices and help you better understand where Apple, third-party software vendors, and the IT community are taking us. Chapter 1 provides the background to get us started.
Chapter 2: Agent-Based Management
There is no such thing as an agentless management solution. In this chapter, we’ll look at management agents that do not include MDM, as well as when you will need to use an agent as opposed to when to use other options.
Chapter 3: Profiles
A profile is a file that can be used to configure settings on a Mac or iOS device. Once you install a management solution, you can deploy those profiles on a device, or you can deploy profiles on Macs using scripts. We’ll cover how to craft profiles and install them so you can get most necessary settings on devices.
Chapter 4: MDM Internals
What is Mobile Device Management and how does it work under the hood? By understanding how MDM works, you will understand what needs to happen on your networks in order to allow for MDM, as well as the best way to give the least amount of access to the servers or services that are necessary.
Chapter 5: iOS Provisioning
This chapter covers how to prepare iOS, tvOS, and iPadOS devices for deployment, including working with profiles, MDM, Apple Configurator, the App Store, and other tools to set up these devices.
Chapter 6: Mac Provisioning
Setting up Macs has been a bit of a moving target, starting with the end of traditional imaging and the rise of zero-touch deployments using DEP. This chapter covers how to provision Macs for deployment using a variety of methods, including tools from both Apple and third parties.
Chapter 7: Endpoint Encryption
Now that the Mac or iOS device has been set up, folks will start adding data to them which needs to be protected. Encryption provides that protection, and this chapter covers how it works, how to enable it, and how to manage it for all of your Apple devices.
Chapter 8: Securing Your Fleet
An administrator can lock down devices so they’re completely secure by turning them off and smashing them with a hammer. Security is table stakes in order to grow your device population. Every organization has their own security posture, and so once you get settings and apps on devices, we will take you through applying your security posture to customize the settings on Apple devices.
Chapter 9: A Culture of Automation and Continuous Testing
Deploying settings on devices without first testing those settings can cause your coworkers to have no idea where things are on their devices, get kicked off of networks, or many other things that will cause you to get coal during your office Secret Santa. As you deploy more and more iterations of systems, settings configurations, and software loads, you won’t be able to manually test everything. In this chapter, we’ll work on getting standard QA environments built out, so you can test without having to manually test everything.
Chapter 10: Directory Services
Active Directory was once the bane of many Mac Admins’ existence. But in recent years, the problem of binding and existing in an Active Directory environment has been mostly a nonissue. In fact, these days, the biggest concern isn’t how but why, given that there is now a bevy of options for dealing with directory services. In this chapter, we go through how to get Macs to work with Active Directory and function as a first-class citizen on predominantly Windows networks.
Chapter 11: Customize the User Experience
You can’t cover device management without discussing one of the main reasons why people actually want to manage devices: to make the lives of their coworkers better. The book has thus far been about deployment and the finer technical details. We’ll look at techniques and tools to leverage some of the things you’ve learned how to do in order to deliver world class support and enablement workflows.
Chapter 12: Identity and Device Trust
Federated identities are important as they keep us from putting our passwords over networks. This allows us to more easily access resources on networks and be more secure at the same time. What can be better? In this chapter, we cover common federated identity solutions and how to leverage them in new ways.
Chapter 13: The Future of Apple Device Management
By this point, you’ve likely stopped caring and just want the authors to wrap it up already. We get that. But in case you’re still reading, you’ll find a little prognostication for things to consider future-proofing your deployments.
Think Different
How cliché can we be? Obviously very much so. But there’s an important concept that needs to be addressed, and that’s attitude. Apple is forging their own path in IT. They trade spots with Amazon, Google, and Microsoft as the wealthiest company to ever exist. And they will not be constrained by 30 or more years of dogma in the IT industry. Or at least that’s the way they often portray their perspective on the industry (which is real, but also a little spin).
As you’ll see in Chapter 1, Apple is actually going about mass device management in much the same way it has since the 1980s. The screens look similar, the options look similar, sometimes with the same words. But due to the private data on systems and the ease of identity theft, there’s much more of a focus on end-user privacy. Still, Apple devices aren’t Windows devices. But they are increasingly sharing a code base made simpler by shared Swift and SwiftUI frameworks, and this has led to more similar management techniques than ever before.
The most important thing to consider is whether you want to try to shoehorn Apple devices into outdated modes of device management or whether you are ready to embrace Apple’s stance on management. If you aren’t ready to embrace the Apple way, then you might not be ready to manage Apple devices.
is the Chief Technology Officer of venture capital firm Bootstrappers.mn. He holds 30 years of experience as a developer, administrator, network architect, product manager, and CTO. He built the team that developed an Apple-focused MDM and has code-level experience with security and cryptography on the Apple platforms. He is the author of 20+ books and more than 6000 blog posts on technology and has served as an editor and author for many publications. Charles also serves on the board of multiple companies and conferences and frequently speaks at industry conferences around the world, including DefCon, BlackHat, LinuxWorld, the Apple Worldwide Developers Conference, and a number of Apple-focused conferences. Charles is also the author of krypted.com and a cohost of the Mac Admins Podcast and the History of Computing Podcast.
has been doing Macintosh system and server administration for 20 years and has supported Macs in a number of different environments, including university, government, medical research, advertising, and enterprise software development. His current position is at SAP, where he works with the rest of the Apple CoE team to support SAP's Apple community.
is a career iOS developer, entrepreneur, and educator. He is the author of three books on iOS development, including Program the Internet of Things with Swift for iOS, which ranked #3 on Amazon. In 2009, he started his consulting business, devAtelier, where he worked on mobile apps for a wide range of clients ranging from startups to Fortune 500 companies. He has been a senior or lead developer on over 20 apps, including ones for major brands like UNIQLO and KFC. In 2015, he developed and taught a mobile programming certificate program for the University of California San Diego’s extension program. Ahmed is currently building cool stuff in Tokyo! You can find him online at www.devatelier.com.