How to control MAC device after joinin in Domain (Active Directory)

amit110
New Contributor

I have 10 MAC device which i have already joined to Active directory. My question is how to control MAC device like windows PC which is mention below through Active directory

  1. Group Policy

  2. Patching

  3. SCCM

  4. Password Sync with AD

  5. User & Machine certificate

I need help badly. Thank you

2 REPLIES 2

AJPinto
Honored Contributor

Here, is the trick. You don't. MacOS is not Windows, and macOS cannot be Managed by tools designed to manage Microsoft Windows. I also very strongly suggest reconsidering domain binding Macs.

 

  1. Group Policy - GPO is a Microsoft tool to manage Windows. This will never work, macOS simply does not support GPO nor does GPO support any OS other than Windows. Look in to JAMF Confirmation Profiles that implement similar management as your GPO configurations.

  2. Patching - Depending on what you mean by patching. Application patching, there is as section in JAMF called patch management. Use Patch Management, or manually build Policies and Groups to deploy applications. OS patching, there are fundamental differences in how Microsoft and Apple approach patching. 

  3. SCCM - SCCM does not support macOS and has not supported macOS in years. You can look at Intune, but Intune is another MDM like JAMF just no where near as good.

  4. Password Sync with AD - Look in to tools like NoMad, JAMF Connect, or Apples SSO Extension. JAMF Connect would be a good option if you need federated login and a more "Active Directory" like experience. 

  5. User & Machine certificate - You need to figure out what kind of certificates you need. SCEP certificates can be deployed directly from JAMF with a configuration profile. If you are needing AD CS certificates, look in to JAMFs AD CS Connector (does not require domain binding). Most any other certificate can be manually uploaded in to a configuration profile and deployed. For domain bound Macs (again I recommend against doing this) you can use the certificate payload in a configuration profile to deploy AD CS certificates.

 

TL;DR:

My recommendation is to look in to how to Control the Mac like a Mac. Active Directory and Macs do not give you the same results as Active Directory and Windows. In fact Active Directory and Macs actually causes a lot of problems with macOS.

  • Rule one in learning to manage Macs in any environment, Windows ≠ MacOS. Window and macOS need two totally different approaches in management and tools normally do not cover both Windows and macOS.

Daniellejamf22
New Contributor II

Very educative and elaborate response to the question above. Very helpful.