- Jamf Nation Community
- Products
- Jamf Pro
- Mac - best way to manage in bigger company
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Mac - best way to manage in bigger company
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-05-2017 11:10 PM
Our pc invironment is managed by ad and running SCCM - and total there is about 4000 windows users
We then also have about 200 macs, but it is growing all the time
Today the mac´s are bit in a grey zone, and we don´t really have manage them or control them as windows computer, which is of course also a security issue
So what we are looking for
- To be able to manage mac computer (patch management, license management, so we now what is installed on macs)
- Enforce Disk encryption (some like bitlocker/filevault, where we for each mac can lookup encryption key, if needed
- User access limitations - so not default admin access
- Antivirus client (what is the best if using mac)
- Be able to deploy software images for mac globally. We have used deploystudio at one locations, but newer mac´s does it not work anymore, so maybe different solution exists for this
Is it possible to get some input on this from your experience ?. Some have purposed to use microsoft intune to manage mac, but don´t know if that is best solution
7 REPLIES 7
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2017 07:30 AM
Avoid Intune. Microsoft's track record is "mixed results" with (I believe) an SLA stating support for new OS's within either 6 or 12 months... when they're on a 1 year cycle, that can and will bite you.
Jamf | Pro will do what you're after. You're going to need to change some approaches though - Apple is moving away from "Imaging" - but look into DEP + Jamf, I think it will make you happy.
Jamf | Pro has an SCCM plugin, so you can use existing SCCM reporting practices and expand to include your Macs.
Bind your Macs to AD if you're not already, and administer users via AD.
What are you using for AV on Windows? Most of the "big" players have Mac clients. Our Macs talk to our ePO server here, running McAfee client and have few if any complaints.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2017 07:54 AM
Intune isn't really designed to manage macOS that well, hence the partnership that was announced at Ignite that involves Intune leveraging Jamf for management (where Intune provides the compliance piece). Sounds like it might be interesting at the very least.
No need to bind to AD really, especially with tools like NoMAD and Enterprise Connect available.
McAfee is atrocious on Macs, though most AV is, so you'll just have to pick your poison. The new Malware Bytes for Mac has some promise but I haven't seen it in action yet.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2017 08:31 AM
@rossoneris I work at a community college in Illinois where we have a little under what you do(2800 pc's, 170 Macs). I don't know what your workload, workflow, or trained staffing for that matter but in making the move toward a more managed system for Macs I heavily recommend making sure that this is being considered. I know it sounds like common sense but I work in an environment(as many others do) where the common thought is bring in something that can automate work and don't consider the trained staff that's needed to get done what you need to get the system up and going while still getting the daily demands done. Between the demands from user requests and the yearly changes Apple makes in the OS for certain things it can be challenging if you don't have the people. Not to mention with automated systems come additional demands because the system allows for it.
Having said that Jamf Pro(formerly known as Casper) can handle much of what you're looking to do. I've not worked with disk encryption yet so I can't comment on that portion of it(it's on my list though). As someone said look into DEP. It's been a rocky start for us on it but Apple and Jamf have been making progress with it to where I might finally be able to have something pretty close to a zero touch build in our environment soon. I'm working on a script that will run after DEP does its thing and configure the system for the correct admin rights for users that log in as well as rename the computer with our scheme and place the computer in the correct OU in AD among other things. Time is more of an issue to accomplish this now.
AD is a good way to manage users if you're not already doing so. Tie that into Jamf Pro and things can come together. A little script and a Jamf Pro policy could address what systems have users that are administrators and those that shouldn't be.
We're currently not using an antivirus solution. In the last 5 years the only thing we've had to deal with was 2 incidents of adware...nothing serious or malicious. That's not to say something couldn't happen but I'm not all that confident that antivirus software is actually going to benefit anyone here when it comes to Macs. We press upon our users to save their data to network shares that are regularly backed up and if they have to save locally, they're using time machine(not perfect but better than nothing). On student systems nobody but support admins has admin rights. Internal politics are preventing us from enforcing staff and faculty to not have admin access. When the president of the college says everyone should have admin access(Windows and Mac), we're basically stuck. If there's AV software that someone heavily recommends and has proven useful, I'm all ears.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2017 11:27 AM
As stated before avoid McAfee, they are pretty ignorant about Macs and are resource hogging.
Personally for AV I prefer Sophos and it is free.
We use JAMF Pro here but my PC colleleague just pointed me to Microsoft's Parallels Mac Management v6 for SCCM (https://www.parallels.com/products/mac-management/).
It looks good on paper in terms of what it is supposed to do, but then again that is from Microsoft's PR group. I prefer to contact existing users and get the ground level guys who use it opinion.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-06-2017 12:30 PM
+1 Jamf Pro is great. Honestly, if you are looking to get your feet wet, there are many free MDM's that would allow you to do it. When I started out we used Meraki for Mac management and just uploaded custom configurations from profile manager / apple configurator - worked great.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2017 10:39 AM
Thanks for the input. Is there anyone having tried or running itune that can give some input ?
I would rather have one solution with jamf, instead of running intune and jamf or other applications
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-03-2017 06:11 AM
I would rather have one solution with jamf, instead of running intune and jamf or other applications
Our pc invironment is managed by ad and running SCCM - and total there is about 4000 windows users
Have you considered a plugin for SCCM from Parallels to manage Macs? This might work to meet your needs to have one solution.
