🧒🏼 💓 🚚 Mac Management in the Windows World ♍️ 🏳️ 🔏

Most organizations use System Center Configuration Manager to automate system administration processes. One bad luck: SCCM's basic functionality is limited to macOS. As the number of "apple" technology in companies is growing every year, the problem is becoming more urgent. Timofei Furyaev , head of the Parallels Mac Management development team, talks about how to effectively manage Mac devices in a corporate environment while using the existing infrastructure .

Gone are the days when Windows computers reigned supreme in the corporate environment. Increasingly, companies are meeting their employees and buying Apple products for them. And this causes a headache for the employees of IT departments, because it must be integrated into the existing infrastructure. The System Center Configuration Manager (SCCM) software solution , which is widely used in most organizations, allows you to detect, register and fully administer Windows-based devices.

For Linux, which occupies a modest 1.87% of the market (according to NetMarketShare web statistics), much has been done. But with macOS, things are not so simple. It is possible, in principle, to control Mac devices with native SCCM tools, but its capabilities are extremely limited:

There is no automatic registration of Mac computers
Deployment of Apple operating system is not supported
Compliance settings do not propagate through OS X profiles
Cannot connect to data encryption system
Limited patch management
Unable to lock Mac or wipe data from it remotely

The list is not complete, but I think the cons are obvious. Without third-party solutions, Mac support takes several times more time than maintaining a PC with Microsoft OS. You have to run around the floors and do manually what is configured for Windows with one-three-five mouse clicks. This causes irritation to the sysadmin, his eye begins to twitch at the sight of a new poppy.

Plug-in solution

Since the SCCM product was created as an extensible solution, we had a desire to increase its functionality. We made a large and branchy plugin - Parallels Mac Management.

The first version was released in 2013 with only two features: Network Discovery (automatic detection of Mac computers in the local network + introducing them into SCCM) and Inventory Reporting (collecting data on hardware and installed software). Now advancing to the eighth. In it, in terms of quality and scope of functionality, everything is as close as possible to the capabilities that SCCM provides for Windows devices.

Our plug-in allows IT professionals to fully automate the management of Mac computers on a corporate network. And, importantly, it integrates seamlessly with SCCM. That is, the admin works in the same environment, with the same dialogs, with the same user interface. He does not need to log in additionally to any systems in order to do something with Mac-devices.

New Features for Parallels Mac Management

With the release of each new macOS, we add important features to our product that facilitate the work of IT administrators and increase the security of customers. In the latest - eighth - version, for example, expanded support for the services that Apple offers to manage the Mac.

Simplified mass application deployment

Added support for Apple Volume Purchase Program (VPP). Companies that purchase applications on the App Store through a bulk purchasing program can now easily deploy them using SCCM, as well as optimize the costs of enterprise software. After installing the application, you can monitor (see how actively each specific employee uses them) and revoke licenses as unnecessary.

Automated the installation of complex software

Apple has a peculiarity: some applications require the expansion of the OS kernel to work efficiently. Such software during installation requires user intervention, windows pop up with questions that are obscure to him. But the worst thing is that to enable the installation, you must open the system dialog, and not all employees can cope with this.

To get around this, we suggest making User Approved MDM Enrolment (UAMDM) - the user once agrees that the device will be controlled by the administrator. And then any number of software with an arbitrarily complex set of kernel extensions can be installed automatically.

Improved inventory

To IT administrators, in order to optimize support and identify risks, it is important to clearly understand which computer fleet they have available. They need to collect data on hardware and installed software. Starting with the first version, we recorded in SCCM a wide range of inventory data, and we expanded this set with each release. In the latest version, we went further and made a feature that allows the admin to connect his script (or third-party software) to collect any additional information about each Mac device and send this data to SCCM.

What's next?

Now we are actively developing MDM functionality in our product. We regularly collect requests for the development of new options / features and we know how much they are in demand among our users.

***
In fairness, I note that there are other products on the market for the automated administration of macOS systems. But these are separate solutions, either poorly integrated with SCCM or not integrated at all.
This is not the best choice for organizations that already use SCCM, and the proportion of poppies compared to Windows is small - only 10-20%. And there are a lot of such companies, Windows still dominates the corporate environment.

Firstly, such solutions often require a separate infrastructure, additional hardware and software. Secondly, their implementation is costly in terms of money and time. And most importantly, administrators will have to face the fact that these are separate products with their own logic, a separate management console, requiring additional skills other than SCCM.