H_Ko - stock.adobe.com
Macs in the enterprise – what you need to know
A guide to managing Apple Mac hardware and operating systems in the enterprise
Sometimes, you make a decision and it delivers what you want. Other times, you may end up seeing other effects as well. This falls under the banner of “unintended consequences”. This has been recognised since 1691, when John Locke wrote to a member of the UK Parliament about interest rates.
What does this philosophical point have to do with IT strategy? It demonstrates how our choices can affect our future plans, and how we can then need to invest more over time to deal with those consequences.
The pandemic accelerated digital transformation projects for many companies and got them implementing new projects faster. At the same time, teams had to support more remote working, which involved adding more security services and letting users have more choice over the kind of device that they used.
The end result of this choice? More Apple Macs in the enterprise. IDC estimates that Macs now make up 23% of endpoints in enterprises, which is a significant portion of all the endpoints that companies will have.
Previously, Macs were seen as expensive compared with machines running Windows. In the past, these machines were perceived as being aimed at professionals in creative industries that were willing to pay the premium. Apple-approved peripherals are seen as expensive too – for example, the Studio display and Thunderbolt 4 external disk drives can be more expensive than other options. Similarly, many devices can only be repaired by Apple-authorised resellers, with an accompanying price tag.
However, a lot of those assumptions are now out of synch with reality. In 2021, Apple and Forrester produced a report that covers the total cost of ownership for Macs, and found a saving of $843 per endpoint over three years. While there might be a premium on some devices aimed at very large creative tasks like rendering, the purchase and management price for standard Macs is comparable when looking at mid-tier and higher-end Windows devices.
Macs have a positive impact on productivity, according to users. Previously, IBM announced that workers felt more productive using Macs, and that those employees on Macs had a higher “net promoter score” compared with the population of users on Windows. This improvement in productivity and quality of work is an indirect benefit that can be hard to capture, but it does demonstrate a better return on investment based on the machines that users have.
Support, patching and end of life
With the pandemic leading to rapid change, users had more choice, and more of those users adopted Macs.
From a corporate point of view, the management overhead is lower, as long as you understand how Apple devices are managed. While the Forrester report referenced above points to potential cost savings over time around endpoint management, many more companies now have to think about how to deal with these devices over time.
There are some practical points that IT managers will have to get to grips with around Macs, as the mindset around management is very different.
For example, Microsoft has a well-defined approach to end-of-life dates for its operating systems. For IT admins, this approach makes it very clear when support ends for specific operating system (OS) versions, and when security issues will stop being fixed. For macOS, the picture is not quite so clear.
Apple provides both the hardware and operating system that users will have. On the hardware side, it is easier to see what is charmingly titled “vintage” and what is obsolete. On the operating system side, however, there is less clarity on what is supported and what is not. Older devices can run newer versions of macOS, so users on older machines may still be able to run all the applications and services they need to be productive.
Alongside the end of support, there is also the question of security and how long updates for different operating systems will be produced. When asked, the official line from Apple will be: “The most recent version of macOS is the most secure.” In practice, macOS versions tend to receive full updates for a year, followed by up to two years of maintenance and security updates.
Read more about desktop IT management
- When people discuss desktop as a service, it is usually in the context of Windows desktops. For macOS, however, implementing DaaS can be more complicated.
- Organisations with both Mac and Windows devices can use some of their Windows-focused AD setup to address macOS management tasks.
Older macOS versions will receive security updates past this point if they are serious enough, but this will be dependent on Apple providing that update. There is no advance warning on what will or will not have an update provided. From the perspective of those used to long-term planning around concrete end-of-life dates, this degree of uncertainty can be a frustrating scenario.
Alongside support, macOS has a very different approach to patching compared with Microsoft Windows. Windows has been built for a centralised and managed approach to updates and patching, putting tools together to make the update process easy to enforce and track.
Conversely, macOS puts most of the control around updates firmly in the hands of the user. It is up to them when any update is installed. While it is possible to put changes in place from central admin, the experience around this can be brutal. It enforces an immediate update with no possibility for the user to save their work. This kind of switch-off with no notice can be hugely counterproductive when people want more flexibility about how, when and where they work.
While Apple is moderating this approach with more and better notifications and deferral options, it is still far too easy to end up with unsaved work destroyed by an update, or a machine left sitting on an older version of macOS without forcible updates.
This can be problematic. As an example, I saw one user put off an update for 1,276 days. Her reason? She was too busy to put the change in place. After being brought in to look at the company’s IT strategy and getting to know the team, she actually was too busy to do this, as she was pivotal to a significant portion of the business’s revenue, rather than it being an excuse. However, it meant that this update, and the others behind it, did not get put in place. Eventually, I was able to wrestle the laptop away and put the updates through, but it required physical presence and a gap in the business schedule to align.
For Macs, managing updates requires a different approach to Windows that is based on user communication and nudging. Enterprise IT teams will have to manage both sets of machines, and this can lead to higher costs over time. If you don’t plan ahead, this additional workload could make the myth of Macs being more expensive a reality.
So, what does this planning requirement mean for IT admins? Ideally, you should try to consolidate. One approach will be to reduce the versions of macOS that you have in place. This should make it easier to support over time, as well as reduce the risk around potential security issues.
This approach should ideally cover both Windows and macOS – rather than running different strategies and tools to manage both sets of machines, look at how you can consolidate them.
Second, look at how you roll out and manage patches. Communication and user awareness are essential things to cultivate when you are reliant on users to carry out updates. You will also have to look at how to manage notifications so that users get the message on how and when updates will be applied.
This involves a fine line, encouraging users to do the right thing and nagging them ahead of a deadline for deployment. Giving your co-workers the appearance of control around updates will both make them your partners in security and get them to do the desired IT task of conducting their updates. At the end of the day, your co-workers don’t want to be the source of a security breach.
From an IT perspective, the advent of more Macs in the enterprise will lead to a different workload on IT admins. But with the right approach, it should not mean more work.
IT teams should also be able to help the business improve the daily work experience for employees. Over time, this will be important. According to the Forrester report from 2021, employees on Macs were 20% more likely to stay with their companies. This is an example of an unintended consequence for IT that will have a positive impact for the business.
Tom Bridge is principal product manager at JumpCloud.