How to manage, support, and secure Apple devices in the enterprise environment.
Episode 3 - EXTENDED CUT
In this episode of Real Tech with WEI, Chief Architect, Dave Fafel, discusses the infamous challenge—how does an IT organization securely and effectively incorporate Apple devices in the enterprise? This video discusses:
- What is Apple DEP? (More commonly known as Apple Business Manager)
- MDM solutions to consider for your mobility strategy
- How to manage secure access with authentication strategies
- Services needed to manage, secure, and repair Apple devices
This video is an extended cut of the Apple in the Enterprise episode of Real Tech with WEI, which means it is full of additional tips and best practice content worth sharing.
Did you know? WEI offers a suite of services specifically designed around the management of all devices in an enterprise environment, including:
- Procurement
- MDM Management
- Imaging & Integration
- Image development and maintenance
- Break/Fix services
- OS Directory Integrations
- Multi-factor authentication
Video not your thing? Follow along with the transcription below:
Chris Lessard: |
Welcome to Real Tech with WEI. I'm Chris Lessard, Director of Business Development and today we have Dave Fafel, our Chief Architect and today's topic, Apple and the enterprise. Dave, there's a lot of apple in the enterprise, Macs, iPods, iPhones. How does an organization manage all those devices and more importantly, put services around those devices? |
Dave Fafel: |
Great question. We get that a lot. Apple products are continuing to grow in enterprise environments today and organizations are struggling with how to manage these devices, how to secure these devices, even how to repair these devices. WEI has developed a set of services to support our enterprise customers for all of those important needs across the Apple suite of products. So whether it's a MacBook, iPad, iPhone, we can come up with solutions to manage those through MDM tools to provide repair services for those. Even to help develop corporate hardened images, multifactor authentication methods that are specific to the Apple product suite. |
Chris Lessard: |
Dave, what are some of the services organizations need to harden Apple into their enterprise? |
Dave Fafel: |
Yeah, absolutely. So organizations need to be able to track and control these devices the same way that they might control and track other devices such as the Windows laptops and Android devices. And having a good MDM strategy is a big start of that. So whether you're using a tool like AirWatch to manage multiple brands of devices, not just Apple. Or using a tool like Jamf Pro, which is focused strictly on Apple devices, a good MDM will help you to get your arms around applying security policies, application updates and control over those devices throughout the enterprise environment. |
Chris Lessard: |
Great. And Apple DEP comes up a lot when talking about Apple and the enterprise. What is that? |
Dave Fafel: |
Well, Apple DEP is the Apple Device Enrollment Program and this is the ability to institutionalize those devices from Apple and assign effective ownership to the organization instead of to an individual. So if you recall, a consumer oriented Apple device typically starts with an iTunes account. And this was how organizations previously, previous to DEP, had to manage their devices with a corporate iTunes account. It wasn't very effective. What Apple DEP provides is the ability to institutionalize those devices by ensuring that the serial number of each one of those is associated with the company that bought them. And that way once we connect them to that MDM environment, wherever they go, no matter what happens to those devices. Even if they are completely restored back to the factory default and then reactivated, they will always point back to Apple who will then point them to the enterprise's MDM infrastructure. |
Chris Lessard: |
So let's say I have a large organization, do I need to hire an entire staff that would basically create a Genius Bar to manage these devices? |
Dave Fafel: |
Well, it's certainly an option, but not an advisable one. This is a problem that we see in large organizations today. What happens to Apple devices when they break? They may be under warranty, but you're really left with having your end users take their MacBook to the Genius Bar. Now that might be a way to get the product fixed, but what you're really doing is exposing your confidential corporate data to a store at the mall. And this typically doesn't comply with global security policies. What we've actually done is to create authorized warranty repair services for Apple products where we work with the enterprise to understand what their needs are. We can repair devices under pretty strict SLAs, even integrate into their network environments so that we can apply corporate images to those devices and get those back into the user's hands quickly. This allows them to have Apple products in the enterprise, which comply with their global security policies while ensuring that their content and any other data that's on that device is protected. |
Chris Lessard: |
Let's talk about the imaging process a little bit. What can customers expect out of that? |
Dave Fafel: |
Well, every environment typically has standards for their OS environment, whether it's application version control or whether it's specific security policies. They need to make sure that all users are in compliance with those guidelines and with those rules. So what we do is work with our customers to design and develop Apple operating systems which comply with those requirements. So we can create a Mac OS that is a gold corporate image, if you will, and we can do the same thing on IOS as well. Help them to decide what those policies should be for Apple products, whether it's again Mac IOS or IOS. And then find ways to distribute that to those end points quickly and efficiently. Sometimes that's through an MDM, sometimes it's through another process. |
Chris Lessard: |
What about secure access in an Apple environment? |
Dave Fafel: |
Yeah, another great question. Sometimes the access methods under a different platform such as Windows don't work or don't work as well in an Apple and a Mac environment. So we work with our customers to develop authentication strategies such as multifactor authentication for Apple Mac and for other Apple devices. And we also tie that into their MDMs as well, so that they can be assured that the users who are using those devices are complying with their VPN, with their security policies and with their application version control requirements. |
Chris Lessard: |
Are there any organizational changes that a company would need to take to introduce Apple in the environment, whether it's policies, security, firewall, et cetera? |
Dave Fafel: |
Well, so this is where a partner like WEI comes into play because you don't need to add staff just to support Apple in the enterprise. What you really need is a good partner who can translate the policies that you have in place today, their business requirements around it and come up with some tools that your team can then implement in parallel to the Windows environments that you're probably already monitoring and managing today. So we'll bring those methods to the table, help you to understand the differences between your Windows environment and how you would do some of those same things on an Apple environment, and then come up with a strategy that your team can manage. So no, what we like to do is to augment what our customers are doing today from a management perspective for those devices. |
Chris Lessard: |
Glad to hear it. Thank you Dave for joining us today. And this has been Real Tech with WEI. We'll see you next time. |
Want to learn more about WEI's Enterprise Mobility Services? Contact us using the form to the right.
About Real Tech with WEI
A video series that provides overviews of the latest enterprise technology solutions from an unbiased, vendor-agnostic, award-winning IT solutions provider.