Mac systems have enjoyed a significant resurgence over the last decade. Once relegated to niche markets, Mac devices are now in the mainstream. Virtually all enterprises are using Macs. Many SMEs are 100% Mac shops and organizations such as IBM have built a significant practice around implementing Mac and Apple solutions for enterprises.
Mac is known for its slick interface and high-class performance but still, it may lag and slowdown which is very annoying. In this post, I am going to share the best practices to speed up your Mac system. Update the Software; Before fixing other things, make certain that your Mac is updated. Best practices for selling a mac. Posted by 3 days ago. Best practices for selling a mac. Hi all, I figured I’d gather some collective wisdom on selling a Mac. I’m selling a MBP 16, and with the expensive nature and COVIdD it’s a little more complicated. At the bottom of the General screen are two options relating to which apps can run on your Mac. The safest, but most limiting option, is to only allow apps from the App Store to run. Essential Mac tools Nos. 16, 17, and 18: OS X Server, Apple's Open Directory, and Profile Manager OS X may support Active Directory, but Apple's native directory is an LDAP-based solution called.
So if you’re an IT admin with Macs in your environment, how do you make sure they’re secured?
Here are five core best practices for Mac security:
1. Centrally Control User Access –
Your user’s systems are the conduit to your confidential data. It is easy to say that everything is in the cloud and users aren’t downloading data onto their Mac systems. Unfortunately, even if that were true – and, we all knows that it isn’t – their devices hold the passwords and keys to confidential data in the cloud for web applications and cloud infrastructure.
Central control over user access for Macs has always been a challenge. Microsoft Active Directory® doesn’t function well with Macs. Apple Open Directory isn’t as helpful with Windows systems. OpenLDAP works well with Linux, but struggles with other types of systems.
But device management is a pillar of security. So lack of management has become a core problem that IT admins struggle with for their Mac fleet. They are always compromising in some way. The good news is that with Macs growing in popularity, new services have emerged that give admins central control over Macs. JumpCloud’s own Directory-as-a-Service is one such tool and so is Jamf Pro.
Note: Jamf and JumpCloud collaborated on a webinar called “Managing Macs in the Cloud-Forward Enterprise.” You can watch a recording of the webinar for free here.
2. Ensure Long, Complex Passwords –
Best Practices For Machine Learning
Once you’ve enabled control over user accounts on your Mac systems, the next step is ensuring that your users are leveraging long, complex passwords. Password strength is more critical than ever and the best way to do that on your system is to have a lengthy, complex password. The best way to do this is to combine a number of words or even to create a sentence that you can remember easily. Mix in capitals, some numbers, and special characters and you’ll dramatically increase the difficulty of breaking into the system.
3. Enable Multi-Factor Authentication –
MFA at the system-level is a critical security component. Unfortunately, Apple has made it difficult to enable MFA for Macs which is why this capability isn’t widely available or known about. Directory-as-a-Service also provides system-level MFA for Macs. The MFA process leverages a token generated by Google Authenticator, Duo Mobile, or any other system that leverages the TOTP standard.
4. Turn on Full Disk Encryption –
If a device been stolen or lost, it is critical to make sure that your data on that system cannot be accessed. By enabling full disk encryption, the hard drive has been encrypted when at rest and not in use. In order to use the machine, the hard disk needs to be unencrypted and that requires you to enter that long, complex password that your users created earlier. Along with Mac MFA, FDE capabilities make it extremely difficult to compromise the machine – even if that hard drive were to be removed.
5. Install Anti-Virus –
When you are using your machine there is a chance that you download a virus, have been sent malware, or install something malicious. All of these issues are difficult to stop when you are using your system. Phishing is a significant issue. Malware infected websites are common, and unfortunately too many systems get infected. A great defense against these various security threats is to install a Mac anti-virus system.
More Mac Security Best Practices
There are, of course, many other Mac security techniques that we could list here, but these are the core security steps that we suggest you take. Each one of these can be easily and quickly implemented across an entire fleet of Mac systems (Windows and Linux too). As seen in the graphic above, one of the best ways to secure and manage your Macs is by combining JumpCloud and Jamf system and user management.
If you have specific questions about how a unified cloud directory could help you achieve the Mac security best practices above, drop us a note. As well, take a look at the variety of solutions that can help you implement your Mac security requirements. You can check out Directory-as-a-Service by signing up for a free account. Your first 10 users are free forever.
To read this blog post in Spanish, please click here.
Apple® Mac devices are growing in corporate popularity by the day. It’s up to IT departments to make sure that these devices utilize all resources in the environment, as well as ensure they’re visible and managed.
This can be a challenge, as Mac and Windows are very different, and Mac devices remain a minority in Windows-dominant environments. Determining how to incorporate Mac into a Windows infrastructure includes a number of factors, such as: the number of devices that need support; what type of access they require; and what tools and systems an organization already has. IT departments also need to figure out how to integrate Mac with existing Windows and Active Directory domains.
In Windows-centric organizations, managing Mac is not the highest priority on the IT project list for a variety of reasons. Few IT teams have expertise in managing Mac. Familiar techniques for managing PCs don’t help, and the best practices for dealing with Mac in a complex enterprise infrastructure can be convoluted and are not widely known.
IT teams take four main approaches when trying to accommodate Mac devices:
- Incorporate Mac devices into the Active Directory (AD) domain using existing tools meant for Windows computers.
- Use special third-party tools to manage Mac devices in the AD domain.
- Manage Mac like mobile devices.
- Manage both Mac and PC computers in Microsoft SCCM.
Some teams decide to have unmanaged macOS® devices in the environment, but this is a big security risk. You won’t necessarily lose a job if a Mac gets hacked and your infrastructure becomes vulnerable, but this can be destructive in many other ways.
Let’s take an in-depth look at these four approaches to managing Mac devices in a Windows environment.
1.Incorporate Mac devices into the Active Directory domain using existing tools.
This is the preference of many IT administrators. It’s possible to a certain degree; Mac desktops and laptops include the client component necessary to join AD and other standards-based directory services. Binding a Mac to the domain is relatively simple. Windows Server automatically creates the computer object in AD (unless it already exists), just like it would with a Windows desktop.
Recent macOS releases make it even easier to integrate Apple products, as the OS can work with Microsoft System Center Configuration Manager (SCCM) and Microsoft Exchange ActiveSync.
The fact remains, however, that Mac computers are not Windows desktops, and most management products are built for Windows. Native SCCM capabilities for Mac devices are limited and insufficient for full macOS lifecycle management. Compatibility issues inevitably come up. One way to smooth these issues is to extend the AD schema to better accommodate Mac computers. However, that requires development resources and technical expertise beyond what many companies can commit, especially if Mac devices are in the minority.
2. Use special third-party tools to manage Mac devices in the AD domain.
AD and command support in macOS make integrating Mac devices easier, but many administrators still like to use other tools to help with management. For example, IT admins can join Mac devices to AD domains and then use Apple Remote Desktop™ to push commands out to Mac clients.
An alternative is to implement Mac OS X® Server on its own system; Apple Profile Manager can then be used to set Mac policies based on AD groups. This entails setting up an Apple Open Directory domain alongside the AD service, which can make management easier in the long term. The Mac devices are still bound to AD, so there is seamless communication between the two environments, as well as shared file and printer services.
If this sounds too complicated, there is Centrify User Suite (Mac Edition), which can administer Mac devices and centrally manage authentication, policy enforcement, and single sign-on. Another option is Jamf Pro, a comprehensive endpoint management product.
3. Manage Mac like mobile devices.
Apple is moving toward a mobile device management (MDM) model, rather than a traditional directory services model. This means that IT admins can use the same management tools on Mac computers, iOS, and Android devices.
The new Apple MDM framework allows administrators to initiate AirPlay® sessions on managed devices and push enterprise applications to Mac computers. Improved OS X Server and platform capabilities also make it more MDM-friendly. Users can register Mac devices, and vendors can make use of a greater number of application programming interfaces available to third-party security and management solutions.
Many MDM vendors have quickly embraced new Mac features, such as VMware AirWatch. AirWatch allows admins to manage Mac computers alongside smartphones and tablets and perform a wide variety of tasks.
Organizations can also implement a separate tool, such as MobileIron or an Apple server not bound to AD. This allows IT admins to implement user access through virtual private networks without having to join the devices to the domain. This is useful when incorporating users’ personal Mac laptops.
4. Manage both Mac and PC computers in Microsoft SCCM.
Best Practices For Mac Os
This approach works best for organizations that already use Microsoft SCCM to manage PC. However, Microsoft SCCM alone has only a few features for managing Mac devices—not enough for managing Mac in enterprise. SCCM allows for the following:
- Setting up support and enrolling macOS clients.
- Deploying settings to macOS clients.
- Performing hardware inventory of macOS clients.
- Deploying applications to macOS clients.
While SCCM is capable of managing these devices, additional items need to be installed and configured to support Mac. You’ll need to implement a public key infrastructure for Active Directory Certificate Services. These certificates are used to communicate with SCCM through SSL communications. Each Mac with a SCCM client installed acts like an Internet-based client.
Since the Mac devices are acting like Internet-based clients, you’ll need to have a Configuration Manager Site server with a fully qualified domain name, as well as a minimum of one HTTPS-enabled management point and one HTTPS-enabled distribution point.
You’ll also need to configure the enrollment point and enrollment proxy point features in SCCM. This will allow your macOS clients to be enrolled in the SCCM environment after the client is installed. In order to enable the management of these macOS clients, you’ll need to configure custom client settings.
SCCM’s built-in support for Mac OS does work great, but there are certain limitations to the features and functionality of this support. To manage Max OS X clients, you must have PKI infrastructure and additional SCCM site systems. If you’re not planning on enabling HTTPS communications for your entire corporate environment, you’ll need to have multiple management points and distribution points. One management point will be configured for HTTP communications, and one will be configured for HTTPS communications, as is the same for the multiple distribution points.
Mac Practice Test
Extend SCCM for Enterprise-Level Mac Management
What if you could add the same right-click management that Windows devices receive in SCCM to Mac devices? What if you could do it with a short learning curve, no silos, and the same system administrators?
There is a solution that can do all of this and more: Parallels® Mac Management for Microsoft® SCCM. Parallels Mac Management gives SCCM all the missing tools for Mac management, including FileVault® 2 encryption, macOS deployment, application delivery, Apple Device Enrollment Program, and compliance via SCCM configuration items and baselines.
With Parallels Mac Management, you simply add full macOS lifecycle management to Microsoft SCCM and manage PC and Mac computers in a single pane of glass. There’s a minimum learning curve and no additional infrastructure required. The solution leverages your Microsoft SCCM investments and enables Windows admins to manage Mac computers.
For further information on Parallels Mac Management, please feel free to contact our sales team to request a free trial.