Skip to content
how to make device management work for end users
Blog Recent News How to Mak...

How to Make Device Management Work for End Users

Kandji Team Kandji Team
7 min read

There’s no question that modern device management is a boon to IT teams. It simplifies and centralizes the way you deploy operating systems, apps, and settings on the devices your organization relies on to get its work done. It also gives you visibility into how those devices are being used and whether they’re in compliance with your desired end-states.

But while all that is clearly critical to your IT team, you also need to consider another impact that device management can have on your organization: How does it help your users?

The answer matters because you want their buy-in. The fact is that a device management program depends on users. You need them to follow your policies about passcodes, software downloads, and the like. You need their help when you’re switching from one MDM solution to another. Their goodwill is essential to good IT.

More fundamentally, keeping users happy and, therefore, productive is a core mission for IT. A well-designed device-management program can help you fulfill it.

So, how can you ensure that your device-management setup is working for users? First, make sure that they understand the benefits. Second, alleviate any concerns they might have. 

Explain the Benefits of MDM

Make the First Day Great

Your first opportunity to demonstrate the benefits of MDM to your users is their first day on the job: MDM can create an ideal out-of-the-box experience with the new Apple device they’ll be using on the job. 

It wasn’t always this way: Back in the day, you’d have had to deliver the new Mac (or iPhone) to them in person after configuring it manually on the IT bench. But now, thanks to zero-touch deployments—made possible by Apple’s Automated Device Enrollment infrastructure and your MDM solution—they can open up the box, turn on the device, and it’ll configure itself for them, just the way you want it. 

As part of that magic, you can hide some things that might otherwise annoy them on that first day—specifically, the barrage of Setup Assistant screens that normally appear on a new Apple device.

Anything you can do to speed up the initial setup, including installing only what users need for their specific roles, will be appreciated—especially by those users who work remotely and whose bandwidth may be constrained.

Help Them Help Themselves

The second way you can wow your users is by providing some kind of self-service functionality, again via MDM. The specifics vary by MDM solution. (Kandji’s is explained here.) But the essential idea is that you can give users a way to select and download software on their own. With self-service, you can expose an internal app catalog to users and let them install what they need. 

You can also provide scripts and other tools that let users change configurations or troubleshoot problems on their own. You can provide links to support and other organizational resources. The possibilities are limited only by your MDM solution. But the idea is to give users some agency over what’s installed on their Apple devices and to give them some tools to take care of those devices themselves. That, in turn, empowers them (while also reducing the volume of help-desk tickets your IT teams need to answer).

The other piece of that is automated patch management, which ensures that the apps installed on the device—whether specified by IT or downloaded voluntarily by the user—are kept up to date. Users benefit because they always have the latest versions, and you benefit because you know software is being patched regularly.

Be Transparent

Some of MDM's other benefits are harder for end-users to see, but they’d notice if they weren’t there. 

One primary example is security. MDM solutions are ideal for ensuring that every device in your fleet is configured according to your organization’s security requirements—from defining passcode policies to installing security software. That, in turn, means those devices won’t be suddenly unavailable because of a security intrusion, and the data on them will stay safe.

With MDM, you can restrict access to things like AirDrop or the device’s camera for security reasons. You can also re-enable them for users who need them without physically accessing the device. You can restrict the installation of software on company-owned devices while allowing access to the App Store and the installation of personal software when users enroll their own devices.

Again, some users might interpret those restrictions as limitations. “What do you mean I can’t install this software? I downloaded it!” That’s where communication becomes critical. If you want to keep users on your side, you need to be transparent with them about what you’re doing via device management.

If you are imposing new restrictions on users, you need to be upfront about it: Here's what we're doing, and here’s why we’re doing it.

It can help to introduce such restrictions slowly instead of all at once. Instead of cranking up your security settings to DefCon 5 immediately, consider rolling out (and communicating about) such things incrementally: This week, we’re implementing a new passcode policy, next week, we’ll turn on Gatekeeper, and so on. 

As always, make such changes mindfully: Just because your MDM solution provides a setting doesn’t mean you need to turn it on.

The same applies to MDM in general. You need to explain what it does and why you’re installing it on their systems. (This is especially critical if you’re installing MDM profiles on personal devices.) You need to be clear with users about what your MDM solution is and isn’t controlling. You need to stress the benefits noted above, as well as the restrictions.

You can stress that MDM isn’t meant to control personal usage of a device or to scan and view personal information. Whenever possible, you should document exactly what your MDM solution is securing access to and why. Consider conducting training sessions where users can learn about what you’re offering and ask questions. 

Transparency can go a long way toward creating an atmosphere where everyone who touches the tech you control feels like their work is important, their data is safe, and they can go about their daily business worry-free. Which is what your IT team should want.

Still wondering if you've met the bar? Ask your users. And instead of taking their word, live it for yourself: Apply the same policies to your own devices that you’re applying to theirs. If you run into something that you dislike, chances are your users will feel the same way.

About Kandji

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.