Skip to content
Pricing
Contact Sales Start Free Trial
Get Started
why you need an mdm solution that’s built specifically for apple
Blog Recent News Why You Ne...

Why You Need an MDM Solution that’s Built Specifically for Apple

Kandji Team Kandji Team
9 min read

Introduction 

The last decade has seen tremendous growth of Apple devices in the enterprise. It started with the popularity of the iPhone but then grew to include the much wider adoption of the Mac as well. As organizations began to deploy and manage more and more Apple devices, they also began to adopt a suite of software tools collectively referred to as mobile device management (MDM.) These tools allow organizations to wirelessly and securely manage their fleets of devices and to send configuration profiles, content, and commands to them.

A Brief History of Apple Device Management

Prior to MDM, Apple did offer tools — including Workgroup Manager and Managed Preferences for Mac OS X (MCX) — that helped manage preference settings for Mac fleets. But the release of the iPhone in 2007, and its almost immediate popularity with business buyers, remapped the device management landscape entirely.

With the iPhone and iPhoneOS, (as it was then called,) Apple was able to start with a clean slate, without worrying about backward compatibility. The company could build a security and management model into iPhone (and eventually iPad) devices that were forward-looking and designed for an environment in which connectivity was persistent and security threats were pervasive. Apple first released its mobile device management framework—which took advantage of these built-in capabilities—in 2010, and the MDM industry quickly took off.

timeline

Mac as Choice

The iPhone’s manageability was one factor in its speedy infiltration into the workplace. While the iPhone might have been the first Apple product for plenty of its owners, thanks to its famous halo effect, it was often not the last. For many users, it was the gateway to other Apple products, including the Mac.

Once they’d used the Mac at home, they increasingly wanted to use one at work as well. Apple initiated a “Mac as Choice” campaign to encourage the corporate world to use the Mac. The idea was that the Mac could provide everything that the modern workforce needed.

As it turned out, giving employees the choice of Mac or PC proved to help with recruiting and retention as well as morale and productivity. Most famously, Apple got a mutually beneficial (and historically ironic) boost from IBM. Big Blue not only offered its employees the Mac as an option, but also tracked the effects of that choice. Over the years, IBM was able to demonstrate that its employees were happier and more effective at their jobs when given the opportunity to choose the computing platform they worked on. In fact, many of them- as much as half -would go on to choose Mac.

The Mac and Manageability

As the Mac made inroads into the corporate market, Apple migrated many of the productivity, security, and management tools it had originally developed for iOS to the Mac. (More on this can be found here.) One of the most important of those tools: MDM.

When it comes to management, the key difference between the two platforms is that iOS and iPadOS are exclusively gated by Apple, through its device management framework; on those platforms, there’s only so much an admin can do. With macOS, MDM vendors get a rich set of MDM capabilities which can also be augmented with features such as: 

  • App agents
  • Broader controls over app installation and settings
  • Scripting
  • Third-party app integrations

These additional features become the primary ways that MDM vendors distinguish themselves from one another.

Single Pane of Glass or...?

There's another huge factor that has contributed to the rapid growth of Mac device management in the enterprise: In 2020, remote work went from being a corner case to a worldwide requirement. Managing devices and keeping them safe while their users worked remotely became the prime directive for IT teams.

Companies that previously set up computers for users at their cubicles now had to rely on management software to do that setup remotely. That often meant guiding users through account creation, password management, software installation, updates, and more. If the management software couldn’t help with that, human IT resources would have to fill the gaps.

As the remote management of Apple devices became compulsory, those IT teams faced a choice: Use a management tool that was specifically built for Apple or choose one that wasn’t. Those that weren’t often touted the advantage of a “single pane of glass” - a single tool that could manage both Apple and non-Apple (Windows, Linux, and Android) devices.

Over the past decade, most enterprise devices were managed with MDM solutions that fell into that cross-platform camp. These were the large players in the industry with recognizable names: VMware, Microsoft, and Ivanti. Their promise to IT administrators: A single, unified management console meant fewer login screens, less training, a leaner staff, and lower costs. For many organizations, that was a compelling pitch. But at some point, many admins who dealt with Apple devices realized this approach entailed some big trade-offs.

Every platform has its own frameworks for enrollment, creating accounts, setting configurations, enforcing restrictions, and installing and updating software. The frameworks for doing all that can vary widely, not only between traditional computers and mobile devices, but also between the major platforms within those two product categories. (This is certainly true of Apple’s Mac and iOS.)

Trying to fit all those frameworks into a single management tool presents an incredible challenge. Inevitably, features that are viewed as less essential are left out for the sake of simplicity. Development resources must be divided between the various platforms. Such resource constraints can mean delays in supporting new features on a given platform. The result is that one size fits none. What was hoped to be the single pane of glass all too often becomes a single glass of pain.

The Advantages of a Solution Built for Apple

For organizations that want to manage Apple devices, going with an Apple-focused MDM solution has several advantages:

Apple Integration

Apple Business Manager is a critical tool for anyone who manages Apple devices. It provides a critical link between your Apple device management solution and your devices, enabling things like Automated Device Enrollment (ADE). Add in its utility in distributing apps and other content at scale and its ability to federate with user directories, and Apple Business Manager quickly proves essential for any Mac admin. Apple-specific MDM solutions integrate tightly and smoothly with Apple Business Manager, as well as other Apple services such as the Apple Push Notification service, the App Store, and Apple Books.

Other Integrations

Going with an Apple-focused MDM solution means that you’ll have better integrations overall; not only with Apple’s own device management and security frameworks, but also with the broader Apple ecosystem. For example, using Apple’s own single sign-on extensions to support major identity providers can give the user a streamlined login experience—a big win for security-conscious organizations. That kind of quick and sure compatibility isn’t always available from cross-platform solutions.

Unique Workflows

Want your Apple users to experience a great, customizable onboarding experience? Want your identity management system to funnel user and group data to be usable for assignment rules? How about an Apple Lost Mode automation to communicate updates when a lost device has been moved a certain distance? An Apple-focused MDM service can make such workflows easier to implement and can take your management much further.

Keeping Compliance

Many mobile device management solutions don’t include compliance or remediation, meaning hundreds of remediation scripts have to be written manually. But even when a cross-platform implements some form of compliance standards, many of the unique settings and controls for the Apple platform are absent.

Software Updates

Software updates can be vastly different from one technology platform to another. Both the backend and frontend mechanisms for downloading, updating, and automating software upgrades can vary widely. On the Mac particularly, MDM vendors can go beyond the Apple APIs and create something really unique.

Mac Agents

Agents extend the capabilities built into MDM. Like any piece of software, it helps if the developer knows the underlying platform intimately and thoroughly. An Apple-focused vendor is in a much better position to write a good, effective Mac agent than one who must keep the plates for multiple platforms spinning at the same time.

Conclusion

Given the growth of Apple devices in the enterprise, it’s no surprise that Apple-focused MDM solutions are also growing by leaps and bounds. In Okta’s Businesses at Work Report for 2023, for example, Kandji was found to be the fastest-growing app among Okta customers, with 172% YoY increase in customers.

For IT teams in mixed environments who need to manage Apple, Windows, Android, and other platforms, there are several tools that will manage them all. But we believe that you’ll be better served by a device management solution that really knows and takes advantage of everything that Apple’s device management ecosystem has to offer. We’d argue that IT managers will actually save time and money by adopting tools that are optimized for the different platforms you have to manage, rather than making do with one that does an OK job, (you hope,) on all of them.