Let’s be honest: Sometimes there’s a trust gap between IT and end-users. Admins may promulgate a policy without explaining the “why” behind it. Users may then try to circumvent or disregard that policy. And back and forth it goes, making life harder for both sides.
Transparency in IT—telling users what you’re doing and why—is one way to bridge that gap. But how much should you, as an admin, tell your users about how you’re managing their devices? What’s the best way to communicate that to them?
Those were some of the questions we recently put to two people at Kandji who have several decades of IT experience between them: Senior Product Engineer Arek Dreyer and Senior Solutions Architect Ryan Slater. Here’s an abridged version of what they had to say.
Why You Should Be Transparent
Arek: There are several reasons why it’s good to be upfront with users about how you’re managing their devices.
First, it's so they know where the bounds are: They’ll know whether something is to be expected because of management or is going wrong. They're not going to call the help desk when something doesn't work if they know you’ve intentionally set it up that way.
Second, it generates trust, which in turn helps users work more effectively with IT and vice versa. Let’s face it: IT departments have a reputation for making capricious decisions that users don’t understand. When you explain, “Here's what we're doing and why we’re doing it,” in a way that they can understand, that kind of open, honest communication can go a long way. It makes it much more likely that a user won’t go behind IT’s back and do things you don’t want them to, like installing a Slack instance that you can't monitor or using a personal device that might have security vulnerabilities for work.
Ryan: As an IT administrator, as somebody tasked with providing a secure and productive environment for users to work in, transparency is everything.
Some organizations have a user-centric IT policy, where people are empowered to help themselves rather than always going straight to the help desk. Engagement and trust help make that work. If you're asking a user to click a button to help your company become more secure, they have to want to do it.
It's also a mutual respect thing. I wouldn't want somebody pushing configurations to my devices without me knowing what they’re there for. As admins, we should be able to trust the users. It's entirely possible to build secure but productive environments. You don't have to be completely restrictive and lock down everything. It’s a two-way street.
What You Should Be Transparent About
Arek: I wouldn't hide anything. Let’s say you're keeping metrics on app usage—for completely legitimate reasons—but don't tell users you're doing so. If management then gets hold of that data and somehow uses it against people, users will feel like you were lying to them. All your credibility will be blown—if you lied about this, what else are you lying about?
Again, it's about that trusting relationship. If that trust isn’t there, then people can become unwilling to raise concerns or get in touch with support, and will try to self-solve instead.
If we're talking about what you should absolutely tell people about, it's things like restrictions. One way to approach that is to talk about what you are blocking and why. A lot of the restrictions available through MDM are designed to prevent inadvertent leakage of company data. Again, you’re enlisting the user to achieve a company goal, not working against them.
Ryan: You should share the intent: Why something needs to happen or why you need someone to do something should always be clear and shared—without getting in the weeds.
In the example of cloud storage and data loss prevention, you might want to explain why you're blocking iCloud—because although it’s a widely used Apple out-of-the-box platform and people like to use the native Apple ecosystem, you might have to explain that your company supports and approves of other platforms. If you're telling people why you don’t want them to use iCloud, they're less likely to look for ways to circumvent it.
How to Be Transparent
Ryan: You don't want to create confusion or any sort of unwillingness to act because your communication takes too long to read or is pitched at the wrong audience. Otherwise, they might just say, “I'm not interested in that right now, I'm going to put it off for another hour,” when it might be a critical issue that needs to be addressed immediately.
You have to use the right language for the audience. Let's say Chrome needs updating. For most people in the business, I'm not going to use technical language to explain that. But if it's an application for developers, I might provide a greater level of detail, to reassure them that their work isn't going to be interrupted by the change.
Arek: The traditional way to be transparent with users is by posting an acceptable use policy (AUP). You should definitely include that as part of the onboarding, when everyone's paying attention, and have someone explain in plain English what you’re doing.
The problem is that the first day can be a firehose of information. So the onboarding can provide an introduction to that information—here's our approach, here's where you can find out more— but you’re not going over every single bullet point.
In Kandji, with Liftoff, you can add a card to the Setup Complete window with a link to the AUP on your internal website.
Ryan: Another key is to initiate an open-door policy for IT, where nobody is shy to ask questions. If there's something that I really want to ask about, it should be easy to find the team that manages those policies. Whether it's IT, HR, or some other department that writes and sets expectations, there should be a way of learning more that doesn't make me feel like I'm about to get in trouble for asking a question. An open-door policy can really help there.
About Kandji
Whatever your approach to transparency and other admin challenges, Kandji is here to help. With powerful features such as zero-touch deployment, one-click compliance, and offline remediation, Kandji has everything you need to enroll, configure, and secure your Apple devices.