Mac Admin Panel: Apple and the Future of Device Management

Apple device management has changed dramatically over the past decade, and it’s poised to change even more dramatically in the not-too-distant future. Recently, Kandji hosted a panel discussion to discuss the ways device management can and should evolve—both where it’s been and where it’s heading. 

Joining Steven Vogt, senior solutions engineer at Kandji, were: Joel Bruner, senior Mac endpoint engineer at Elastic; Bradley Chambers, digital and web marketing manager for Cribl and writer at 9to5Mac; and Stephen Malone, IT infrastructure specialist at Built Technologies. Here’s an edited transcript of what they had to say; you can check out the full webinar on YouTube.

Apple Device Management: Where We Are Today

Steven Vogt (SV): Over the past few years, what's become easier in device management?

Joel Bruner (JB): Zero-touch drop-shipping directly to end-users. Automated device enrollment only came out in 2015, yet it feels like second nature now. At Elastic, we drop-ship everything to users. Some places still have the mindset that IT has to set up the device first and then it goes out. But those logistics don't work, especially now; it doesn't scale. 

SV: What’s still a challenge?

Bradley Chambers (BC): Hybrid and remote work have introduced so many variables. Let's say a user is on a video call, the video gets choppy, and they put in a ticket with IT. If you're in IT, you're thinking, There are so many variables: You've got Zoom, you've got the home network and the rest of their networking ecosystem, which you have no control over, and then you've got the Mac. It can be really difficult to isolate why a problem occurred and how to keep it from happening again. Now let's say you manage 250 remote employees. You now have 250 networks that could potentially be a problem. Maybe they're sitting too far from the router. Or maybe their ISP stinks. I don't think people realize how hard it is to troubleshoot problems when you are not sitting in front of them and you don't manage anything other than the device.

Stephen Malone (SM): The biggest challenge is the people who want everything super-customized, who use very specific tools. We have a lot of that in our developer environment, where new users say, ‘I use this really specific tool.’ Luckily, the way that Kandji integrates with Apple Business Manager, utilizing Apps & Books and the way it deploys custom packages, we can usually deliver, if not the same tool, a comparable or better one. 

How Apple Device Management Could Evolve

SV: How do you think device management needs to evolve? What's the missing piece?

BC: One of the things I've really wanted is for Apple to build out an ecosystem for device state—something similar to the way ChromeOS works, where you can be typing on a device, wait two seconds to let it sync, then pick up another one, log in, and everything's the same. That's not quite there on the Mac.

Think about the refresh cycle for devices: You’ve got employees who have been working from home, who might live nowhere near the corporate office. How are they going to migrate devices—settings and all that? Or what if somebody in Sales has an important meeting tomorrow and their laptop breaks today? Do you ship everybody two laptops? Do you tell them to keep their old one as a backup? Do you say, Hey, run to Best Buy and get one and return it, and we'll get you a new one? 

You want users to have access to their docs, their background, their settings, everything the way they want it. And then when they get a new Mac and sign in, it's all there. 

SM: I agree. If you could copy data to another device securely, that would be a game-changer for sure, especially for remote people. If you could ship them a device and resume a saved state upon opening it, that would be insane. We would all look like heroes. Obviously, that's got to come from Apple, but I think it could be a component of device management. If there was some way to either store or manage that state through an MDM, that would be really cool. If they would make iCloud a business tool as well, there'd be a lot of features that an MDM provider could integrate with there as well.

JB: We think of device management as, We're going to lock this thing, we're going to do that thing. Sometimes that's a little too inflexible. I think back to MCX [Managed Client for Mac OSX, Apple’s old directory-based management system]. There was a gradient of enforcement levels. MDM is very binary. I just wonder if there’s room in the future for MDM to get some of that flexibility back. For someone who just wants to be able to add more icons, there's a little inflexibility right there. I think flexibility and non-binary thinking—fuzzy logic, to use a phrase from the nineties—could come back.

SV: One of the announcements this year at WWDC was around declarative device management. How do you see that playing into this picture?

BC: I feel like this declarative model is setting the groundwork for the future of MDM. I think about how important zero-touch deployment is for the work we do now. Declarative is going to be the next evolution. It's almost like a retooling of what MDM should be and how it should function. The important things you're going to see in the next three to five years are going to be a result of what declarative technology brings.

About Kandji

However Apple device management develops, you can be sure that Kandji will evolve along with it. With powerful features like zero-touch deployment, one-click compliance, and offline remediation, Kandji has everything you need to enroll, configure, and secure your devices—now and in the future.