March 28, 2019

Advanced Security for Apple Mobile Device Management Solutions

Ensuring security on mobile devices is no small task. Considering the growing popularity of Apple’s handheld devices—such as iPhones and iPads—having a mobile device management (MDM) solution specifically designed for securing Apple OS devices has become more important than ever.

What is mobile device management? Moreover, why is it necessary to have an Apple mobile device management solution?

What is Mobile Device Management?

The general definition of mobile device management is, as noted by Gartner, “software that provides the following functions: software distribution, policy management, inventory management, security management and service management.” These functions are used to improve the security of mobile devices by ensuring that they:

  • Have the right software installed;
  • Are accounted for/not missing;
  • Are using the right security settings; and
  • Can be wiped clean of sensitive data in case of an emergency.

Mobile device management platforms are crucial for security in modern businesses—especially those that use “bring your own device” (BYOD) policies that let employees use their personal mobile devices for work tasks.

However, not all MDM solutions are created equally. Some mobile device management solutions specialize in securing specific types of mobile devices and operating systems. For example, some solutions are specifically designed for Apple mobile device management.

Why Would You Need Apple Mobile Device Management?

One of the top reasons to use an Apple mobile device management solution is if your company is using a BYOD policy. Apple devices are extraordinarily popular in the consumer market—so, many employees will have one. If your MDM isn’t configured for the Apple operating system, then the protection it provides may not be up to snuff.

Configurations and APIs that would work for a Windows- or Linux-based OS may not work for an Apple OS (and vice versa). So, there needs to be an MDM in the organization that can specifically address each device’s operating system.

Additionally, Apple devices have numerous features that run in the background that are designed to improve user convenience, but could be exploited to compromise the device. For example, “Guest” users and folders may be great for families sharing a Mac computer, but for businesses, they’re a major Mac security risk. Additionally, the running of so-called “safe files” in Safari reduces input prompts to execute files that are marked as “safe” in an Apple security database, but attackers can leverage this automatic execution to carry out attacks by mimicking safe files. Disabling these features is often a necessity to ensure strong “Apple security” for macOS devices.

A mobile device management solution that is specific to Apple OS devices is much more likely to have features to enable control over these Apple security concerns than a generic MDM that lacks such a specialization.

When looking for an Apple mobile device management solution, be sure to ask the solution provider how they control security settings for macOS devices—if their MDM can do so at all. If the solution provider cannot provide easy Mac security setting controls, it may be up to you to create and deploy custom code through the MDM’s software distribution features. This manual coding solution is slow and inefficient.

Having a security configuration platform that can enable codeless security settings for Apple devices greatly simplifies management of macOS devices and reduces the chances of errors in deploying security controls.

Note: When adding employee-owned devices to the MDM platform, it’s important that employees know how the MDM might be used on their mobile devices. For example, if the company uses the MDM to enforce device tracking, it’s important that the employees know this will be the case, and when the tracking solution will be active. Otherwise, it could be construed as an invasion of privacy.

What Are the Most Desirable Features for Apple Security?

Here’s a short list of some of the most desirable things to look for in a security tool for your organization’s macOS devices:

  • Centralized dashboard for easy device monitoring
  • Apple OS-specific security settings and controls
  • Codeless security configuration and management
  • Apple mobile device management server to centralize security controls across the organization
  • Ability to enable tracking features for lost/stolen devices
  • Data encryption capabilities
  • Offline configuration status checks to prevent tampering
  • Ability to apply role-based controls to individual users

Finding the right mobile device management solution for your Apple devices can be a challenge. If you need more information about macOS security, subscribe to the Kandji blog to receive updates.

Subscribe to the Kandji Blog

kandji badge

Secure Your macOS
Fleet Today

Sign up quickly and easily using your Gmail or Microsoft Office 365 business account or a verifiable business email address.


Or