It isn’t that difficult to know when you need to change your current MDM solution. The most prominent sign? You dread making any changes—small or large—to the macOS, iOS, iPadOS, or tvOS devices you’re managing.
The dreaded project might be onboarding new users. It might be deploying new devices to existing ones. It might be installing or patching apps.
Whatever it is, such “Oh no, here we go again” pain points aren’t inevitable or incurable. They’re just signs that you need another way of doing things, that it’s time to switch to a new Apple device management solution. We aren’t saying that doing so is trivial. But if you recognize any of the following signs, it’s time to do it.
1) You Aren’t Using Zero-Touch Enrollment
How are you currently enrolling new Apple devices?
If you’re only doing so once in a while or have a low volume—a couple dozen devices per year, say—then manually enrolling them into your MDM solution could be fine, particularly if everyone getting those new devices is in the same physical location as the devices.
But if you’re onboarding new devices more frequently, at higher volumes, or in a hybrid organization with users distributed geographically, you should be using zero-touch enrollment: shipping devices directly to users and using Automated Device Enrollment to get them into your MDM solution.
The strength of zero-touch is that, as the name implies, you don't need physical access to devices to enroll them. Devices you purchase are linked to your company before they’re shipped. They can be shipped or handed directly to users, and as they go through the device setup process they will automatically be enrolled in your MDM.
If your current MDM solution doesn’t make zero-touch enrollments easy, if you’re locked into physically touching every new device and enrolling it manually, that alone may be a sign you need a new solution.
2) Buying and Patching Apps Is a Pain
The same applies to deploying applications. How do you make sure that your users have the apps they each need to properly perform their jobs? Do users have to use personal Apple IDs to purchase apps from the App Store? What about distributing enterprise applications that you’ve developed in-house?
Let’s say your marketing team requires Logic Pro or Final Cut Pro. Both are available as App Store purchases. Both are pretty expensive. How do you handle that? If users must use their own Apple IDs, you’ll need to either provide them with gift cards to compensate them for their purchases or reimburse them in some other way. In either case, because they’re using their own Apple IDs to make those purchases, when they leave the company they take those apps with them. You’ll have to purchase them again for the next person in that job.
MDM allows you to manage software purchases centrally (through Apple Business Manager) and distribute them to the users who need them—on whatever kinds of devices they have, company-owned or personal (as long as they’re enrolled in MDM). And if an employee leaves the organization, you can remove your company-owned software from their devices before they’re gone and use that license to provision someone else.
A good MDM solution also makes it easier to keep those apps up to date, which is not only better for users but for you as well, because it helps maintain security. Some apps (we’re looking at you, Google Chrome) update almost weekly. Those updates are critical to maintaining your organization’s security. If you have to manually package and deploy each one, that’s a lot of time you aren’t spending on other projects.
On the other hand, you may or may not want users to have updated apps until you’ve tested and approved them; the right MDM solution can help manage that, too.
3) You’re Suffering from Scoping Sprawl
Your existing MDM solution may provide tools that let you scope apps and settings so that some users and devices can be given one set of configurations while others get others. Which can be great.
But sometimes all that control can lead to sprawl: Depending on how you’ve scoped those apps and settings to your devices, it may be difficult—if not impossible—to know what’s installed where. It may be that there’s such a thing as too much control when it leads to unintended consequences. If you find yourself getting lost in the weeds when it comes to scoping apps and settings, a different MDM solution—one that delivers all the control you need without going overboard—might be a better choice.
4) Your Current MDM Solution Isn’t Focused on Apple
Perhaps you’re already using an MDM, but it’s a unified endpoint management (UEM) system that claims to manage everything from Windows and Android to Mac, iPhone, and iPad. In our experience, such jacks of all trades are masters of none.
UEM solutions often use language from the worlds of Windows or Android that doesn't align with Apple’s. They might also develop to the lowest common denominator supported on all platforms. For example, if Windows supports one set of password requirements and macOS another, the UEM might support only the capabilities those two sets share. That single pane of glass might seem more convenient, but it could be costing you some important functionality.
Solutions that focus on Apple devices let you manage them more efficiently. They also give you faster access to the developments that come out of Apple continuously. Is your current MDM adopting new Apple technologies such as declarative device management? Does it support new versions of macOS, iOS, and iPadOS in a timely fashion? Are its MDM commands being processed when and how they should? If not, it could be you need a solution that’s more focused on Apple.
Even if your current solution is insufficiently focused on Apple, it may be too complex, clunky, or time-consuming to make it worth the effort. Something simpler and more streamlined might suit you better.
Making the Switch
A successful migration requires planning, time, and other resources. But with the right support and guidance from your new MDM, it’s eminently doable. (Kandji’s Migration Agent is one way to make that job easier.)
So if your current solution is frustrating you, if the normal chores of Apple device management have become consistent pain points, or if they’re soaking up too much of your bandwidth, it’s time to tackle that project.
Once that transition is complete, an MDM solution that better suits your needs will give you back time, energy, and other resources you might not have known you were missing. That means more time to tackle more important strategic priorities. And that alone is worth the time it takes to switch.
Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.