April 1, 2019

Understanding Zero Touch Deployment for Macs

Keeping up to date with your company’s cybersecurity needs is a never-ending task. There are always new cyber threats to deal with—and new tools to help combat them. There’s a new buzzword that’s gaining steam amongst businesses looking for ways to increase their mobile device security: Zero touch deployment.

What is zero touch deployment and how does it work?

For those who may be unfamiliar with the concept of “zero touch” and how it relates to software deployments, here’s a quick explainer.

What is Zero Touch Deployment?

Different organizations may have different explanations of what “zero touch deployment” means. For example, Cisco defines zero touch deployment as “an ease-of-use feature that automatically registers (enrolls) and distributes X.509 certificates and provisioning information over security connections within a connected grid network.” Meanwhile, Citrix defines it as a “cloud-based service which allows discovery of new appliances in the NetScaler SD-WAN network.”

Both of these definitions rely somewhat on the delivery method used by the organization defining these terms. The basic idea behind zero touch deployment is that it automates the process of enrolling devices in your company’s mobile device management (MDM) solution so that it is protected as soon as it is first connected to your network.

How Does Zero Touch Deployment for Macs Work?

The methodology behind a zero touch deployment may vary depending on the deployment platform and the operating system it is being deployed on. For example, macOS devices can achieve a kind of zero touch deployment by leveraging Apple’s “Device Enrollment Program” (DEP).

Apple’s DEP for iOS, macOS, and tvOS devices automatically enrolls each device in an MDM solution as soon as the device boots up and connects to the internet. This simply requires the organization purchasing the devices to register the MDM solution they want to use with Apple—each device they buy from Apple after that will be automatically enrolled in the chosen MDM solution.

Why is Zero Touch Deployment for Macs Important?

Using a zero touch deployment solution for macOS devices is important because of how it helps save time on new device setup and improve endpoint security for the organization. With a zero touch deployment system, users don’t have to go through the process of manually logging into their mobile device management platform and registering the new device. This helps save some time on device setup.

The bigger benefit for many organizations is how zero touch deployment helps minimize a device’s exposure to cybersecurity risks. Instead of having to rely on someone to manually add the device to the MDM, it is added immediately—helping ensure the device is protected from the moment it is activated. Normally, with a manual device registration method, a device runs the risk of being compromised before it can be added to the MDM solution (or being missed for MDM registration entirely).

Of course, there’s more to securing your macOS devices than just getting them onto your mobile device management solution. To learn more about securing your Macs and other Apple devices, subscribe to the Kandji blog! 

Subscribe to the Kandji Blog

kandji badge

Secure Your macOS
Fleet Today

Sign up quickly and easily using your Gmail or Microsoft Office 365 business account or a verifiable business email address.


Or