FULL-STACK DEPMODERN MAC DEPLOYMENT

@FTIFFMac Consultant for large enterprises

https://maclovin.org

IT CONSUMERIZATION

33%

30%

36% Strongly Agree or AgreeNeutralDisagree or strongly disagree

I don’t worry about my organization’s IT policies. I just use the technologies I need to do my work.

Source: Accenture (March 2011)

IT CONSUMERIZATION

13%

42%

45%Strongly Agree or AgreeNeutralDisagree or strongly disagree

I think the hardware devices and software applications that I personally use are more useful than the ones provided by work.

IT CONSUMERIZATION

Source: Accenture (March 2011)

TOWARDS ZERO IT INTERVENTION

PROCUREMENT

DEP

SOFTWARE INSTALL

SECURITY

USAGE

PROCUREMENT DEP SOFTWARE INSTALL SECURITY USAGE

PROCUREMENT DEP SOFTWARE INSTALL SECURITY USAGE

RetailLocal Talent

World-Wide presence

Joint Venture

OnlineEasy ordering

Need one contract per country

IBMComprehensive program

Starts with 2’000 devices / year

APRBest discounts

Can accommodate for special requests

Personalised help

PROCUREMENT DEP SOFTWARE INSTALL SECURITY USAGE

VPPLeverages Apple’s Infrastructure

Reclaim software

MDMDeploy certificates

Deploy Profiles

Casper Suite

MicroMDM*

Wi-FiSCEP Server

WPA2 Enterprise

Enrollment Network

⚠ Login Window

Leverage Apple Professional

Services

*MICROMDM

@groob @mosen

https://micromdm.io/

(GUI)+

‣ DEP Enrollment

‣ Initial install of App (e.g. Munki)

‣ RESTful API and SDK

PROCUREMENT DEP SOFTWARE INSTALL SECURITY USAGE

SOFTWARE INSTALLPROCUREMENT DEP SECURITY USAGEDEP

@ftiffCasperSplash

Inspired by IBM

Helps to wait until some apps are installed

Displays company info

AutoPkg*‘Cookbook’ workflow

Leverage Community

Definitions on github

Limit admin errors

Easy start by using the “AutoPkgr” GUI

App StoreEmpower your users

Leverage VPP

SOFTWARE INSTALLPROCUREMENT DEP SECURITY USAGEDEP

*CASPERSPLASHhttps://github.com/ftiff/CasperSplash

@ftiff

SECURITYPROCUREMENT DEP SOFTWARE INSTALL USAGEDEP

KerberosNo more binding!

Sync local password with AD

Enterprise Connect*

Gala

SystemPassword policies

Educate users to Lock screen

FileVault

SophosMalware is coming

Use a non-intrusive anti-virus

SECURITYPROCUREMENT DEP SOFTWARE INSTALL USAGEDEP

*ENTERPRISE CONNECTApple Professional Services

@ftiff

‣ Manage Kerberos Tickets

‣ Sync Local Password with AD

‣ Automatically mount shares

‣ Execute Scripts

USAGEPROCUREMENT DEP SOFTWARE INSTALL SECURITYDEP

SupportEncourage users to go to Apple

Outsource Tier-1 or Tier-2

TrainingCreate an internal Genius Bar

Use Apple Retail Store workshops

Tier-0 Use Self-Service app

Easy Reinstall with macOS Recovery

AppleGet an AppleCare OS Support*

Use Apple Professional Services*

Apple Professional Services: Enterprise

iOS & Mac Readiness

Wireless Readiness

Integration

Shared Devices

OS Update Accelerator

FastTrack iOS Deployment

App Dev Review &

Boot Camp

Enterprise Connect

✅ ✅

✅

APPLE PROFESSIONAL SERVICES: ENTERPRISE

Operating System Select Preferred Alliance

iOS, OS X client, and OS X Server using graphical user interface

OS X and OS X Server using command-line interface Incident

Troubleshooting automated administrative tasks and scripts Incident

Troubleshooting cross-platform integration (security, file, and print services) Incident

Troubleshooting directory service integration and profile management Incident

Troubleshooting Active Directory integration Incident

File system and RAID configuration <

APPLECARE OS SUPPORT

THANK YOU!