Unified Endpoint Management: Why Microsoft and Apple Embrace It
For IT departments that might be more used to an older-school approach to provisioning devices, a move to UEM can be a bit of a change (as MDM once was), but in many ways, it reflects the current environment.
It also reflects a shift in technology mindset by some of the primary operating system providers in the desktop ecosystem, one that eschews imaging in favor of a certificate-driven approach. This style of device provisioning, which first came about with mobile devices, moved to the desktop thanks in part to Apple, which utilizes a UEM-style approach with its Apple Business Manager program.
Apple tends to think of its devices as consumer products that just happen to have a business use case, rather than the other way around. That means that the device should match the end-user’s needs while still working within broader parameters set by the IT department through provisioning certificates.
In its platform deployment guide for Macs, Apple specifically discourages companies from deploying firmware updates manually.
“Like iPhone and iPad, Mac computers often rely on firmware updates that are specific to their model. Similarly, updates to the Mac operating system mandate that these firmware updates be installed directly from Apple,” the company notes. “The most reliable strategy is to use the macOS Installer or MDM commands to update.”
For PCs, meanwhile, Microsoft’s Windows Autopilot takes a similar approach for distributing laptops with specific provisioning needs, including limiting administrator access, using tools like Microsoft Cortana and mandating specific privacy settings. As TechTarget notes, the goal with this type of technology is to allow a small number of presets to manage the final result for users.
And if your IT department relies on Google Chromebooks for deployment, they also support enrollment policies that can make them easy to deploy as necessary.
Going Beyond Imaging: The Case for Zero-Touch Deployment
You might be asking whether this is easier or harder than the old strategy of imaging. In some ways, there is still work involved here, because you still have to set the rules for how devices are provisioned, and coming up with effective rule sets takes time.
It also might feel like you’re losing control by not planning exactly how the final images appear on each system. On the other hand, there may still be plenty of benefits in the long run. Perhaps, for example, you might allow your Mac users to download software from the Mac App Store, making it possible for them to use some of their favorite life-hack apps along with your company’s traditionally sanctioned tools. Maybe your Windows users want to personalize the system to their exact needs.
And then there are benefits to the mobile approach to consider. Taking a certificate-driven approach to provisioning, called zero-touch deployment, may seem like you’re giving away the ability to manage devices; it’s actually just the opposite, as it allows devices to utilize effective remote management without the headaches of manual imaging. Once the image is built, it’s effectively hands-off — a huge benefit for remote teams.
Small businesses are always in search of ways to encourage growth without manual processes to slow things down. In that light, and with the help of a partner like CDW Amplified™ Configuration Services, unified endpoint management can help your organization keep up with a world that’s getting more mobile all the time.