Are the new Apple MacBook Pros enterprise ready?
15 August 2018 | 0
Apple finally refreshed its MacBook Pro line-up in August this year with a 330mm (13”) and 380mm (15”) version of the high-performance laptop. It is the highest performing machine yet from Apple and comes with a redesigned keyboard and stunning graphics display.
As research from Apple IT management specialists Jamf shows, 52% of enterprise organisations now allow employees to choose their own computers, and those employees are increasingly turning to Apple, with 72% choosing Mac devices. Jamf surveyed 580 companies globally for the research.
Tech web site TechAdvisor.co.uk gave the laptop four out of five stars and there will be plenty of Apple enthusiasts looking to get their hands on them. So, what do IT teams need to do to prepare their environment for these new devices?
The place to start when talking about these machines in an enterprise environment is Apple’s proprietary T2 chips.
These promise “a Secure Enclave coprocessor that provides the foundation for secure boot and encrypted storage capabilities,” the vendor says on its web site. “It also consolidates many discrete controllers, including the system management controller, audio controller, and SSD controller, into one.”
The chip essentially ensures all data stored on the solid-state drive (SSD) is automatically encrypted. Through FileVault, file encryption is tied to a specific Mac, meaning even if a thief gets their hands on the SSD they won’t be able to extract anything from it.
This does mean that good data back-up practice is imperative for any MacBook pro user, because a hardware failure could mean all data on that device becomes immediately lost.
This level of performance and security could easily appeal to teams or whole departments within enterprise organisations though, especially in research or creative fields.
Any IT teams looking to bring the new MacBook Pro into their environment should be aware that these are the first MacBooks to not support Apple’s NetBoot/NetInstall functionality.
Since the Mac OS X 10.7 “Lion” release Apple has been shifting away from this time-consuming deployment method towards the Mobile Device Management (MDM) model.
Through Apple’s Device Enrollment, IT admins can automate all iOS devices (including Macs) to be enrolled on an organisation’s MDM solution of choice, giving the ability to apply consistent settings, apps, access and restrictions as standard. This method also means that machines are ready to go the second a new user logs into their new machine.
The beauty of this is that the new MacBook Pros should slot into an existing IT framework pretty easily if your organisation is running an Enterprise Mobility Management programme through someone like Jamf or even Microsoft. However, if you are still running an older, server-based model which relies on manual imaging these new machines could cause a bit of a headache.
For example, the new T2 chips come with a secure boot sequence, the default setting of which is “full security mode”.
As Dave Hornby, UK systems engineer at Jamf, said via email, this means “with full security mode selected any software loaded at boot up (for example the OS itself) needs an internet connection, and to be verified with Apple.
“That last point should set alarm bells ringing for organisations deploying Apple at scale using old fashioned provisioning methods like booting from external drives, or the network to pull down a monolithic “cloned” disk image,” he added. “By the very nature of these two methods, there is no verification with Apple for the integrity of the OS, that the T2 chip requires for the secure boot sequence.”
In short this is just another reason why Apple recommends against monolithic imaging methods.
“The last thing organisations should be doing is trying to reverse engineer the process and continue with trying to achieve old imaging techniques. At the very least, if organisations cannot for whatever reason enrol into DEP, an MDM platform should be looked at for basic management tasks, like remote wiping, remote locking, and disk encryption configurations,” Hornby recommends.
So, all in all these new laptops will certainly appeal to certain enterprise users, and IT teams running a modern MDM platform should have no problems deploying them. For us, this makes the new MacBook Pro enterprise ready, but only for those organisations that are already on that MDM journey.
IDG News Service