What operation is almost as risk-averse as a NASA launch? Integrating enterprise-level IT support for Apple comes close. It may not be rocket science, but we know you have questions, so we’ve gathered some of the most common ones we receive, along with our best answers.
As a leading enterprise Apple IT integrator,* we’ve seen our share of questions and even a few misconceptions from the IT leaders we serve. They’re looking for peace of mind and assurances that integrating Apple into their Microsoft environment won’t disrupt the whole IT structure or compromise security, budget, and productivity. The good news? We understand these needs, and have structured our IT support offerings to address them. More good news? You will be pleasantly surprised at some of the answers to the following common questions. Let’s take a look…
Yes, Apple devices are between 5-10% higher in cost when comparing specs. When you compare midline Apple devices to the lowest end of the competitor, it skews much higher – Apple doesn’t have a lower end in the same way that PC manufacturers have a low-end device. Apple devices last longer; if you do your CAPEX budget right and you’re figuring in the depreciation value, which is then amortized over the life of the device, they’re actually cheaper than PCs. Finally, you need fewer people to manage them, so they are the more affordable option holistically.
Do I have to train (or retrain) my support staff to support Apple?
Generally, no. This is a natural question at the start of an engagement because most clients are looking at Apple integration as a discreet project that will better fund the PC side. The value that we bring is that we take Windows techs and help them navigate confidently in an Apple environment. It’s rare that anyone under 40 hasn’t had experience with Apple products, and about one in five has significant pre-existing knowledge. Apple trains by assuming you don’t know much at all. For Cranston, it’s about learning to support Apple at your company in a customized way, so that we are training by augmenting your staff’s knowledge.
My leadership is concerned about the “Apple Tax.” What is that, and how do we avoid it?
There’s a perception that when you deal with Apple, you are getting nickeled and dimed because you need adapters – a.k.a., dongles – to make all of the peripheral connections work. This is not entirely true, and Apple Tax is a politically charged term. The big difference is – leadership is often not used to the Apple world, where all of the expense is upfront. You may spend more on devices, apps, etc., but then the pain is gone for the rest of the project. Maintaining is much more effortless than with PCs. To support PCs, you need on average a ratio of 1:150 (staff to users). For Apple, that ratio is 1:500. Systems are cheap; people are not.
I heard that you need to buy a bunch of adapters to get anything to work. Is that true?
It used to be true. Apple was more aggressive in going to the USB-C standard. New Apple systems have separate ports for power, HDMI, USB-C and SD card, and they’ve regained their mantle as the best laptop. So essentially, M1 units now have three-day battery life and no adapters for most users.
Some people claim that Microsoft products and Apple work better together now; what can you tell me?
Absolutely true. Microsoft has 500 people who use Macs – and they’re based in Microsoft HQ. Office integration isn’t perfect but much better now. Azure – the MS cloud offering – is integrated well with Apple. Businesses that are up to date on MS tech will have no problem; you’ll have issues if you are behind on MS tech.
We have robust audit and security needs, and I’m concerned that integrating Apple will complicate and reduce our security posture.
Audit and security are legitimate concerns because the nature of hacking over the past decade has changed radically. In the 90s, it was really just pranking. In the 00s, hackers turned to corporations. After 2010, we began to see government-sponsored, targeted hacking.
Just like Windows, there are comprehensive security tools available to successfully secure and audit macOS workstations. Apple has made security and privacy a primary focus in recent years. They provide basic tools like seamless OS updates, full disk encryption, MDM management profiles and malware protection baked into the OS, this can be augmented with enterprise grade 3rd party security solutions and SIEM tools built specifically for macOS.
There isn’t really any value to having Apple devices in our Company. They are just overpriced toys that fanboys want because of the cultural vibe. Why should we bother with expensive Apple products when Windows machines can do the same thing for much less cost?
This is a common opinion among some techs – keep in mind that it’s not about Apple’s behavior; it’s about choices other people make, retaining associates, and attracting new talent. Apple devices are arguably better designed and more appealing, a claim given proof through third-party awards and design experts. They’re not toys, though. People in your organization just want to use what’s familiar and most effortless for them to use. Workers should have a right to choose their tools. Some people work better when using Apple equipment. In addition, offering the option of working with Apple devices can ultimately help you attract and retain talent.
As for the expense question, again, the cost with Apple devices is upfront. Studies from various organizations have shown the total cost ownership is actually less given its longer lifetime and lower support requirements.
We spend a lot of money on software. I don’t want to license everything again just because of Apple. Is there a way to avoid this?
We agree, don’t increase headcount. When macOS devices are a subset of your total installed base, it’s typically not necessary to add support personnel dedicated to supporting Apple. With good management practices, you’ll get baseline techs to be conversant with Apple in about two weeks. A lot of it is demystification, showing them where they can go for info on the web, helping them understand core concepts of macOS support, and training them on the basics of using Mac-specific management tools.
We’re here to be your guides and safety net to make Apple devices work well in your environment. We help implement the best MDM platform and train, educate, mentor, and consult with your existing department on its use, working alongside them for the best results. Our goal is to help your existing IT staff quickly take on supporting macOS Tier1 and Tier2 issues while using us for Tier3 engineering support. Over time, your internal team can take on Tier3 engineering support as desired.
Can you also support iPhones, iPads, and AppleTV?
Most definitely! Management systems used for iOS look a lot like macOS.
What is the best software option for managing Macs? Can I only use tools provided by Apple?
Apple has built a framework for managing both macOS and iOS devices. This framework is built around the concept of Mobile Device Management (MDM). Today, MDMs can include phones, iPads, laptops, desktops, and AppleTVs. It’s a management system that allows IT departments to make changes to devices without having to touch them at all. In Windows, this function is provided by SCCM. For Apple, the MDM framework is open for MDM software vendors, and there are a large number of competitors in this space building MDM solutions. Jamf is one vendor that has been developing MDM software specifically for Apple devices since the very beginning and is considered best of breed for enterprise environments. They are focused on corporate users with heavy Microsoft integration and strict security and compliance regulations. Most major corporations in the US use them, including IBM and Microsoft. Notably, IBM has its own solution called Tivoli and Microsoft has InTune, but for enterprise-grade management they use Jamf.
I’m nervous about using the Apple Mac App Store. Do people have to use their own Apple IDs?
With MDM deployed, users don’t need an AppleID to purchase or install apps for business. Apps can be remotely installed or curated through a self-service portal. With MDM deployed, Apple does allow users to apply their Apple IDs on company devices. They have developed ways to keep company data safe while still allowing the freedom to use personal Apple IDs. Ultimately, the use of Apple IDs along with iCloud on employer-owned devices is a security policy decision that will vary based on the organization and its security needs.
I’ve heard that Apple hates Enterprise/Corporate customers and is basically a consumer electronics company. How are businesses dealing with this attitude?
This is a basic misunderstanding, and one that can be cleared up pretty easily. For Google, the user is the product. Their business model is to mine, collect, and resell user data for profit. Microsoft’s primary focus is business software. It earns revenue from Windows, Office, cloud services, and hardware vendor licensing fees that it gets from businesses.
Apple’s business is selling devices to individuals. Its philosophy is that each device is “owned” by an individual and its management philosophy reflects this. In years past, this individual-first focus was at odds with the needs of a company to manage a device to meet security requirements. Apple has taken huge steps to address this problem. The current MDM framework was built from the ground up to protect both the individual’s privacy and the company’s data. When properly deployed, companies are able to manage devices, protect business data, and maintain user privacy in a way that is not possible with Google or Microsoft.
I think Apple might be a good idea for our company, but I’m getting push back from decision-makers on the ability to integrate, support, and manage Apple devices. Is this something you can help with?
Cranston can definitely help you do this. Our engineers have spoken publicly about this at conferences, as a keynote and on panels, including a MacTech conference, the Jamf national user conference, and a MacSysAdmin conference. Just click here and fill out the form, and we can work together on this.
*Cranston IT is the largest Apple dedicated IT services provider in the Great Lakes region. Since 2005, we have served thousands of clients as a member of the Apple Consultants Network. We also partner with Jamf, Addigy, and Filewave.