Enterprise is resistant to Apple, not the other way around.


Imaging is Dead.

Computing has moved from desktops to laptops. Imaging stems from a world driven by desktop class computers that never moved and were expected to be the same. Imaging has several weaknesses.

  • Time consuming. Takes a long time to build and test images.
  • Dependent on Model Specific Builds. (AKA Forked)
  • High Maintenance
  • Adds complexity

When to roll back to imaging.

  • Lab scenarios where all computers should be configured the same
  • When handing the device to a new user.

Agile Deployment

Agictive: Able to move quickly and easily

Hand user a brand new machine with simple instructions to connect to wifi and walk through the setup assistant. Use DEP to push Munki configurations so all packages and needed software get installed. Utilizing a private app store allows the user to setup their computer to their liking. This gives users a sense of ownership over the deviec, along with a sense of trust with their IT department.

Problems with DEP

  • Relies on internet connection. If no internet connection, no DEP
  • Setup does not wait for enrollment to complete
  • Password policies are no enforced during setup assistant.
  • User created at Setup Assistant is an admin

Comming soon to DEP

  • Setup assistant will require internet connection to continue
  • Setup waits until MDM enrollment is complete
  • Password policies are enforced during setup assistant
  • Ability to toggle admin rights for user in setup assistant
    • Also have the native ability to add an admin account

System integrity Protection

  • Certian files in the opperating system are locked to only writable to the OS. Apple pitches this as "Unbreakable OS"
  • Sounds a lot like iOS, alludes to quick backup/restore of the Mac OS. We don't image iOS

Too much "system management" is admins imposing their own personal preferences.

Best practice will be to keep OS X as close to vannilla configurations as possible. Ideally customizing configurations specifically for the orgnization will be a good idea, but don't go overboard. Change the desktop wallpaper to a organization appropriate, make the dock more productive and enable essentiall preferences. Don't change the dock's location or nonsense like that.