This week’s newsletter has many links to great posts by MacAdmins. (Thanks to all!) But we also got the surprising announcement that Apple is (re-)entering* the MDM market with “Apple Business Essentials.”
The Fusion of Apple MDM, Identity, Patching & Security.
Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.
Click here to learn more!
First of all, Apple Business Essentials (I am going to risk the scorn of Apple Marketing and abbreviate it as “ABE”) will be in beta until “Spring 2022.” The beta and presumably the release is US only and limited to businesses with less than 500 users, though each user can have up to three Apple devices. The subscription includes extended iCloud storage for the managed Apple IDs (50GB to 2TB) and, after release, can include “prioritized AppleCare support” with onsite repairs. (Prices including the AppleCare support are not known yet.)
The introductory video and page are nice. But there is a lot more information in the Apple Business Essentials User Guide. (You can also find a PDF with some information for the ABE beta program in the AppleSeed for IT downloads.)
Overall, this looks like an interesting new offering from Apple, as long as your business matches the target audience. It looks as if ABE uses MDM commands only, with no local agent other than a “Apple Business Essetials” self-service app. This is standard for iOS and iPadOS, but will make the management options for Macs very limited. For many MacAdmins this will disqualify ABE for “serious” Mac management.
Keep the target audience in mind, though. For many organizations managing iPhones and iPads in business will be the main benefit of ABE and enforcing some management settings on the Macs will be a nice bonus. After all, even the little management possible with MDM commands will be better than no management at all.
From the user guide we can glean a few more interesting facts: the Apple Business Essentials web interface will replace Apple Business Manager for managing business Apple IDs, volume purchase of Apps & Books and assigning devices to MDMs, including MDMs other than Apple Business Manager. It is unclear if all ABM users will get the new interface. I imagine the iCloud storage options for Managed Apple IDs will be available to all ABM accounts, maybe even the business AppleCare subscriptions. In that case, ABE could replace ABM for everyone, even when you use a third party MDM, but the ABE management features will only be unlocked when you get the ABE subscription? We will have to wait and see.
Apple is targeting the “low-end” for device management. They are competing less with Jamf Pro and Workspace One, and more with Jamf Now, SimpleMDM, Mosyle Business, Kandji and Addigy. But when you look at the feature set, Apple’s cannot really compete with any of these, but they provide a minimal or, well, “essential” step up from “no management.” It’ll be up to the vendors to provide features and value above this new, essential, base line.
Overall, I think this is an exciting and promising announcement. There is also the hope, that since Apple is now building and selling their own management system*, this will result in improvements to the MDM protocol and Apple platform management for all. The Spring release of Monterey and iOS 15 should be very interesting.
*Apple has been and still is selling Profile Manager as part of the macOS Server app. Nevertheless, MacAdmins consider this a “reference implementation” at best and Profile Manager is not recommended for use in production at any scale.
Oh yes, we also got new beta2 for macOS 12.1 and iOS 15.2 (and siblings).
If you think your company or product is a good fit to sponsor this newsletter, please contact me!
If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)
Apple Business Essentials
- Apple introduces Apple Business Essentials – Press Release
- Apple Business Essentials User Guide
- Manage device suppliers in Apple Business Essentials)
- Edit a third-party MDM server configuration in Apple Business Essentials
📰News and Opinion
- Will Apple honour its promises on OCSP certificate checks? – Howard Oakley
- Apple should take a break from annual iOS and macOS updates – Chaim Gartenberg, The Verge
- Could Apple’s new MacBooks signal a change in direction on security? – Thomas Reed, Malwarebytes Labs
🐟macOS 12 Monterey and iOS 15
- Apple fixes bug that caused macOS Monterey update to brick some Apple T2 Macs – Andrew Cunningham, Ars Technica
- Disk Utility now has full features for managing snapshots – Howard Oakley
- macOS Monterey : réintégrer un Mac dans Apple Business Manager – Guilaume Gète
- Disable Python Deprecation Warning – Michael Rieder
- Create a new Xsan on macOS Monterey – Eric Hemmeter
- Downgrade macOS Monterey without USB Drive – Michael Rieder
⚙️macOS and iOS Updates
🐦MacAdmins on Twitter
- Mr. Macintosh: “Apple has released a new Intel T2 BridgeOS Update (19.16.10549) The previous version for 11.6.1 and 2021-007 is 19.16.10548. I do not see an associated OS update that goes along with it. Could this BridgeOS update fix the bricking problems for some T2 Macs?”
🔐Security and Privacy
- Apple Private Relay and Jamf Private Access – Jesus Vigo, Jamf Blog
- How we rolled out security keys at Twitter – Nick Fohs and Nupur Gholap, Twitter
- Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users – Lorenzo Franceschi-Bicchierai, Motherboard
- Analyzing a watering hole campaign using macOS exploits – Erye Hernandez, Google Threat Analysis Group
🔨Support and HowTos
- Tracking Secure Token and Volume Owner users in Jamf Pro – Babo D
- Signs you may have conflicting MDM profiles in macOS – Alan Siu (Note that the new “Apple Platform Deployment” Guide has a table which describes the behavior in case of a conflict.)
- Mac to Mac Transfer Speeds – Bryan Heinz
🤖Scripting and Automation
♻️Updates and Releases
- Pacifist 4.0
- twocanoes/loginlog (Swift) (Tweet)
- Munki 5.6.2
- mvdbent/CIS-Script 1.2
- Apple Configurator 2.15
- Apple VP — M1 Pro / Max Questions Answered – Rene Ritchie, YouTube
- Using Gate and Token Manager to Issue Certificates – Twocanoes Software
- Interview With Adam Engst Of the TidBITS Content Network — Command-Control-Power
- Afraid to commit – MacDevOpsYVR
- Rethinking network security for remote work – Apple @ Work Podcast, 9to5Mac
- Why we fail at getting the cybersecurity basics right, with Jess Dodson– Lock and Code, Malwarebytes Labs
🎈Just for Fun
- Stack Overflow’s copy / paste keyboard is no joke – Jon Porter, The Verge
- Apple ID Wallpapers — Basic Apple Guy
- Apple’s Color Revolution — Basic Apple Guy
If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!