When Apple® introduced the new MacBook Pro® with Retina® display late in October, they also unveiled the latest version of Mac® OS X® operation system, Mavericks. With over 200 new features it quickly reached critical acclaim – especially considering the upgrade is free for users as far back as Snow Leopard.
Unbeknownst to the average user, Apple introduced a lot of new business features into Mac OS X Mavericks, which Apple has outlined in their new Mac in Enterprise Webinar series . In order to prepare our clients for the change, and understand the new features, Softchoice recently hosted a webinar. We asked clients to submit questions they have about Mac – and we discovered some interesting trends. Here are the top 3 questions we are routinely asked by clients regarding Mac OS X Mavericks.
1. How can I get my Mac on Active Directory?
The Mac has had the ability to “bind” to Windows Active Directory since OS X 10.5.5 (Leopard®). In current versions of OS X, binding can be achieved on the Mac itself or remotely:
On Mac: Via the Preference Pane “User Groups” > “Login Options” > “Network Account Server” will take you to Directory Utility, which gives you the option to bind Mac to AD, LDAPv3 or NIS (diagram below). This can also be accomplished via the Terminal using manual commands or scripts.
Remotely: Using Configuration Profiles. These can be sent directly to the Mac and installed by the end-user, but ideally Configuration Profiles are managed with Apple Profile Manager, or a 3rd party MDM like AirWatch.
This begs the question – what do you expect Active Directory to offer in the Mac world? The answer is revealed in the next most popular question we received.
2. How can I push policy to my Mac via Active Directory?
Here’s the tricky part. There’s no direct way to apply policies to the Mac from an AD server. OS X doesn’t understand GPO and needs them translated to something it can understand – Managed Preferences. To do this, you need to rely on 3rd party tools, such as JAMF Casper Suite or Centrify.
As easy it would be to just “flip a switch” and have all of your polices translate from AD to the Mac, it’s just not that simple. Perhaps it’s time to take a closer look at those policies, some of which may be a decade old, how they relate to the Mac and the changing world of accessing cloud applications and data. Do you really need to worry about NFS when users can get access to files on Box using their AD credentials?
A lot of what you may be trying to accomplish with AD can be handled with Configuration Profiles, via and Mobile Device Management suite. If you’re not using MDM now for your smartphones and tablets, management of Mac is another compelling reason to explore those solutions with Softchoice’s help. Without MDM in place, it may still be a good idea to bind your Mac to Active Directory so you’ll at least have insight as to what Macs are currently in your environment.
3. How do I secure the Mac on my network?
Mac gets a lot of credit for its robust security, but you still need to take steps to properly secure against malicious threats. I’ve dispelled the myth in the past that Mac gets its “security thru obscurity”.
Mac OS X has plenty of built-in security features that make Mac a tough nut to crack. But a layered approach is highly recommended to keep a Mac as secure as possible in a business environment.
Start with setting the policies and restrictions to avoid exploits in the first place. As mentioned already, translating your GPO to Mac Managed Preferences is one way to accomplish this; using Configuration Profiles via MDM is another. This will allow you to set policies on passcodes, enforce FileVault 2 disk encryption, Gatekeeper settings to prevent execution of untrusted apps, and Firewall settings among many others.
From there, you can protect the Mac from any further exploits with endpoint protection from some of the leading enterprise security vendors: McAfee, Sophos, Trend Micro, Symantec and Kaspersky just to name a few. You may be leveraging these products already to protect your PCs or other mobile devices – you can trust these big players to protect Mac as well.
Of course we received many more questions, some unique to specific environments and situations. To find the answers to even more of the common questions, view the complete webinar and be sure to view Apple’s own on-demand Mac in Business Webinar series as they cover topics such as Integration, Deployment and Manage of Mac.
These are the three most popular questions we receive. If you have questions yourself, please leave them in the comments below and I’ll respond as soon as I can.