Overcoming 5 common IT objections to Macs in the enterprise

Introduction

Despite continued growth trends and case study after case study of organizations that continue to adopt Mac in enterprise successfully, there can sometimes be considerable pushback from IT against supporting macOS devices for work.

Often, these objections come from perceived challenges of managing macOS and the impact supporting multiple platforms has on an organization’s security posture.

To be fair, supporting devices across multiple platforms can introduce variables that make managing and securing device fleets less straightforward compared to a single OS. But as with all things technology-related, with a little planning and the right solutions, managing Mac computers alongside Windows PCs can not only be simplified but the provisioning process can be automated – making deployment, management and security a breeze for all stakeholders.

In this blog, we take a look at and debunk five common myths to show IT that deploying, managing and securing Mac in the enterprise – when done correctly – can be an easier workflow than doing the same with Windows devices.

Myth #1: Macs are too expensive (cost)

Probably the most common objection to Macs in the enterprise is the cost associated with procuring Apple computers in the first place. Oftentimes, opponents of using Mac devices for work cite the upfront costs as being prohibitive. But IT leaders understand that more goes into deriving value than just looking at upfront cost.

Given that Apple tightly controls its supply chain, the high-end components it uses, combined with its industrial-grade design, allow Mac computers and laptops to deliver long-term savings through greater durability than many PCs. This results in a lowered Total Cost of Ownership (TCO) thanks to providing end users with apps and services available out of the box while requiring fewer repairs.

Another measure of value to business operations is the Return on Investment (ROI) for Mac. Not just a financial metric, ROI quantifies benefits that are key to the organization over the lifecycle of the device. In the case of Mac, Forrester recently conducted a Total Economic Impact (TEI) study on adopting Macs in the enterprise, and here are some of their key findings:

• Management and device support costs were reduced by one-third.
• Greater energy efficiency equals consuming 56% less energy than PCs.
• Risk exposure from internal/external data breaches decreased by 15%; from lost or stolen assets, it decreased by 90%.
• Employee productivity increased by 3.5% due to device performance and reliability.
• Residual value averages 15% for PC and 30% for Mac after four years of use.

Myth #2: Our infrastructure is designed for Windows (compatibility)

IT veterans who supported Mac and Windows will surely remember binding macOS to a Windows domain to enable support for authenticating with Active Directory credentials. Much to their frustration (and that of end users), when the connection would mysteriously “break,” new users were unable to log in, while those who were currently logged in would be unable to access company resources over the network.

“Thank the maker” for the shift to a cloud-based authentication!

Because of this, macOS compatibility thrives with seamless support for major enterprise applications, like Enterprise Resource Planning (ERP) and Customer Relationship Manager (CRM). The shift to the cloud has bolstered support for cross-platform software tools deemed a standard for business continuity, like productivity (Microsoft 365), messaging (Slack) and collaboration (Zoom), among thousands of others.

On the IT side, the key to minimizing the complexity of managing Macs alongside Windows lies in enabling support between enterprise solutions. And the way to do that is via integration. Consider the following widely used solutions as examples of how integrations allow Macs to play in Windows playgrounds seamlessly:

• Microsoft Entra ID: Centrally manage user identities and permissions.
• Okta Single Sign-On (SSO): Secure access to apps and services.
• Splunk: Gather and analyze endpoint telemetry data for data-driven security decisions.

Myth #3: They are difficult to standardize and maintain (management)

Managing the device lifecycle doesn’t occur in a vacuum – this same rule applies to any platform. Critical features like same-day support for updates and security patches, app deployment, and policy-based compliance enforcement are key to Windows and Mac management.

Just like Windows management is optimized when solutions provide native support, the peak of Mac management is achieved when native support for its architecture is provided. Not only is device performance maximized, but the user experience is maintained. Furthermore, automation allows device provisioning without having IT ever touch a Mac, deployment, and enforcement of secure configurations, and saving admins time by keeping apps and system patches up to date automatically.

Chances are that device counts outnumber IT by the hundreds, thousands, or tens of thousands to one. Because of that ratio, IT needs to work smarter, not harder. Spending precious human capital on critical yet repetitive tasks means admins aren’t utilizing their skills (or time) to enhance processes and workflows that further support business operations or drive enterprise initiatives.

Myth #4: Macs introduce a vulnerability in our network (security)

Apple’s commitment to security and privacy is unmatched in the industry because both are core tenets of its philosophy when designing hardware, software and services. Because they believe “privacy is a fundamental human right,” controls and options are built-in that rest control over when and how apps use data in the hands of end users, according to Apple’s Platform Security.

Robust software, services and functionality that underscore this commitment to security are:

• End-to-end encryption: Data at rest and data in motion, including communications through iMessage.
• Gatekeeper: Prevent compromised apps from executing through code-signing enforcement.
• Secure Enclave: Safeguard authentication through biometrics and protect data with a dedicated security coprocessor.
• Secure Boot: OS integrity validation in the chain of trust, including signature verification of system code and security policies upon boot.
• Transparency, Consent and Control (TCC): Control app access to user data with granular settings requiring explicit consent to use hardware components, upholding user privacy.
• System Integrity Protection (SIP): Restrict overwriting critical system files while preventing kernel modifications in memory.
• Lockdown Mode: Reduce risk for executive-level targets of sophisticated threats to limit attack surfaces for exploitation by advanced persistent threats (APTs).

Some key steps IT can take to minimize risk and mitigate vulnerabilities with macOS are:

• Provision Macs through zero-touch deployment so they’re secure and ready to use right out of the box.
• Establish a security baseline by applying secure configurations to Mac and enforce compliance using policy-based management.
• Deploy managed apps from trusted sources, like the Apple App Store or Jamf App Catalog, which validates app integrity and automatically keeps them up to date.
• Implement automated patch management processes so that macOS always runs the latest version and known vulnerabilities are mitigated.
• Integrate endpoint security and identity and access management (IAM) into management for a comprehensive, holistic solution across your infrastructure.
• Actively monitor endpoints and analyze telemetry data to quickly identify non-compliance and/or threats.
• Seamlessly integrate with SIEM solutions, like Microsoft Sentinel and Google Security Operations, for deep insight into endpoint health and aiding threat hunting.
• Automate incident response by maintaining a baseline security posture, aiding incident response and executing remediation workflows.
• Prevent network threats, mitigate credential misuse and restrict compromised devices from accessing enterprise resources with Zero-Trust architecture.
• Iteratively manage device inventory and repair requests throughout the Mac’s lifecycle.

Myth #5: We’re experts with windows – not apple (knowledge)

Security is not one size fits all. Different software will offer varying levels of solutions; the key is to find the solution that meets the unique needs of your enterprise. This applies equally to all platforms.

Despite Microsoft holding a dominant market share in the enterprise, Apple’s growing demand among employee choice programs combined with:

• Minimal TCO and maximum ROI values
• Compatibility with enterprise software
• Ease of standardization and management
• Data security while preserving user privacy

Signal that Mac is more than ready and capable of handling productivity workloads while adding value to business operations – not taking away from them.

A critical point to consider, however, is the role that knowledge plays in setting up enterprise workflows and processes to manage and secure Mac alongside Windows to eliminate security gaps that represent a risk of data breaches. With this in mind, Jamf for Mac works with – not in place of – solutions like Microsoft Intune. By integrating both, IT can extend management and security, maintaining compliance across their entire infrastructure with parity.

Another crucial aspect of successfully integrating management and security for multiple platforms is training to build upon the skills Windows admins have developed to bridge the gap in understanding how to achieve an equally strong security posture with Mac endpoints. Jamf offers a variety of instructor-led and self-paced courses to help build your IT team’s knowledge and comfort level working with Apple, as well as delivering tiered service agreements so that your experts get the help they need when they need it from our team of Mac experts.

Conclusion

By debunking these five myths, it’s clear that commonly held IT objections to Macs in the enterprise are nothing to push back against. Rather, IT directors and admins alike should embrace the benefits that adopting Mac will yield – from a lower total cost of ownership, industry-leading security and privacy controls, and compatibility with enterprise applications. Managing and securing Mac alongside Windows computers through powerful solutions enhances productivity and streamlines comprehensive workflows, enforcing compliance while holistically extending protections across the enterprise. Lastly, investing in solutions and training will ensure that IT supports both platforms without added complexity, freeing them to focus on delivering value to stakeholders while leadership aligns IT with business operations and goals by maintaining security, efficiency and cost-effectiveness.