Current state of zero-day support
“Zero-day support” has become a buzz phrase among IT groups, but what does “zero-day support” really mean? You’ve likely seen it before — a new operating system comes out and every device management solution under the sun claims they’re ready with zero-day support for the operating systems and their new features. Sounds like a great deal for IT and users, right? No matter what vendor you select, you’re going to be supported immediately, right? Not quite.
As quick as their hands shoot in the air touting zero-day support, they just as quickly (and much more quietly) caveat with “many new features have support limitations or restrictions.” This begs the question, if a device management solution doesn’t actually ship support in their base product on day zero or provide details on how to support multiple key features right away — does this really constitute as zero-day support? Furthermore, does just shipping something on day zero actually qualify as zero-day support?
We think not.
“Support” is a tricky and misused word. Management vendors must know what to support, and what additional functionality must be added for each release. Often, device management vendor’s claim of “support” actually means that new features such as configuration profiles are not included in their base product on day zero. This leaves their customers to piece it together.
In addition, supporting new configuration profiles is only a small part of supporting the latest Apple operating system release. Vendors must also support new mobile device management (MDM) commands, like Lost Mode, and all Apple services (Device Enrollment Program, Volume Purchase Program and Apple School Manager).
Vendors’ claims of “same-day” or “zero-day” support may not include support for these programs. Rather, they are simply supporting the base operating system so that devices (hopefully) don’t break. While compatibility is key to preparing for Apple upgrades, if a vendor doesn’t support and enable new features, they are not truly supporting the latest Apple technology.
It starts with the betas
Apple’s fall operating system releases provide an average of three months of beta availability. Apple’s spring operating system releases, which are more significant for management in the enterprise, usually provide about seventy five days of beta availability. This poses a challenge for cross-platform vendors who support versions of Windows and Android, and are unable to plan all of their release timing around Apple.
When new operating systems are on the horizon, organizations expect their device management vendors will support the Apple betas as well. Organizations need this support in order to adequately test Apple releases prior to their general availability. New operating system features may appear to be benign, but are in fact incredibly impactful. For instance, the macOS Sierra iCloud Desktop and Documents syncing feature released in 2016 appeared to be a benevolent consumer-focused feature at first glance, yet its release impacted the macOS upgrade and enrollment process, the end user experience, and corporate security practices. If a device management provider doesn’t assess and support new features like these, there can be major ramifications.
Zero-day support for new operating systems and their betas allow IT to better identify the impact of new features in order to test and prepare their organization ahead of an upgrade. If device vendors don’t support Apple’s betas, customers can’t run a complete test or worse, devices running a beta could be kicked out of enrollment altogether. This is unacceptable for the Apple community, which is why Jamf has a history and demonstrated commitment to compatibility for Apple’s betas.
The zero-day difference
At Jamf, we are dedicated to helping organizations succeed with Apple. In fact, it’s our mission statement. In order to achieve our mission, it is critical that we support all of Apple’s releases either on the day they become generally available or before, and we have been doing so since 2002.
When it comes to zero-day support, we don’t simply offer baseline compatibility, but also new features and workflows. We put our money where our mouth is, which is why we’ve dedicated three engineering teams and an additional 20 team members to ensure users are supported with all the new features from Apple — without any delay.
Why is zero-day support so important?
- Protection from security vulnerabilities within your environment. Old versions of software are always less secure. Therefore, it is in your best interest to encourage your users to upgrade to the latest operating systems to ensure you don’t fall prey to data breaches and system vulnerabilities simply because your devices are out of date.
- Minimize downtime. When it comes to new operating systems, IT groups must choose the upgrade path best suited for their environment and prepare end users accordingly. For macOS High Sierra, IT can pre-cache the macOS installer, so it doesn’t have to be downloaded by the user. IT can even schedule the install if they know devices will be online and not used at a certain time. When you don’t have true zero-day support, you can’t take advantage of the most efficient upgrade paths available or worse, existing workflows break and users experience downtime.
- Keeping end users productive. The latest operating systems introduce new features that support greater efficiency and productivity. When you don’t have true zero-day support, you inhibit your users from taking advantage of helpful functionality, such as better multi-tasking with a new dock and the ability to drag and drop content between apps in iOS 11.
- Keeping your end users happy. Apple makes it really easy for end users to upgrade within minutes of a new release. The ease of upgrade combined with compelling new functionality motivates millions to click ‘update’ the moment new software goes live. In turn, Apple users expect to be able to successfully update their device(s) the day a new operating system becomes available. By fully supporting zero-day upgrades, you ensure this expectation is met.
And a bonus for IT: You get access to new management features! This includes new and improved capabilities for Apple device management, and the ability to customize and configure new end user features based on the unique needs of your environment. True zero-day support also eliminates the headache of running out of date operating systems and supporting old application versions.
Not all zero-day support is created equal
To help you wade through the zero-day gimmicks, here are a few things you should confirm your Apple management vendor offers before putting your name on the dotted line:
- Active beta programs that provide you with the ability to test compatibility with Apple’s beta software. At Jamf, we host our beta program on Jamf Nation.
- A proven track record of delivering zero-day support for previous Apple releases. At Jamf, we announce zero-day support on jamf.com and send emails to each one of our customers. See our history.
- Videos, documentation and digital content to fully demonstrate the management tool’s ability to support new features. Simply seeing a list of new features from Apple doesn’t equate to support.
- Actually building support for new key features into the user interface of the management console, instead of just relying on other tools to create and upload configuration profiles.
You’re in IT. You’re smart.
We’re sure you’ve done your homework. We’re just posting a public service announcement because we’ve heard horror stories of other vendors sending their customers an email warning them of potential issues, lack of support or worse – a halt on upgrading to the latest operating systems altogether. This last point is most troubling due to the fact that IT teams cannot stop iOS users from upgrading... so if their management software doesn't support the new release, user upgrades can break business processes and IT workflows. The moral of the story: read between the lines when vendors claim to offer zero-day support.
It’s impossible to offer the best user experience and leverage Mac, iPad, iPhone and Apple TV devices the way Apple intends if you’re not immediately supporting the latest features.
We’re here to help make this OS upgrade season your best one yet. And when we say zero-day support, we mean zero-day support. But don’t just take our word for it. Do your homework on us, too.