By Jason Snell
March 31, 2022 8:00 AM PT
Apple in the Enterprise: A 2022 report card
Note: This story has not been updated since 2022.
Last year, device-management startup Kandji approached Six Colors to commission a new entry in our Report Card series focusing on how Apple’s doing in large organizations, including businesses, education, and government. We worked with Kandji and the hosts of the Mac Admins Podcast, Tom Bridge and Charles Edge, to formulate a set of survey questions that would address the big-picture issues regarding Apple in the enterprise. Then we approached people we knew in the community of Apple device administrators and asked them to participate in the survey.
This year, we’re repeating the process. Over the last couple of months, we took the temperature of 71 admins, roughly half of whom report that they manage more than 1000 devices. (If you’re an admin who didn’t take the survey, feel free to fill it out.) They rated Apple’s performance in the context of enterprise IT on a scale from 1 to 5 in nine broad areas.
Below, you’ll see the survey results, plus choice comments from survey participants. Not all participants are represented; we gave everyone the option to remain anonymous and not be quoted. Though Kandji commissioned this survey—and we thank everyone there for doing so—it had no oversight over the survey results or the contents of this story, which was compiled by Jason Snell and the Six Colors staff.
Overall scores
In general, scores were up a bit from last year’s survey. Apple’s strongest results were the same as last year: its hardware and its commitment to security and privacy. The company scored worst on macOS identity management.
Now that there have been two surveys, we can compare last year’s scores with this year’s and see how sentiment has changed. Except for macOS identity management, which took a drop, and security and privacy, which remained the same, all scores were up. Biggest moves were software reliability and deployment, followed by the future of Apple in the enterprise.
Here’s what Tom Bridge of the Mac Admins community had to say when viewing the final results:
“There’s no question that over the last year, the Mac’s position in the Enterprise has improved, and that’s in no small part thanks to key changes made to macOS Monterey. With increased reliability, the addition of new software update commands for MDM, and the improvement of return to service workflows, Apple is working to make Enterprise admins happy.
“It’s not all roses, and the identity management score should come as no surprise to Cupertino. Though Apple announced recently that they intend at a future date to work with Google Workspace to federate Managed Apple IDs, this still leaves many customers having to provision users by hand — yes, in 2022 — instead of through automated methods of some kind. An important note here: Apple made their announcement concerning Google Workspace after the close of this survey, and while it is welcome news, it is also not yet released. Perhaps there will be some improvements in the score for next year.”
Though we asked participants for the number of devices they administer and whether they work in business or education, the truth is that very few of the scores varied between any group. If there’s a notable deviation between groups, we’ll mention it in the section for that category.
This year we also asked three new questions focused on what’s happened in the last year. The panel scored the Mac’s transition to Apple silicon as a 3.9, or a solid B+.
We asked about the pace of their adoption of new Apple operating systems this year, with 37% of responses indicating that it was faster than usual, 51% saying it was about the same, and only 13% saying it was slower than usual.
Bridge’s analysis: “The score that showed adoption rates as ‘same’ or ‘faster’ being 85%+ is a good health indicator of the OS within Enterprise environments. Security & Privacy and Hardware Quality are leading the way for Apple, and this year’s entries into those areas are lovable products for the Enterprise audience.”
We also asked about Apple’s new Apple Business Essentials service to see what interest there was from our panel. 21% said they were not interested in trying it, 19% said they might consider using it, 4% said they tried it and dropped it, and 3% said they were currently using it. A whopping 48% said they had no opinion or that the service wasn’t relevant to them.
Bridge: “This feels right to me, also. Most organizations have an MDM that they use and love now, and the current release of ABE is not for them. That’s just fine. Apple has a market to build, and wants MDM available everywhere for small businesses of all sizes at reasonable prices.”
Read on for detailed results from each category, with commentary from panel participants.
Enterprise programs
Grade: B- (average score: 3.4, last year: 3.3)
This category features a slightly lower than average score (3.2) from panelists who support between 500-1000 devices. The most common recurring complaint is that Azure Active Directory is still the only option for federated authentication.
Luke Charters wrote: “It feels like there are incremental improvements slowly trickling out. Handoff and Sidecar features for Managed Apple IDs are sorely missed. It’s crazy that I can’t turn on Activation Lock via MDM on a Mac as I can with iPhones and iPads. Azure being the only federation option in School and Business Manager is also mind-boggling.”
James Smith wrote: “MDM continues to take small steps forward each year, but the robustness around Software Update is not where it should be.”
Kevin Williams wrote: “Apple has made steady progress since we started with various versions of the enterprise systems for schools. The difficulty has been the number of pivots and whole-scale changes as they went from one solution to the next. Since the deployment of Apple School Manager (which we joined at the beta), it has steadily improved to the point where it is a reliable and predictable tool to manage our users and devices, including third-party integrations to automate from our school systems.”
John Welch wrote: “I think there are some areas they could do better in, in particular (actual) high-security needs. The improved support for PIV/CAC cards has been significant, but better support for integrating things like Touch ID into sudo auth has been sketchy at best—the current methods don’t survive updates well. Better auditing for the use of admin auth would also be greatly appreciated by the high security/government/government-adjacent community. As well, and this has been an issue with Apple for a long time, getting information out of Apple if you don’t already know where to look is remarkably tedious. Apple has a lot of useful information, but if you aren’t blessed with an enterprise rep already, it’s not always easy to find.”
Mischa van der Bent wrote: “Would love to see implementations go a bit faster. I’m working in the EMEIA region, and sometimes it takes a while for us to get new features. For example, Apple Business Essentials is U.S.-only for now.”
Todd Ness wrote: “Overall, things are pretty much status quo. I was a little disappointed in the short end to Intel Mac availability, though.”
Cameron Kay wrote: “There have definitely been improvements, but more work is needed.”
Charles Edge wrote: “Overall we continue to see steady progress on the enterprise programs provided. There are always going to be more things we want to have, but we see progress. The APIs Apple provides for device management continue to mature; for example, with the addition of declarative management, we got new tools in our toolbox at the API level, even if not all of the vendors support that feature yet. Apple also released unified documentation for its enterprise programs this year. The most substantial place many of us would like to see new options is in the ecosystem of tools or paradigms we have to work with. That includes identity management. The Azure identity works well, but we’d like to see other vendors supported. That said, identity is not easy, and the standardized protocols and implementations of those are constantly maturing. That makes it difficult to roll out changes.”
Joel Housman wrote: “Being able to purchase computers from Apple through their enterprise portal and having them come pre-enrolled for zero-touch setup with our MDM configured has been amazing. I can set up a computer for a user in less than 30 minutes. By contract, our Dell Latitudes take me several hours to image and lots of manual work to get them in the proper state to send out to an employee.”
Rick Heil wrote: “Apple’s cloud and enterprise services continue to be the 3.6 roentgens of the management world—not great, not terrible. Stability seems to be improving over the last year, but features still don’t quite meet the grade for enterprise flexibility and manageability, are limited in scope or integration, and almost exclusive focus on ‘click ops’ instead of being API available or driven.”
Armin Briegel wrote: “There were two big changes in this area in 2021: declarative device management and Apple Business Manager. Both are in early releases, with limited access. Apple Business Manager is in beta, limited to US organizations, with a very limited feature set. Declarative device management is limited to BYOD-style deployments and iOS only. It is intriguing and promising that Apple is choosing to progress in both of these areas, and it is understandable that they are moving carefully. Business Essentials teases managed corporate iCloud storage and AppleCare for organizations. Hopefully, they will be made available to organizations using other management systems as well. However, organizations still cannot volume purchase in-app purchases or subscriptions and still cannot federate to identity providers other than Azure AD. The new unlisted applications feature in the App Store might provide some workarounds here, but it still adds complexity. With Apple Business Manager, Apple is now also a consumer of the MDM API. This gives me hope this will create some pressure as Apple Business Manager customers, and developers demand features from the MDM team directly.”
Viktor Glemme wrote: “Still way too U.S. centered. A lot of programs are hard to manage outside of California and especially if you have to support organizations that span multiple countries.”
Stephen Short wrote: “Apple Business Manager is still frustratingly too simple. My organization recently enabled SCIM provisioning using Azure (even though our primary IdP is Okta). The entire experience of “taking over” personal Apple IDs that use your organization’s domain is very clunky. Admins need to know the specific accounts that will cause merge/takeover issues before the feature is enabled. You get locked into a 60-day countdown before your organization can fully control an account, and you don’t know the scope of which users are affected unless they proactively contact IT to ask about a message from Apple. Don’t get me started on the workaround/remediation for Developer IDs that use your organization’s domain!”
Kale Kingdon wrote: “I feel Apple’s enterprise solutions have not drastically improved from where they were last year, and while certain portions like enrollment framework are rock solid, other systems like Managed Apple ID Creation and Apple School Manager SFTP Uploads remain completely unchanged from their initial, poor implementation.”
Robert Hammen wrote: “The good: we got some long-needed Mac functionality that’s been available on iOS for years: Erase All Content and Settings, provisional DEP enrollment of modern Macs. Also, update enforcement for macOS (which iOS does NOT have). Also, after much complaining, Apple seemingly learned not to take ABM/ASM down for maintenance/upgrades in the middle of the day during weekdays. The bad: the MDM update enforcement is still super buggy. All deferrals at once, or users get prompts/countdowns, but macOS doesn’t update. I really wish Apple would put some more focus on making sure their features actually worked before shipping an OS. Also, softwareupdated hanging (a problem that existed in Big Sur and Monterey up to and possibly including 12.2) caused all manner of issues for Mac admins, particularly those with Jamf whose recons would randomly hang forever (or until a Mac was rebooted). BridgeOS bricking in 11.6/12.0.1 updates for Intel Macs was also a problem that took way too long to recognize/act upon.”
Mike Stirrup wrote: “Mixed bag of bad and good ideas (Configurator 2 on iPhone for device enrollment) and devices not appearing in ABM when they should when bought from Apple. It’s as if they know it won’t or can’t work every time, so here is a backup plan.”
Sam Schmitt wrote: “Apple seems to think that ABM/ASM are done and haven’t added many new features. Most of the ones seem to be about deploying custom internal apps, which isn’t used by most organizations. Meanwhile, support for other Identity providers for Managed Apple IDs has been requested for more than two years now and still nothing, which makes it a non-starter for many organizations.”
Keion Dorsey wrote: “There have been drastic changes in the APIs and build. This has allowed for more interaction. I would love to see a deeper enhancement with devices and information. Make it easier to update devices in the enterprise, such as lab settings. Let declarative management show update percentage and progress. More direct integration with cloud vendors.”
Graham Pugh wrote: “Some processes have improved, but it remains far too difficult to keep Mac computers up-to-date.”
Adrian Stancescu wrote: “My biggest gripe is that Apple silicon Macs have lost the ability to restore the OS over the internet. It might not seem like a big deal, but it affects the workflow in certain startup/SMB type of businesses.”
Stephen Robles wrote: “Apple Business Manager has been a solid experience this year, and improved with additional tools like Apple Business Essentials. At times, making purchases through the Business portal store can be cumbersome, but it gets the job done for purchasing new equipment. Certificate renewals for Jamf and the API integration have been great, and new devices purchased through the Business Store always automatically enroll to Jamf reliability.”
Mike Caplinger wrote: “They pay just enough attention for it all to keep working, mostly.”
Jason Broccardo wrote: “The overall scope and design of the various programs are fine. It’s the details of the implementation that can break in odd and frustrating ways.”
Brian LaShomb wrote: “Managed Apple IDs are still limited to Azure, which excludes many organizations from using it. VPP is still a mixed bag for macOS, with zero insight for the user on whether their app is, will be, or was delivered. Any issue in this process requires an escalation to IT teams due to the lack of visibility for the user.”
Kevin M. White wrote: “Managed Apple ID is a great idea that is significantly limited by only allowing for Azure AD as a federated authentication source. The fact that Apple still hasn’t integrated with any other identity provider demonstrates a serious lack of effort on Apple’s part. Once again enforcing the impression that Apple doesn’t care about enterprise needs.”
Allister Banks wrote: “The potential of Apple Business Essentials and ‘declarative management’ affecting MDM is promising, but that’s all they are at this point—promises. The programs themselves are not improved and desperately need it. No API to directly interact with the enrollment service (outside of what vendors are allowed to do from a configured and registered MDM) is laughable.”
Bart Reardon wrote: “There has been a clear push from Apple towards improving enterprise services and relations overall, and I’d like to see this trend continue.”
Jeremy Mentzell wrote: “Apple Business Manager continues to be a solid management tool, but the larger “getting started” measures can be confusing. Apple offering the Business Essentials product helps, but its limited availability to only small businesses leaving out government, enterprise, and education markets, seems odd. The larger disconnect between ABM, MDM, the accounts, and various support subscriptions can still leave a sour taste.”
Jing Yao wrote: “Apple has made some nice quality-of-life changes like the ability to manually add Macs to ABM, and the fruits of the Apple silicon labor have reaped niceties like ‘Erase All Content and Settings’ for Mac in Monterey.”
Tomas Gal wrote: “Outside of the US and other very big regions, the program is not fully-fledged—even in EU countries when there is an Apple presence in a neighboring EU country, and there is no language barrier.”
Joel Anderson wrote: “Honestly, there haven’t been many changes to services in the last year, which I think is a failure for a company the size of Apple, and most of the changes made before that were negative—for example, new security features were put in place with no way for organizations to easily manage them.”
Sam Rigby wrote: “ASM/ABM feels like a decent looking front end for a single Mac Mini from 2013 on the back end. Managed Apple IDs are a pain to manage, with limited integrations with Google Workspace (what much of the K-12 world uses for directory and email). There’s a bit of clunkiness associated with approaching MDM solely as an API provider and not building their own MDM. It’s also leaving beloved services money on the table, but I digress. On the other hand, the MDM APIs have gotten much, much better than they were, and we’ve had much more success managing devices over the last few years than in the previous ten or so.”
Enterprise service and support
Grade: B- (average score: 3.4, last year: 3.2)
Panelists who work in education viewed this category much more favorably (3.8 average) than those who work in business (3.2 average).
Mischa van der Bent wrote: “I’m satisfied when working with enterprise services and support! I have the feeling that Apple is changing in a positive way.”
Robert Hammen wrote: “Apple’s documentation is a bit all over the place and lacking in useful detail/examples. Also, it can’t seem to post a changelog to the “Use Apple Products on enterprise Networks” knowledge base entry, forcing admins to make PDFs and diff the list of hosts to see what changed.”
Mike Stirrup wrote: “Limitation on device quantities (minimum of 800 active devices) in ABM means we don’t qualify for the GSX to Jamf integration. Removing this arbitrary figure would help with both support and device refreshes.”
Graham Pugh wrote: “Documentation has slowly improved, but rumors and insider information are sadly often more insightful than official documentation.”
Jeremy Mentzell wrote: “Appleseed seems to be underutilized; massive potential for sharing test cases and communicating feedback in a private community, but I still never see much there or a drive to be there. Feedback mechanisms still seem like there should be differences from Public/Private/AppleSeed beta testers as well as independent vs. private Apple developers-everything externally appears lumped together. Apple Configurator’s public release on iOS/iPadOS was welcomed for helpful for bringing Macs into ABM, but why not iOS/iPadOS devices?”
Fridolin Koch wrote: “Documentation has gotten better, AppleSeed too.”
Cameron Kay wrote: “They are slow to address the feedback and bug reports submitted.”
Kevin Williams wrote: “Despite COVID, they have increased the number and types of virtual events for school IT management. While many are rehashes of the public events, they also have stepped up the number of tech-type events to help schools better manage and deploy devices en masse.”
John Welch wrote: “If your needs happen to align with Apple’s almost perfectly, then it’s amazing. But there are a lot of critical holes, especially regarding macOS. Automation is particularly bad in that there is no one coherent automation framework a la Windows and .NET/PowerShell, but rather a mélange of things that communicate in the clumsiest of ways, leading to AppleScripts calling shell scripts, shell scripts calling AppleScripts, having to bundle entire scripting implementations in an application to call a python script, one automation framework that only works in a user context, other automation frameworks that clearly only exist as a way to run iOS shortcuts and which would not be that useful for many enterprise needs. That’s not to say the iOS integration and support is bad—but Apple clearly views user-created automation as a toy best left to children. In comparison to what MS has done with PowerShell at all levels of their platform, Apple fundamentally has no clue about supporting user-created automation that doesn’t begin and end with Xcode and Swift. Apple’s documentation for any of their automation efforts is at best described as ‘bad,’ and the only reason the automation documentation not being the worst part is that Apple’s support in their own products for automation is so relentlessly abysmal. Apple has the resources to fix this—they currently don’t care to.”
Marcus Rowell wrote: “The Appleseed beta program and documentation of enterprise technologies are significantly improving. Feedback often feels like a black box where you can only assume someone has read your feedback and very rarely receive any indication that someone is acting on it. It does feel that with a coordinated response from the community, Apple is listening now.”
Brad Chapman wrote: “Apple has gotten better at documenting changes in macOS through AS4IT. Feedback Assistant is still a giant black hole. I have had many FBs still open for over a year with no response. Only got traction on an issue by filing an AppleCare for enterprise case plus a Feedback ticket and linking both together by sending the FB number to ACE.”
Todd Ness wrote: “I feel like Apple has gotten better about the seed program making full installers available more often. However, there are still releases that are just dropped on us with no warning, which can make things difficult. Also, notifications about releases are way behind the actual update showing up in the catalog most of the time.”
Luke Charters wrote: “The Apple Platform Deployment and Apple Platform Security documentation is a breath of fresh air coming from hunting through PDFs and having to ask the enterprise support team for basic information. AppleSeed for IT is great.”
Niko Torres wrote: “While this has been steadily improving, and the support representatives are great when needed. There is still a lack of documentation which leads to issues in self-resolution and Apple Support being able to assist.”
Kale Kingdon wrote: “While overall Apple’s beta programs, documentation, and Feedback Assistant are great, enabling solid feedback and testing workflows and should be applauded in industry, Apple’s support process for organizations not large enough to purchase their enterprise tiers is non-existent and downright maddening. Core OS-level bugs can be raised with all diagnostic logs provided, showing it’s a core OS issue, and Apple consultants will not even record the issue without an enterprise support agreement being in place. While Feedback Assistant is meant to be another avenue for reporting bugs, zero transparency is provided, and with ongoing issues still prevalent after multiple point releases, I can only assume this internal policy is ensuring issues are not reaching their relevant departments.”
Stephen Robles wrote: “While I don’t have much experience on the developer side, I often contact my local Apple Business rep at the nearest Apple Store. He is always helpful and compiles quotes for new equipment quickly and accurately. He makes purchasing new equipment a breeze.”
Adrian Stancescu wrote: “This needs to improve a lot. Too much secrecy in regard to the future of macOS.”
Brian LaShomb wrote: “Apple does not allow video recordings of their conference sessions, which often means that if you missed something, you need to do some work to discover what you missed. I hope this changes.”
Kevin M. White wrote: “Apple’s enterprise-grade documentation improves each year. For example, this year, Apple consolidated the previously separate macOS and iOS deployment guides into the single Apple Platform Deployment guide. On the other hand, does Apple even have an enterprise training program?”
Anthony Reimer wrote: “Apple clearly spent a lot of time on documentation this year, particularly Apple Platform Deployment. This is much appreciated.”
James Smith wrote: “Feedback assistant is still not where it needs to be, and I rarely get responses to issues raised there. I’m left to raising tickets through the AppleCare for enterprise program if I actually want traction on an issue.”
Joel Anderson wrote: “If you pay for professional support, it is quite good. Any education organization can join the beta program at the organizational level.”
Allister Banks wrote: “Ye olde ‘please attach sysdiagnose’ for things not tangentially related to what sysdiagnose assists with, the ‘I’d like to close this because I misinterpreted your problem’ nags that turn into a way to close due to inaction, the flurry of mails right as Apple and the US will go on holiday in hopes to close the feedback/radar due to inaction, all maintenance of the broken status quo. Being able to share this crappy experience with my team doesn’t improve the lack of positive results.”
Joel Housman wrote: “Only had to make use of them twice, but felt like we were receiving top-tier, white-glove experience. Overnighted replacement units to us, etc. No hassle in dealing with them to resolve issues.”
Rick Heil wrote: “The management of Appleseed Beta continues to be a stellar way that Apple communicates with enterprise IT folks, and I am seriously appreciative of it. However, Apple continues to struggle with basic documentation practices that other vendors (Microsoft) excel at—including changelogs for documentation, working examples for code and function docs, and discussing roadmaps for deprecations.”
Jason Broccardo wrote: “Likely similar to answers from last year, Feedback Assistant can be a bit of a disappointment. Submitted tickets can go without any fruitful response or just slowly fade out. Apple can’t address all issues at once, but better communication could help.”
Stephen Short wrote: “Apple has done a decent job at updating the AppleSeed portal with release notes that cater to IT admins. The ‘What’s New’ PDFs that arrive following WWDC are very helpful when planning for new macOS/iOS releases, especially before you start installing a beta OS. Feedback Assistant is helpful for reporting bugs on beta releases for organizations that are not paying for an enterprise Support agreement, but it would be nice if there was a baseline free (or lower cost) tier for IT to raise software issues with Apple post-beta cycle.”
Armin Briegel wrote: “Feedback Assistant continues to feel like a black hole which feeds on sysdiagnose logs. But AppleSeed for IT has brought some improvements: most macOS Monterey beta releases now have a full installer and IPSW download available, which enables testing beta deployment and update workflows. The new guides for admins are frequently updated, which is wonderful. However, there are still many woefully un- or under-documented topics for Apple admins, such as installer package creation, custom configuration profiles, and how management automation can best work with the privacy controls (TCC). Much of this documentation is still reverse-engineered and provided by community members.”
Tom Bridge wrote: “Apple’s Documentation teams continue to do incredible work, and their efforts make up much of this score. The new unified Platform Deployment Guide is a masterwork and required reading for all Apple admins. Their new training for Apple Device Management is an excellent place to start for new admins. In addition, AppleSeed betas represent a good program that needs work. The beta notes are frequently very light on details of what’s happening behind the scenes, and while major moves are telegraphed, sometimes minor changes are not given their full attention in the documentation. In addition, a few updates have shipped without any kind of testing.”
Sam Rigby wrote: “Enterprise training and support is lacking. I’m in Maine, which had a robust 1:1 program even before the pandemic, and Apple pulled their team from the state in 2018 or so. A conservative but well-informed estimate (based on what I’ve purchased and what my friends have purchased) on the number of Macs and iPads sold to Maine K-12 schools in the last two years would be 40k (and could easily be as high as 70k), but we have a single sales engineer as a point of contact. He’s very good, but he’s one guy, and so people don’t bother asking him. Beyond the one guy, there are quarterly calls about the latest and greatest, but little more than that. Our state’s school technology and tech director listservs are much more accessible and, frankly, useful than proper channels. On a positive note, Apple quietly announced a new AppleCare+ for Macs that is only for schools that allows for two accidental screen breaks per year per device, and is roughly the same cost as the old version of AppleCare for schools. As someone putting a bunch of Macs in the hands of 12-18-year-olds, that’s truly a wild warranty. I almost don’t want to say anything about it out of fear that it might go away.”
Bart Reardon wrote: “As always, the more documentation we have access to, the better. Appleseed, Apple Business Manager, and AppleCare for enterprise could all do with more integration—a unified portal perhaps by which all these services could be accessed and interact with each other. It would also be useful to have an API to these services that could be used for inventory gathering, and programmatic modification of assets would be very useful (thinking MDM re-assignment, de-allocation, or even device release). A number of these processes still require someone to log in to a portal and do a thing and can’t be automated.”
Hardware reliability and innovation
Grade: A (average score: 4.4, last year: 4.2)
John Welch wrote: “The M* chip and architecture rollout makes me deeply regret my old 17-inch laptop couldn’t have waited a year or so to die that I might have been able to replace it with an M1 Mac. The hardware convergence we see between the various platforms has been a long time coming, and I think it will serve Apple well.”
Kevin Williams wrote: “The jury is still out, as we were bitten by the previous version of MacBook/Air issues—keyboards and screen issues. We are replacing those with M1 Airs as fast as we can, and while we had a few early-adopter issues (Wi-Fi dropping randomly on early Airs, for example), the new devices look like they are going to stand up to the rigors of teacher life better than the last generation of Macs did.”
Bart Reardon wrote: “Taken in isolation, there are obviously things that one could complain about. But when held against other hardware vendors in the same space, there’s almost no comparison. The 14″ and 16″ MacBook Pros took the crown from the 2012-2015 MacBook Pros as the best hardware form and function. (RIP Touch Bar and butterfly keyboard!) Still too early to get a good metric on the instance of warranty claims versus non-Apple devices in our environment for the new hardware.”
Joel Anderson wrote: “The M1 iMac is a great piece of hardware. I just wish it was better priced.”
Mike Stirrup wrote: “Great hardware let down by poor Bluetooth and USB-C connections that disable themselves for no apparent reason, then come back to life after a reboot.”
Luke Charters wrote: “Apple silicon has been great! We just need the Air and 13 Pro to support more than one external display. The base iPad is feeling a bit stagnant at this point.”
Mike Caplinger wrote: “MacBook Pros continue to last longer than most PC laptops.”
Marcus Rowell wrote: “Apple silicon is simply spectacular. Apple’s mastery of the supply chain has seen good availability of devices when most other vendors are really struggling to ship in a timely manner.”
Joel Housman wrote: “Out of 35 M1 Air/Pro machines we bought during 2021, I did have two that had hardware failures, which is a higher rate than I would have liked to see—but again, with the above comment, support made it easy to deal with.”
Armin Briegel wrote: “The new MacBooks Pro with the M1 Pro and Max chips fulfilled and exceeded expectations. Apple is on track to finish the transition in the promised two-year time frame. The expectations set for the remaining Mac product lines are high – it will be interesting to see how Apple meets them. iPads Pro using the same chip as Macs demonstrates that Apple expects these devices can be used for the same tasks. Swift Playgrounds now brings the capability to build apps on the iPad, but overall, it seems that the amazing hardware is still limited by the software.”
Mischa van der Bent wrote: “My comment will be that comparing the cost of the devices, the innovation is behind. Some products are overpriced and give me the feeling that we pay for the Apple logo instead of innovation.”
Tom Bridge wrote: “The 2021 MacBook Pro 14″ and 16″ computers are spectacular machines—I only wish I could get them more rapidly. The 24″ iMac with M1 is also an excellent desktop. Apple’s iOS and iPadOS hardware also come in a solid distribution of price points and device functions. While accessories remain too expensive for their value, Apple is delivering solid core hardware for the enterprise.”
James Smith wrote: “The new M1 Pro and Max MacBook Pros are absolutely amazing devices, and Apple has knocked it out of the park with them.”
Adrian Stancescu wrote: “The new Macs are a game-changer. There is simply no comparison to the Intel counterparts.”
Robert Hammen wrote: “The new Macs are pretty great. Been disappointed at the number of issues we’ve experienced with 16″ Intel MBPs failing, though. Unsure if users are powering off mid-upgrade, but we’ve had a plethora of ‘suddenly dead, can’t revive’ Macs.”
Jing Yao wrote: “Getting rid of butterfly keyboards was a big plus for purchasing. Apple silicon Macs also allowed us to get way more power for less money in a pandemic-constrained fiscal.”
Anthony Reimer wrote: “We replaced about a third of our lab computers with M1 Mac minis, and they have seamlessly integrated into our labs. Apple is really knocking this platform transition out of the park.”
Kale Kingdon wrote: “In comparison to previous years, I have had no major or minor concerns when it comes to reliability of all hardware platforms. Innovation-wise, I give high marks due to the ongoing strength of Rosetta 2 and how it has been a non-issue during Mac deployment. Thinking back to the PowerPC era, this would have been unthinkable.”
Brad Chapman wrote: “The 2021 MBPs are awesome. I bought one, and it’s a great machine. So glad Apple made them thicker and brought the extra ports back. The M1 Pro is a real screamer of a CPU. I don’t feel like I’m missing out on not having an M1 Max.”
Jason Broccardo wrote: “The build quality and performance of the Apple silicon MacBook Pros are wonderful, leaps and bounds over anything that’s shipped the past five years with a Touch Bar. But it’s taking time to assemble enough stock to start our rollout—thanks, supply chain issues.”
Craig Cohen wrote: “The new MacBook Pros are the best portables in years. Leap Years.”
Sam Rigby wrote: “We’ve seen a weird defect of glass breaking near the hinges below the panel of 2020 MacBook Airs, but it’s been at a relatively low manageable rate, and it looks like there will be some sort of limited warranty to cover it at some point soon. Other than that, everything has been rock-solid. Apple silicon transition was a significant jump.”
Ben Burton wrote: “The M1 Pro devices have been a complete revelation for us.”
Tomas Gal wrote: “After some hardware changes, reliability is better than non-Apple products that we use too.”
Kevin M. White wrote: “We are finally at a point where I literally can’t imagine a better general-purpose enterprise computer than an Apple silicon MacBook Pro. Most computers sold to enterprises are mid-to-high spec portables, and the MacBook Pro is perfect for this.”
Allister Banks wrote: “Everyone can sing Apple’s praises for the M1-wonders (minus the notch). The only functional misstep we’ve seen in limited testing of the new iMacs is broken wired network connectivity during DEP bootstrap, but it’s not worth our time to chase down with Apple. No news is good news—IT people not complaining because end users aren’t complaining means steady as she goes.”
Viktor Glemme wrote: “The new hardware from Apple this last year has been amazing. The biggest hurdle and something that is still hurting: It’s impossible to get access to the hardware. Shipping delays of four months for M1 Max computers are hurting our and clients’ experiences with the new hardware.”
Paul Chernoff wrote: “The new Macs have been great, and our staff is very happy with them. We have been experiencing problems in the past year with Apple’s fusion drives, but those iMacs are 3+ years old.”
Cameron Kay wrote: “2021 hardware is even better than the first batch on Apple silicon Macs, but they need to complete the transition for all models and support more than one external display on entry-level models.”
Stephen Robles wrote: “Many of the devices I manage remotely are iPads, which remain solid in all areas. Changes made, either in Jamf or Apple Business Essentials, are consistent and reliable. The latest hardware releases in the iPad and MacBook Pro category are also easy purchase decisions when new devices are needed.”
Niko Torres wrote: “Solid device releases. Happy with the new Airs and Pros alike. Mobile devices have been great as well.”
Stephen Short wrote: “It’s been a great year for Apple hardware. My organization is very happy with the new Apple silicon chips in the 14 and 16-inch MacBook Pros. Our users are clamoring for the new models, and the additional ports and keyboard improvements are welcome.”
Graham Pugh wrote: “The reliability of Apple silicon devices is remarkable. But Apple is shipping the devices with months-old versions of macOS which can have problems updating.”
Rick Heil wrote: “Our repair rate has gone significantly up over the last three years. While it remains lower than the PC repair rate, it is concerning that the overall quality of the Mac hardware is so much more questionable. I’m not enough of an expert to know if this is a byproduct of extra complexity or something else. Apple silicon is a neat invention and has performance gains but hasn’t been the smoothest transition for us from a management perspective.”
Software reliability and innovation
Grade: B- (average score: 3.4, last year: 2.9)
Business panelists scored this category slightly higher (3.4) than education panelists (3.2).
Mischa van der Bent wrote: “Love the fact that the OS foundation is more in line. This will make the innovation better between iOS/iPadOS and macOS. Think of the possibilities of what we can do with the BYOD method of account-driven user enrollment on iOS/iPadOS if it also comes to macOS. This will bring back personal-owned workflows.”
Mike Stirrup wrote: “Big Sur from Monterey was an easy step. Going to Monterey from an older version has shown issues with secure tokens and the device requiring a firmware password to complete the update. Not ideal with a workforce that continues to be mostly remote.”
Sam Schmitt wrote: “A lot of the more enterprisey apps in macOS also happen to be the most neglected, which can lead to problems that end up with Radars being filed into the void.”
Cameron Kay wrote: “It’s still buggy and rushed. They aren’t taking care and attention, and they are slow at fixing bugs or design shortfalls, especially when it comes to management capabilities.”
Bart Reardon wrote: “I’ve been happy with the recent releases of macOS and iOS. But to be enterprise-friendly, they need to be more open with OS feature roadmaps. It doesn’t cut it to say, ‘python will be removed one day’ and then remove it mid-cycle with not much more warning than a single beta update, and then claim ‘we did say we were going to remove it,’ a response that I think belittles the role that an admin needs to play. What’s the issue with giving a definite timeframe that a feature is being removed? This type of attitude is on top of the things Apple doesn’t get about how the enterprise operates. I need to work off more than assumptions and vague guesses. If they know a feature is being removed with a certain release, then what is the hesitancy in giving us that info so we can plan well ahead? Stop it with the mystery and intrigue and asking us to read between the lines. Straight facts, please.”
Stephen Robles wrote: “One of the mission-critical use cases for Apple hardware in my work is external display support. I have multiple Mac mini and iMac devices connected to displays via USB-C to HDMI adapters, Blackmagic Thunderbolt devices, and SDI video cards. I have been hesitant to update to the newest macOS versions as they typically break compatibility with the software used to drive displays (usually ProPresenter and ProVideoServer from Renewed Vision). Bugs are typically resolved over time, but the niche use cases take a while. We also have to wait for Blackmagic to update its software to support the latest operating systems, which could take several months.”
Paul Chernoff wrote: “I’ve been quite happy with improvements made in Monterey. The ability to erase a drive while retaining macOS is wonderful. We can experiment with new configurations, erase, and quickly have a new configuration set up without the bother of reinstalling macOS.”
Kevin M. White wrote: “macOS Monterey seems considerably more reliable than Big Sur.”
Joel Housman wrote: “Since 12.1, things have been great. We had a rough period with 12.0 and 12.0.1 in which the system wouldn’t recognize the admin password set by the MDM. There was a bug with Apple’s profile/MDM system and Keychain. It didn’t happen on most systems, just a few. It was a bear to fix.”
Robert Hammen wrote: “Bottom line: Apple’s software reliability sucks. Every version, major or minor, of macOS is whack-a-mole. Fix these x bugs, introduce these y bugs. Apple needs to do something to make their software much more polished/reliable/tested.”
Brian LaShomb wrote: “Apple still does not support virtualization of macOS in any meaningful way, which means to develop for iOS or macOS at scale, you must set up Apple consumer hardware to support build operations. It would be nice to have an Apple-supported OS that could run headless on common virtualization infrastructure used inside many organizations without resorting to Mac Minis. Apple also seems to be all but absent in the world of open-source software.”
Tom Bridge wrote: “macOS Monterey represents a solid step forward over Big Sur. The OS has been substantially more stable, and each release has been a step forward, not a step sideways or back.”
Tomas Gal wrote: “Not ideal when stability is preferred, but users demand new features and want to upgrade immediately.”
Viktor Glemme wrote: “Managing software updates has been nothing but a bag of hurt over the last 12 months. If it is major updates or just minor, it’s been painful with stuck software update processes, no easy paths to upgrading with clients ending up having to reboot their machines several times just to get Software Update to work. Also, I had hopes that software updates would get quicker over the years with a new OS being prepared on the side, so during the next reboot there would be no wait. Comparing upgrading Windows to upgrading macOS is tragic. A Windows 10 update is hardly noticeable during reboot whereas a macOS update requires planning 45-75 minutes of downtime.”
Rick Heil wrote: “Monterey was a significant improvement for us over Big Sur, which was troublesome and buggy from the start. Delayed features such as Universal Control are also somewhat surprising for a company that is used to delivering big once per year. Some false starts in the early release cycle are expected, especially in these pandemic times, but the continued issues with softwareupdate hangs hugely concern me. From a security point of view, this is the biggest issue we’ve had in years, and Apple’s lack of attention to it has been confusing at best.”
Todd Ness wrote: “I’ve seen a few problems here and there with released updates and then a second update right behind it to fix, like the battery drain issue in 12.2 that 12.2.1 fixed. My iPhones have been pretty stable but again had some pretty big drain issues on a recent release.”
John Welch wrote: “There is a disjunction between the OS platforms (which are outstanding) and the applications (which are not). I deeply hope that iWork gets spun off so that it might live up to its true potential. I would like to be able to use Pages for text documents more than 60 pages long without it coughing up its own liver and forcing me to use Word. Apple’s app teams deserve far more resources than they get, and it would do them well to be in an environment where they can thrive and actually engage with their customers.”
Kevin Williams wrote: “While I encourage OS improvements, sometimes the wild swings in appearance or functionality is hard for my users to keep up with. They become frustrated that the process they learned a few months ago is radically changed between software revisions.”
Fridolin Koch wrote: “Reliability was up, but innovation was a bit lacking.”
Anthony Reimer wrote: “Big Sur was a buggy OS until near the end of its cycle. Had we been able to jump from Catalina directly to Monterey, we would have. The removal of Python 2.7 in macOS 12.3 was unexpected (most were projecting macOS 13 for removal); Apple should consider renumbering the mid-cycle update to x.5 to more clearly indicate that significant features could be added or deleted then. On the plus side, Apple continues to update the pro apps (Logic Pro, Final Cut Pro) for free, and they are best in class.”
Jing Yao wrote: “Monterey built on all the things Catalina and Big Sur broke, so it felt like a glass of cold water after that hell.”
Craig Cohen wrote: “macOS 12 has been the most stable macOS since Snow Leopard.”
Brad Chapman wrote: “Monterey feels like a pretty good iterative refinement over Big Sur. The transition period from on-screen warnings about Python 2.7 deprecation (macOS 12 betas) to total removal of /usr/bin/python and all libraries in macOS 12.3 was far too short. Even 32-bit apps were generating on-screen warnings for 18 months in High Sierra and Mojave. While it’s unclear how many public apps use python, it has been in use by the Mac admin community for years.”
Ben Burton wrote: “Other than some teething problems with things like PPPC, Big Sur and Monterey have been mostly solid macOS releases.”
Luke Charters wrote: “I know for marketing and shareholders and keeping up with competition Apple needs to release fancy new features every year, but at this point, if executives got up at WWDC and said Apple was spending a year improving performance and fixing bugs I would be over the moon.”
Mike Caplinger wrote: “Sometimes things just don’t work, which is frustrating. We use Profile Manager via macOS Server and it works about 98% of the time.”
Kale Kingdon wrote: “There were minor bugs during the iOS 15 cycle that should have been caught before launch, but it was by no means as bad as the iOS 13 and 14 launches. Apple changing to releasing developed features during point updates is a good cultural change. Innovation is the primary detractor, as there are a variety of core apps on both platforms that have not received any love during their major releases and honestly feel like there is no custodian for them internally, which is concerning. Similarly, it’s mind-boggling how some issues, like the stability of network file shares and configuration of the Files app on iOS, are still as half-baked as they were when originally released.”
Graham Pugh wrote: “Monterey has been reliable, except for several significant problems with software updates.”
David Coom wrote: “Need more granular controls on update delays.”
Armin Briegel wrote: “Monterey was a welcome ‘tock’ update after a series of consecutive ‘ticks’ with Mojave, Catalina, and Big Sur. In a change for the better, Monterey had few major or upsetting changes and some improvements. Universal Control looks exciting but was delayed until 12.3. However, Handoff, Sidecar, Airplay Receiver, and, presumably, Universal Control do not work with Managed Apple IDs. Why Apple excludes school and business accounts from their tentpole features is mystifying. Apple admins are used to major changes in the spring update (usually the .3 or .4 release of macOS), but this year is remarkable because Apple is removing the long-deprecated Python 2 and certain file sync APIs. These changes have been communicated for some time and should not come as a surprise. Yet, these removals are still troubling, as the spring updates are not watched and tested as closely by third-party developers, and the beta phase is much shorter, reducing the time for feedback.”
Allister Banks wrote: “Rosetta is conceptually dreamy, but Apple not allowing it to stay installed during almost every patch upgrade on M1’s means it’s a nightmare that sometimes silently remediates itself, but other times causes the things that we transitionally need to rely on to fail. We had hundreds of lockouts due to a FileVault2 enforcement tool relying on it. Just like python being removed (Without a calendar date, how are software teams/decision-makers supposed to plan and take the removal seriously?), it can take time, and no amount of testing will cover all the corner cases at scale. On iOS/iPadOS/Macs, the new Focus Modes are breaking notifications. It’s remarkable that Apple can continue to make that situation inscrutable and worse in innovative ways. The implementation of Erase All Content and Settings on Mac was great, though!”
Niko Torres wrote: “There’s room for improvement. Stability has been progressing regularly. Apple no longer seems to rush gimmicky features while sacrificing quality but also seems to never deliver on features as well. Overall, that’s preferable as long as stability is intact.”
Security and privacy
Grade: A- (average score: 4.1, last year: 4.1)
This was the second-highest score on the survey, maintaining its score from last year.
Kevin Williams wrote: “While the insistence that managed Apple IDs for staff have 2FA, it has been handled by our staff fairly well as we migrate or upgrade them to new IDs.”
Armin Briegel wrote: “Apple continues to focus on Security and Privacy for end-users. Sometimes Apple’s choices are at odds or at least not well aligned with the requirements and practices of security in businesses. Apple has done excellent work documenting the security features in their Platform Security Guide, which has also received regular updates. After much community feedback, Apple also added Recovery Lock to Macs with Apple silicon, which fills an important requirement for organizations and was sorely lacking in early Big Sur. On the other hand, there has been little improvement to provide built-in management options for security features that are common in benchmarks such as NIST or CIS.”
Graham Pugh wrote: “The key to security is an up-to-date OS, but the amount of engineering required to attempt to get users to update their computers is onerous, and updates remain far too big and slow to be installed. iOS is better in terms of engineering, but updates are still quite large and slow to install, often failing due to lack of space. This should never happen—OS installations should use reserved space.”
Cameron Kay wrote: “Hardest bit about security on the Mac is getting end users to patch their Macs. They just can’t be bothered. Apple needs to give us more tools to ensure users patch.”
Kevin M. White wrote: “Even though Apple platforms are more popular than ever, the number of significant security events (by this I mean security exploits that result in wide-spread data leak/loss) remains low.”
Charles Edge wrote: “Apple continues to focus on and excel at privacy. Masking addresses, reducing the telemetry vendors have into what we do and working out just the right number of prompts to keep us secure without going insane from click fatigue. When we did this survey last year, there were more security issues to respond to; this year has been much better. There were sessions at Defcon and Blackhat, but those were mostly about older issues with software partners than exploits with Apple technology.”
John Welch wrote: “Apple’s record is not perfect, but ye gods, they are the only desktop platform vendor even attempting to make it so that a non-technical user can just use their systems without needing to become an amateur CISO. They’re literally the only human spot in Infosec.”
Brian LaShomb wrote: “Apple does a good job with security, but there are still very few options for adding organizational level trust. I would like to be able to trust a source, like an enterprise domain or certificate chain for downloads. Or allow essential communication tools to be trusted out of the box without user intervention.”
Bart Reardon wrote: “I have gotten annoyed at times when functionality I once relied upon is now locked away behind closed doors in the name of security or privacy, but I understand and appreciate that the same functionality I once relied upon as a management process is ripe for abuse elsewhere. There can be a fine line between admin tool and malware.”
Anthony Reimer wrote: “Apple’s focus on security is top-notch. It would be nice to be able to manage some of those controls more reasonably from an administrator’s perspective. Nonetheless, Apple seems to be more responsive in this regard lately.”
Joel Anderson wrote: “I like the added security features, but there also has to be a way to manage them.”
Jeremy Mentzell wrote: “Despite Apple’s approach to bundling feature and security updates into the same mechanism; I still hear gripes these should be separate and faster with the threat landscape as it evolves. I don’t know the right approach here.”
Allister Banks wrote: “Security goes hand in hand with people running updates, and the situation was allowed to improve on iOS/iPadOS by providing patches for previous versions, but repeatedly breaking MDM/supervised macOS devices from applying updates is an obvious own-goal and one that continues with new wrinkles to this day. Delta updates no longer being available exacerbates the corner we get backed into with no release valve if Apple or its CDN screws up. Those deltas weighing in at over 3GBs for remote workers make using Macs a punishment and penalty for my coworkers if they slip on the treadmill that we need them to keep pace on. Compelling and usable frameworks are the long game of platform security, and Electron’s continued dominance, the slow uptake on file provider system extensions, network system extensions breaking all connectivity during OS upgrade, all these things hurt reliability that admins require and contradict the obvious logic of getting patches out in a timely fashion and not holding back upgrades. By forcing the move to system extensions, they traded kernel panics with us getting kicked out of userland or, worse, silent failures where security and connectivity are just broken. And getting vendors to even keep pace, let alone adopt these frameworks, has reduced options available for many shops, especially when we sacrifice sanity to the altar of compliance and approved vendors.”
Kale Kingdon wrote: “Apple’s commitment to security and privacy is miles above its competitors, and while small issues with implementation and MDM Frameworks can mire the management experience, the security of the end-users is almost never in question.”
Adrian Stancescu wrote: “Best in the industry.”
Brad Chapman wrote: “The pendulum is swinging too far toward absolute privacy and starting to compromise the user experience for managed environments with institutionally owned devices.”
Mischa van der Bent wrote: “Apple is getting to be more of a target in the security world. And what Apple is doing to make the devices secure without infecting the user experience is awesome. If you look at what Apple already builds into the devices on a software and hardware level, it’s amazing. However, for macOS, not all the security stack is controllable via a profile and still requires a script. I hope Apple will change this soon.”
Mike Caplinger wrote: “Apple continues to do a good job here. We have had no security incidents on any of our Macs this year.”
Stephen Robles wrote: “Always confident in security and privacy.”
Sam Rigby wrote: “There are some things that add extra clicks in our deployment (not allowing standard users to grant access to certain things), but ultimately it has been good.”
Luke Charters wrote: “Being strict on security is a place where they really shine. The only point off here is because they need to start paying out properly for bug bounties because a zero-day is doing to come along and show them why they needed to be doing it in the first place.”
Marcus Rowell wrote: “Dialog fatigue is a big problem with Security and Privacy. Admins need more control to pre-approve dialogs. Inconsistency with privacy ‘features’ is also a problem. If a device is business-owned, I already have full control of it, so I should be able to manage all privacy features without user acceptance or intervention. In some scenarios, I want to be able to pre-approve Screen Recording for specific apps to make the experience better for the users.”
Robert Hammen wrote: “I applaud Apple’s efforts to improve the security and privacy of its platform. The way PPPC is implemented is quite convoluted and painful to manage, particularly since things whitelisted by profile do not appear in the GUI. Also, Apple not allowing admins to pre-allow screen recording for conferencing-type apps (i.e., Teams, WebEx) on supervised, institutionally-owned devices is still problematic. Having to have the users set this up (and then leave and re-join the conference they’ve created) is a pretty terrible user experience.”
Joel Housman wrote: “Security improvements in both Big Sur and Monterey give me increased confidence and desire to switch all my staff to using Macs. To solve my Windows ransomware worries, I just want to deprecate Windows.”
Deployment
Grade: C+ (average score: 3.3, last year: 2.8)
Deployment scores improved quite a bit this year, though it was still the second-lowest score in the survey. Education sites rated this slightly higher (3.4) than business (3.2).
Paul Chernoff wrote: “In conjunction with an MDM, setup is much faster now than in the past. I do not miss disk imaging since it took too much work to keep images up to date. Apple needs to improve on allowing the order of installation of profiles and apps and better ability to see what has been installed. Basing management on UDP results in lower reliability.”
Marcus Rowell wrote: “Deployment is improving. Prompting users to install upgrades with tiny notification dialogs that disappear if you tap them anywhere but in the right place isn’t a working solution. iOS-sized dialogs on macOS need to go.
Brian LaShomb wrote: “This has gotten much better with the addition of Erase All Content and Settings, which speeds up ‘resetting’ a device, should enrollment attempts go sideways. Software Update is still fickle, though, and the number of keys you need to configure to thread the needle for minor and major deferrals seems like an arbitrarily complex path to take. Just allow us to use version pinning.”
Graham Pugh wrote: “It remains possible to bypass Automated Device Enrollment for a Mac that is enrolled into ASM/ABM—something that has not been a problem on iOS for years. It’s past time for Apple to solve that. Software update management is too difficult.”
Luke Charters wrote: “Sending out Software Update commands is improved but still has a way to go. I feel like they say software updates are faster every year, but it certainly doesn’t feel like it. It’s extremely hard to get users to update when they take as long as they do. They need to fix app adoption on managed devices.”
Kevin Williams wrote: “I think it is more down to better work with MDM partners than anything directly customer-facing where the improvements have been realized. Using our MDM designed specifically for schools, our deployment tasks are significantly easier than even last year, and light-years better than over the past eight years.”
John Welch wrote: “Is it perfect? Nothing is. Is it better than anything else out there by far and improving all the time? Absolutely.”
Joel Housman wrote: “ABM and zero-touch enrollment have been a game-changer for us. We have about 85 staff, and I’ve deployed 30+ M1 Macs since WWDC last year. The system has been rock-solid in terms of reliability. The difficulties we ran into during November and December with Monterey were unfortunate, but Apple did resolve the issue with 12.1.”
Mike Stirrup wrote: “When a device gets up to Monterey, the Erase and reinstall option is a fantastic time-saver for a technician, along with being able to DFU and restore or update a device in 10-15 minutes. I still don’t trust the process to work well enough to consider shipping a sealed machine to a new starter in the business. A DEP-aware migration tool would be amazing.”
Anthony Reimer wrote: “Software Update has been very problematic in a shared computer setting, where most updates happen with no user logged in. This is particularly problematic when updating macOS on Apple silicon, which requires a volume owner to authenticate. The MDM method to do macOS updates has been unreliable and is not easily automated, so I have often resorted to installing the entire OS instead. Even if I update via MDM or manually in the GUI, we are still dealing with relatively large downloads and install times for security patch updates compared to what we saw in Catalina and earlier. Monterey has made improvements over Big Sur in all these areas, including Auto Advance, but something that was easy in Catalina is still somewhat broken now.”
Jing Yao wrote: “There’s still a lot of work to be done to help enterprise with built-in tools, so we don’t have to resort to scripting and packaging.”
Tom Bridge wrote: “Two major changes this year: Erase All Contents and Settings for macOS and improvements to the Software Update MDM commands! The first is a huge timesaver and has worked exactly as advertised. Everyone who worked on this deserves a title bump, a raise, and a pony. The latter feature isn’t necessarily working as hoped. There’s some good stuff going on here, but execution is highly mixed. App Deployment via MDM is a rough go, and lifecycle management for that software is just absent entirely. There’s hope, and things are getting better.”
Stephen Robles wrote: “Automated Device enrollment works very well, and lifecycle management is excellent. We have a number of older iPads still in use that we can still depend on.”
Ben Burton wrote: “Software updates, especially on M1 devices, are still painful, and VPP remains weirdly unreliable.”
Steve Summers wrote: “I can have 10 laptops to deploy and on the 9th Mac, DEP will fail for an unknown reason and the Mac will need to be erased and the OS reloaded, then it will work and deploy correctly.”
Kale Kingdon wrote: “All facets of the deployment process have been satisfactory with no glaring concerns, outside of the OS Update workflow which is still plagued by inconsistency.”
Brad Chapman wrote: “The ability to add old Macs into ABM/ASM with the iPhone and Apple Configurator is terrific. The new MDM controls for Big Sur 11.5 and macOS 12.0 for software updates are a step in the right direction. However, a couple of things happened this year that gave me pause. First, while the software update improvements are good in theory, the actual experience for MDM admins needs a lot of work. We still need to be able to delay the next major OS release by 365 days. And the MDM commands don’t produce consistent responses from devices. Second, there is a serious bug with the softwareupdate daemon affecting Monterey, Big Sur and Catalina that causes the service to stall. End users and the general public see ‘checking for updates’ forever in System Preferences. For managed fleets, the inventory process never finishes… or the MDM command to trigger software updates never finishes, and the service must be killed, or the Mac must be rebooted. MDMs with agents, such as Jamf and Kandji, never finish submitting inventory. We found Macs that have been stuck since December 2021. By all anecdotal evidence, this has been going on for at least six months. Many customers filed cases. Apple claims it is fixed in 12.3. No promise yet for Big Sur or Catalina, where it really needs to work.”
Stephen Short wrote: “There’s still a lot of work to be done to reliably manage software updates, which ostensibly help to address security vulnerabilities. Deferred macOS update improvements are helpful in Monterey, but the API commands are only marginally successful. My organization (and many others) must rely on multiple tactics and procedures to ensure every Mac in their fleet is successfully updated. This typically involves user communication or using device trust products from other vendors to ensure a Mac complies with your organization’s update policy. By far the best feature improvement in Monterey is the ability to Erase All Content and Settings either from System Preferences or using an API command. This can drastically reduce troubleshooting times with users and allows Macs to be returned to service and re-issued without a time-consuming erase and reinstall of macOS.”
Jeremy Mentzell wrote: “ADE is great. Update cadence and beta programs allow those with availability and concern to evaluate as aggressively as they wish. MDMs continue to be able to force or delay updates, and Apple continues to give hardware long life with software updates. It will be interesting to see the contrast between Intel Macs and Apple silicon Macs as time progresses.”
Adrian Stancescu wrote: “Pretty good, but please get rid of macOS Server once and for all and find a proper replacement to Profile Manager. It’s shameful at this point in time to still ship it.”
Cameron Kay wrote: “It’s still too easy for a user to bypass MDM enrollment and have an unmanned Mac. Apple needs to make it impossible for a Mac to bypass automated device enrollment.”
Robert Hammen wrote: “Will give them props for Erase All Content and Settings and provisional Mac enrollment. VPP app deployment on macOS is still a complete dumpster fire and the complete opposite experience of app deployment on iOS, where it just works.”
Armin Briegel wrote: “With Erase All Content and Settings, Monterey has provided a feature that Mac Admins have wanted for a long time. Apple also added the necessary configuration profile and MDM commands to manage this feature. On the flip side, while the softwareupdate process is now somewhat more reliable, the management options are still deficient to the point that community solutions, such as Erik Gomez’s wonderful Nudge, are being deployed in scale. In an attempt to improve the management and security of Apple Remote Desktop and Screen Sharing access, Apple rendered it un-usable at scale.”
Todd Ness wrote: “Love the new Erase All Content and Settings option for resetting a computer. ADE seems to work pretty well from the initial boot, but to make a running computer get into ADE after it has been set up has become nearly impossible. ipsw deployment is also a nice addition from the Intel hardware.”
Mike Caplinger wrote: “I miss NetBoot and NetInstall. We’re slowly adapting to the ‘new way’ of doing things. We have a lot more capability now, but I’m old school and miss the simplicity of just NetInstalling a new image every month.”
Sam Rigby wrote: “We tried automated device enrollment, but with kids as our primary users, it just didn’t make sense. OS upgrades and software updates are a bit of a mess, to be honest. We try to push updates, but if there’s a smarter way to do it without pissing people off, we haven’t figured it out. This is mainly due to the problems with doing any updates over the air. And with the timing of the release cycle, we often stay behind until the summer and then deploy using the previous year’s highest point release. (We’ll update everything to Monterey this summer.) App deployment is rock solid, no complaints.”
Viktor Glemme wrote: “The fact that it is so unreliable is strange. It’s like Apple doesn’t listen to any of their larger clients. If you have a 20-25% failure rate of upgrades in a small organization, it is survivable. But when that number suddenly encompasses several thousand devices that need handholding to do the basic tasks, it is a struggle.”
Keion Dorsey wrote: “Software updates and OS updates and deployment could be better.”
Jason Broccardo wrote: “Apple’s years-long struggle with properly automating and administering software updates at scale continues unabated.”
Bart Reardon wrote: “macOS updates and upgrades probably need the most work. When managing hundreds if not thousands of devices, and there is a requirement to deploy a specific update, the commands to deploy, prompt, and install that update need to be consistent and reliable for an enterprise environment. There needs to be a clear understanding that updates need to be enforceable with a specified schedule if the environment requirements demand it. Currently, there’s too much wiggle room and too many gray areas. On macOS, VPP is borderline useless. It’s less of a command to install an app and more of a suggestion to the OS to maybe install an app if it can get around to it. It’s not consistently reliable. That said, the features and reliability of device deployment and lifecycle is well ahead of the capabilities on other OSes, which are still playing catch up.”
Kevin M. White wrote: “While I appreciate the announcement that Apple is working on declarative management (aka MDM 2.0), this still doesn’t solve the problems we have today. It’s frustrating to see how hard Apple works to include robust built-in security features but then provides extremely poor methods for managing these features. Examples include a relatively robust software update mechanism that suffers from limited management controls, a powerful system-level privacy and security model that is somehow simultaneously too complex and not feature complete, and an incredibly fast and secure web browser with near-zero management features. Again, the impression here is that Apple creates features that benefit the consumer without consideration for the enterprise.”
Rick Heil wrote: “No real changes have been made other than conditional DEP and Erase All Content and Settings in my view. But Erase All Content and Settings is worth a higher score alone. We’ve been asking for it for years, and it is everything I dreamed about. While it is disappointing Apple decided to gate both Erase All Content and Settings and conditional DEP for newer hardware, I’m thrilled to have both nonetheless.”
macOS identity management
Grade: C- (average score: 2.9, last year: 3.3)
This was the lowest-scoring category in the survey and the biggest drop from last year’s survey. Opinions on this category were dramatically different based on the size of the organization, with those who support between 500 and 1000 being far more negative and those supporting less than 100 devices being far more positive.
Fridolin Koch wrote: “Apple should be more proactive and work with Identity Providers to make more Login Window replacements are possible.”
Marcus Rowell wrote: “Apple’s identity story is not coherent. Everyone has a personal Apple ID, yet there is confusion around the enterprise identity. Managed Apple IDs are limited in scope and limited to Azure AD. Microsoft and Google have a cloud OS where your identity, data, and applications live primarily in the Cloud. Apple is many years behind and probably can’t catch up at this stage, so they need to allow a user to sign into their Mac with either their Microsoft or Google Identity.”
Viktor Glemme wrote: “I still rely on Jamf Connect for proper identity management.”
Armin Briegel wrote: “There has been very little progress with regards to identity management since last year. Third-party SSO extensions remain in ‘preview’ or ‘beta’ limbo or entirely non-existent. It is hard to judge if this is Apple’s or the third-party developers’ fault. Apple is not pushing their cloud solutions forward for organizations either, though managed iCloud storage extension in Apple Business Manager shows some promises.”
Brian LaShomb wrote: “We still utilize enterprise Connect as there are still outstanding issues within the Kerberos Extension. I would like to see first-party FIDO support for user authentication.”
Todd Ness wrote: “The SSO agent has way more problems than enterprise Connect ever had. If a user’s password expires, it is not pretty to get the SSO agent working, and the password has to be changed externally instead of with the SSO agent.”
Graham Pugh wrote: “My organization does not yet employ SSO, but I do find it a shame that Microsoft has a monopoly on SSO integration with Apple. I’m surprised Apple hasn’t been sued over this.”
Ben Burton wrote: “Are Apple even still doing any work on any of this? I haven’t seen any improvement.”
Jeremy Mentzell wrote: “Growth and integration with Identity Management Solutions continue positively. MAIDs offer businesses that support them good flexibility. But Apple’s Managed/Business iCloud lacks FEDRAMP certification and will hold people back.”
Robert Hammen wrote: “Strong demand for SCIM integration with services other than Azure. Some folks are unhappy that the SSO extension lost functionality, coming from Enterprise Connect.”
Stephen Short wrote: “Mac admins have been treading water for years regarding enterprise identity management, and it’s still abysmal. Apple needs to take ownership of federated identity and make it easy for IdP vendors like Okta, Azure, and Google to easily integrate their directory offerings into the standard authentication/setup experience in Setup Assistant. For all the money and resources Apple has at its disposal, it’s a dereliction of duty for them to outsource a key component of the enterprise user experience to third party vendors.”
Bart Reardon wrote: “I deployed the Kerberos Single Sign-On extension after WWDC 2019 and macOS 10.15, replacing Active Directory binding, and it has only gotten better over time.”
Kevin Williams wrote: “Again, I think it’s working with the MDM partners where this becomes apparent to us. Using Mosyle extensions, our staff log in using their Google account to their Mac, making it a one-stop account for everything they need to remember.”
James Smith wrote: “Utilizing the Extensible enterprise Single Sign-on framework with Azure identities works wonders for those who work in a Microsoft-centric environment.”
Adrian Stancescu wrote: “Why are there still mobile accounts in macOS? The writing has been on the wall for a long time, and since macOS Server is all but dead, why are mobile accounts still shipping?”
Craig Cohen wrote: “Too much reliability on third-party and not enough built support for IDP in the cloud.”
Kevin M. White wrote: “Apple’s current offerings for identity management integration aren’t even half-measures. User-initiated enrollment is a neat feature that very few enterprise organizations will ever trust. (Apple doesn’t understand that BYOD will never be a solution for most enterprises. You can’t dictate what an employee brings to work, so how many of them are going to have Apple devices on the latest software versions? Further, the value of keeping corporate information as secure as possible vastly outweighs the burden of purchasing in-house hardware.) Federation against Azure for managed Apple ID is a good start, but Azure identity services is a small percentage of the overall identity market. Finally, none of the current identity integrations matter until Apple addresses one of the core things that makes macOS different from iOS: a local user account. Apple needs to create a macOS identity framework that can solve for the entirety of macOS user account services including FileVault, login window, and Keychain.”
Sam Schmitt wrote: “I haven’t seen this catch on as much as I’d like it to. Microsoft is doing a better job at incorporating cloud-native identity into its platforms. This could be a great place for Apple to have differentiated themselves.”
Brad Chapman wrote: “It doesn’t feel like Apple has made much improvement in this area. The SSO / Kerberos extension has not achieved feature parity with enterprise Connect, particularly where branding and customization are concerned. We’re seriously thinking about switching to NoMAD or Jamf Connect.”
Rick Heil wrote: “We do not use any of Apple’s federation or identity management software because we don’t trust it to actually work.”
Tom Bridge wrote: “Adoption of the Kerberos SSO methodology by various organizations has been really slow going. Apple does federate Apple IDs with Azure Active Directory, and that’s good, but there are many, many more SSO providers that are worthy of this privilege, and Apple should announce a program to allow SSO Providers to participate in that process. In addition, it’s long past time that the login window support signing in via single sign-on providers natively, and create accounts based on that sign-on process, and keep the passwords in sync via periodic reauthentications and token refresh. Alternatively, an adaptation to a process like Windows Hello would be welcome.”
Joel Housman wrote: “We’ve adopted JumpCloud as our IAM. It’s been great, and they’ve been rapidly iterating on their feature set during 2021. My assumption is JumpCloud uses Apple’s IAM APIs to do what it does, and therefore I can say we’ve been very happy with the implementation.”
John Welch wrote: “They could be doing better here, and I think a more direct partnership with Microsoft on AD access and integration rather than almost completely relying on third parties for the implementation of that would be a massive help.”
Cameron Kay wrote: “Apple needs to provide Azure AD and other cloud IdPs built into macOS so enterprise users can log in to their Macs via their enterprise user IDs and have passwords and password policies synced.”
MDM protocol and infrastructure
Grade: B- (average score: 3.5, last year: 3.2)
This category, up from last year, was especially lauded by education users (3.8), not so much by business (3.2).
Adrian Stancescu wrote: “Very good, but just stop pretending that macOS Server is a real product, or that Profile Manager is something a sane person should use.”
Todd Ness wrote: “I love the thought of being able to manage updates via MDM, but it is just not very useful. I’m not sure if that is all Apple’s fault or if Jamf is to blame for some of it. I cannot target all 1100 updates at once—about 250 seems doable. There is no forced update after the deferrals end, either, which makes it somewhat useless. The forced update has no interaction, which is a bit of a problem as well.”
Sam Schmitt wrote: “I am excited about declarative management APIs and how they can be used in the future.”
Ben Burton wrote: “VPP is really flaky. Software Updates via MDM command are too.”
Stephen Short wrote: “It’s a mixed bag. The macOS software update deferral API commands in Monterey are an improvement but are still not totally reliable. Even if your MDM is escrowing a secure token, users on Apple silicon may still be prompted to authenticate to authorize a macOS software update. If your organization wants to force an update, it’s still too easy for a user to indefinitely avoid updates (absent other forms of intervention and remediation outside of Apple). The ability to Erase All Content and Settings using an API command in Monterey is a very welcome feature. This can drastically reduce troubleshooting times with users and allows Macs to be returned to service and re-issued without a time-consuming erase and reinstall of macOS.”
Viktor Glemme wrote: “Much better than previous years. It’s still missing features and functionality. As MDM becomes more and more important in an agent-less world, we need to have more features in the MDM spec to help us manage devices.
Luke Charters wrote: “Some commands are instant; others just never get received. The best is when they get received, and nothing happens, and there’s no error. We’ve checked, and our network can communicate with Apple according to the enterprise network support page.”
Jing Yao wrote: “Small quality of life improvements, but I’d still like to see more meaty improvements, so we don’t have to resort to scripting and hacks.”
Anthony Reimer wrote: “MDM is not as reliable as I would like. The lack of round-trip feedback continues to be an issue. I am looking forward to the work Apple has begun on moving to state management—this could be a real boon for Mac admins.”
Niko Torres wrote: “Overall integration is working well. Pain points may resurface in the future as Apple continues to tighten security.”
Kevin Williams wrote: “I think it has been in this category where their work has become apparent (and useful) to us, the end-user. So much more is available for us to manage our Macs and iPads that we wish there was an MDM for Windows that came close to the abilities we have on our Apple devices. That used to be reversed for years.”
Cameron Kay wrote: “Apple’s infrastructure is still a bit flaky. Also, their protocol is ‘best effort,’ which means things many never make the device. And if something fails at device enrollment, the device goes unmanaged.”
Paul Chernoff wrote: “Improving but lots more work to do. Using UDP lowers the reliability of MDMs. We need better control, especially the order in which profiles are installed since some profiles depend on others being installed first.”
Mischa van der Bent wrote: “Didn’t have any big issues this past year. The MDM protocol is a strange beast, but I love it! I’d love to see the declarative MDM come to the entire ecosystem, not only for ADUE.”
Graham Pugh wrote: “There have not been any significant changes in 2021. Declarative MDM is not yet available in any meaningful way.”
John Welch wrote: “Everyone is still chasing Apple’s tail.”
Robert Hammen wrote: “Super interested to see where the new declarative device management goes. The MDM functionality in macOS has not changed significantly since its release in macOS 10.7 Lion. We desperately need the ability to set settings once (Dock), but allow users to make changes. The ‘set settings or don’t’ functionality isn’t good enough. I would also love the ability for MDM to become more stateful. For example, if there’s a profile to enable the firewall, if it’s somehow disabled, the device should automatically re-enable it.”
Allister Banks wrote: “MDM continues to be ‘management over UDP’, the most popular vendor implements the spec in such a way that what payloads are installed is not shared with admins, and the local frameworks are private, and the ‘public APIs’ (system profiler and the profiles command) are inconsistent, incomplete, and ungainly to wrap. Infrastructure-wise, underlining the lack of API for the business/education enrollment portals, a certain gig economy company found a way to overwhelm Apple’s servers due to the overall lack of rate limiting when performing verification on enrolled status. We must continuously poll or check side-effect artifacts that imply some sort of state because Apple never built the actual hooks for gauging metrics or getting accurate telemetry regarding enforcement or acceptable operating constraints. In a previous lifetime, years ago with Managed Client for OS X we had ‘manage once’ friendly defaults. Now vendors like Kolide measure ‘fence-jumpers’ when Apple only provides restrictive walls.”
Rick Heil wrote: “MDM still feels like it is, at best, an afterthought. Lack of documentation and definition around the existing application of profiles, plus a lack of use case for declarative MDM announced at WWDC 2021 makes me concerned about what will be coming for macOS at WWDC 2022. I think everyone involved agrees that MDM for macOS needs a full overhaul—the million-dollar question is if Apple will design their new system in a manner that is truly useful for enterprises.”
Marcus Rowell wrote: “The old MDM protocols are limping along. Hopefully the new declarative protocols live up to their promise and are implemented with feedback from the community.”
Mike Caplinger wrote: “There is always slow but steady improvement.”
Mike Stirrup wrote: “Still feels like a set-it-and-hope-it-happens process. Commands often fail if the device is not active when a policy is enabled.”
Bart Reardon wrote: “No major issues with MDM. I’m glad to see there are efforts on improving the protocol by adding declarative device management, and Apple isn’t resting on its laurels.”
Stephen Robles wrote: “The number of websites and portals required to manage an MDM like Jamf can be ungainly. Some areas, like the certificate renewal website, is hilariously old. But still performs the function just fine.”
Joel Housman wrote: “We have zero experience with MDM and iOS devices as we just issue a stipend to staff to pay for services (phone/data) and don’t own any devices ourselves. As for macOS, MDM has been great. We can either deploy all our software through VPP over MDM from the Mac App Store or we can use MDM payloads to load it from outside of VPP if the software isn’t available on the Mac App Store.”
Jason Broccardo wrote: “I’m still testing MDM changes like the new software update options available for use with macOS 12 Monterey. Not conclusive yet if they are any improvement on what we’ve had before.”
Craig Cohen wrote: “Declarative management is a great line in the sand that I can’t wait to cross.”
Fridolin Koch wrote: “Declarative Management looks promising but is not here yet.”
Armin Briegel wrote: “Declarative device management shows a lot of promise but is still too limited to give a fair judgment or be actually useful. At WWDC 2022 Apple will have to prove its commitment by pushing this new paradigm forward in features and scope, while addressing the shortcomings of the current MDM protocol, which remains as woeful as before.”
Kale Kingdon wrote: “While the reliability and stability of the MDM Protocols remain solid and unchanged (outside of the OS Update Commands), there has been no discernible innovation in the current ADE device framework. And with declared management still only being supported on UIE devices, I feel I’m waiting for the other shoe to drop when it comes to potential changes.”
The future of Apple in the enterprise
Grade: B+ (average score: 3.8, last year: 3.4)
Robert Hammen wrote: “Still fairly bullish on Apple in the enterprise. I think sometimes the developers and product marketing don’t have enterprise in mind when introducing new functionality or features in the OSes, and then Apple has to scramble afterward to address holes in enterprise workflows.”
Mike Caplinger wrote: “Our users are very happy with their MacBooks. I don’t think that will change in the next few years.”
Rick Heil wrote: “From outside the MacAdmin sphere of influence, Apple devices and products still have a certain cachet to most employees and are still our dominant computing device. I don’t see that changing any time soon, even if the platform becomes increasingly difficult to manage. End-users still prefer the flexibility and experience they get with macOS versus other operating systems, and love the sleek, well-designed hardware Apple produces.”
Anthony Reimer wrote: “My views since last year haven’t changed much. I really like the people that Apple has hired from the Mac admins community to help them up their game, and it is clearly paying off. Apple’s hardware is fantastic. I support Apple’s aim to give users more control over their privacy, even on a corporately owned device. But Apple makes it hard to administer computers where there is more than one user. We want to make it easier for our users to avoid common privacy and security pitfalls, but Apple’s systems/rules are often an impediment. Apple is getting better, but they need to continue to get better.”
Stephen Short wrote: “I am generally positive on the prospects for slow, continued improvement for enterprise management of Macs and iOS devices. There are certainly areas like software update and identity management that need a lot of work, but I feel like Apple has done a good job at informing admins of upcoming changes via AppleSeed. Organizations that have a relationship with an Apple rep for purchases may have a better experience at reaching the correct team or person to assist them when support issues arise, especially if they are not paying for an enterprise support agreement.”
Jason Broccardo wrote: “Don’t see Apple’s foothold going away any time soon.”
Niko Torres wrote: “Apple gives the impression that they are listening, which is heartening. I still am prepared for the inevitability that they will spring something on us due to past experience but am hopeful they are moving towards more transparency in enterprise management.”
John Welch wrote: “I honestly can’t complain too much. Are there things I’d like to see them do more of? Sure. Better PIV/CAC support is something the entire civilian and military government sector would love to see, especially iOS users. Buying a reader for non-Macs is non-cheap. I’d love to see support for FaceID in at least MacBooks. Building out a proper Boot Camp integration for ARM versions of Windows and Linux would be of use to the enterprise, and non-enterprise too, for that matter. I think government/defense customer needs are always going to be an issue for Apple because many of them simply don’t translate well to general needs. Most people will never need a PIV/CAC card, but for government/military/defense, they’re critical. Should Apple build card readers into Macs? In my current gig, I would say absolutely. When I worked other places, I would have said, ‘meh, maybe, no big deal.’ I think their opening of repair options is a huge boon for people working remotely in areas where the nearest Apple store might be hundreds of miles away, and I’d like to see them consider adding built-in cell support to the MacBook line. For remote workers, it’d be a big step in the right direction for a large swath of their users.”
Joel Anderson wrote: “Apple is still a popular choice, but Google is kicking butt, especially in education.”
Bart Reardon wrote: “The impression I get from Apple as an organization and from the Apple employees I deal with (account management, service reps, purchasing) is that there is a concerted effort being made to not just implement some bare minimum feature set or present their idea of what Apple in the enterprise should look like, but to listen to the people that manage these devices and use that feedback to inform how their products look and behave.”
Adrian Stancescu wrote: “100% confident that Apple will do amazingly well in the enterprise. The Apple silicon Macs are unbeatable.”
Fridolin Koch wrote: “They have to keep the good vibes around the M1 going and do more for enterprises regarding roadmaps and enterprise features like SSO.”
Luke Charters wrote: “I feel confident, but they need to make some fundamental improvements to really make it great.”
Armin Briegel wrote: “Apple silicon-based hardware continues to impress and excite. This puts Apple in a great place to gain mind and market share in the enterprise. However, Apple needs to understand the workflows and requirements of IT and security teams outside of Apple. Most of the issues that make managing Apple devices so cumbersome seem to stem from workflows that fail to address real-world requirements. These obstacles will impede the momentum that Apple is building on the user side. I repeat my request from last year: When Apple designed the new Mac Pro, they hired a team of Pro users to understand their workflows and requirements. Apple needs a similar effort to understand the workflows and requirements of businesses.”
Stephen Robles wrote: “I believe Apple is taking great strides to support small businesses and creating useful tools like Apple Business Essentials. I look forward to what they build in the next few years.”
Kevin Williams wrote: “I like to think that these improvements (like their efforts with the Mac) are not just a few-year focus and that they will continue to improve these services over time. They’ve finally got them in a good place—now it just needs care and feeding constantly, and not a complete overhaul like in the not-so-distant past.”
Brian LaShomb wrote: “Migration of corporate-owned devices to another MDM provider is still a painful process and one that Apple will have to face eventually with its own offerings now entering the MDM space. The lack of ability to control the macOS version deployed remains a concern. With a maximum 90-day deferral for updates, some organizations will end up being forced into situations that could cost their business time and resources without their consent. All based upon what would seem to be an arbitrary constraint.”
Mike Stirrup wrote: “I hope Apple sees the enthusiasm the community has shown for the new M1 devices and works on improving the tools for Apple admins to manage them. They show glimmers of hope occasionally with promised improvements but are often too slow at implementing them.”
Marcus Rowell wrote: “The cloud OS strategy of Microsoft and Google is seeing them absolutely own the infrastructure that manages identity, security, and hosts the business apps and data. Even Microsoft Word is now a heavily cloud-OS-integrated app. While these two continue to include Apple devices as first-class endpoints for the cloud OS, Apple’s user-focused hardware and software will continue to win new enterprise customers. If the features and functionality start to become much better on other platforms than Apple, when then? That Apple dominates the phone market is probably the core reason that Apple devices are first-class Cloud OS clients.”
Sam Rigby wrote: “It’s a mixed bag. Ultimately, this is an iPhone and services company, and so it could very easily decide that the juice isn’t worth the squeeze for enterprise/schools.”
Ben Burton wrote: “The hardware and OS remain the absolute best in the industry, but a lot of Apple’s enterprise stuff feels completely ignored.”
Kale Kingdon wrote: “While I am happy with the core feature sets provided to the enterprise community, the seemingly random half-baked solutions that fail to be iterated upon year after year show that the teams initially assigned to these projects, while extremely passionate, are thoroughly under-resourced and potentially moved from project to project at whim. Most of us understand at a core level that Apple’s focus is on the consumer, and the feature sets that we live and breathe are second, third or fifth fiddle in priority. But it can be disconcerting to see such a highly valued company not have the resources dedicated to core features of its operating systems and frameworks.”
Viktor Glemme wrote: “Apple is better every year at its enterprise game. Still feel it needs to listen to the larger organizations and help them manage devices better.”
Joel Housman wrote: “It is clear to me that Apple is putting more wood behind the arrow when it comes to enterprise support and their platforms. Each WWDC, more features come built into iOS, macOS, the enterprise portal, or ABM that support the needs of organizations. As long as they keep adding features and capabilities at the rate they’ve done so over the last five years, I’m happy.”
Cameron Kay wrote: “They need to listen to IT admins needs more. The enterprise team at Apple doesn’t seem to have much real-world experience and seem to see things distorted to the rest of us.”
Jeremy Mentzell wrote: “This feels like it’s on the upswing with renewed support in the government and education teams, but much more attention is needed.”
Graham Pugh wrote: “Fortunately for Apple, their hardware remains very attractive, and Apple silicon devices have increased their popularity. Apple’s enterprise developments are just about able to maintain this.”
Allister Banks wrote: “Hard to tell a trillion-dollar company you’re taking your business elsewhere or really find any leverage with issues besides the normal backchannel network of internal people who care or the press blowing it up. Apple gives off the impression we only need to care about the software they preinstall or offer bundled and can’t even let us patch it effectively. The same people being allowed to iterate in the wrong direction for users’ security and stability is not encouraging.”
Todd Ness wrote: “It seems like they are trying. Of course, it is never fast enough for those of us waiting for better solutions.”
Jing Yao wrote: “With the Apple silicon transition and the new capabilities that will come to the Mac from it, the future should bring some more improvements at a faster pace than it has previously.”
Participants
Thanks to Kandji for commissioning the survey, and to Tom Bridge and Charles Edge of the Mac Admins Podcast for their help in analyzing the results. Thanks to Amanda McTaggart for doing a lot of heavy lifting in prepping the survey results.
And finally, thanks to the participants. Participating in this survey were Joel Anderson, Allister Banks, Jake Baranski, Tom Bridge, Armin Briegel, Jason Broccardo, Ben Burton, James Capen, Mike Caplinger, Brad Chapman, Luke Charters, Paul Chernoff, Craig Cohen, David Coom, Keion Dorsey, Charles Edge, Ryan Ellerbe, Tomas Gal, Viktor Glemme, Ted Goranson, Robert Hammen, Rick Heil, Joel Housman, Cameron Kay, Kale Kingdon, Fridolin Koch, Glenn Kowalski, Stuart Lamont, Tom Larkin, Brian LaShomb, Gregor Longariva, Liam Matthews, Jeremy Mentzell, Harald Monihart, Todd Ness, Graham Pugh, Bart Reardon, Anthony Reimer, Sam Rigby, Stephen Robles, Marcus Rowell, Sam Schmitt, Stephen Short, James Smith, Adrian Stancescu, Mike Stirrup, Matthew Suddock, Steve Summers, Niko Torres, Mischa van der Bent, John Welch, Kevin M. White, Kevin Williams, Jing Yao, Tony Young, and 15 others who wished to remain anonymous.
If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.