Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
If you were managing Macs in the enterprise fifteen years ago, you weren’t just an IT admin who loved Apple, you were a survivalist. In those days, Apple was often an afterthought in the corporate world, treated as a nuisance by many IT leaders who prioritized Windows and PC deployments. Because we didn’t have massive vendor support or enterprise-grade tools handed to us, the Mac admin community had to build them ourselves. The community wrote scripts, shared knowledge, and built apps. Obviously, today is different. Apple is quickly becoming the default endpoint for enterprises. The community effort hasn’t stopped, though. Another app showed up on my radar recently, and it’s a prime example of the Mac admins community at work. Let’s look at M.A.C.E.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
As security requirements have tightened in this era of computing, deploying compliance benchmarks like CIS or NIST has become a significant focus for IT admins. M.A.C.E. simplifies the complexity of these government standards by wrapping them into a usable, open-source tool that any IT team can deploy.
What is the macOS Security Compliance Project?
The macOS Security Compliance Project is an open-source initiative that offers a programmatic approach to generating security guidance. It doesn’t just give you a PDF to read. It generates customized documentation, remediation scripts, configuration profiles, and audit checklists tailored to your specific baseline requirements. It is authoritative because it is recommended by NIST Special Publication 800-219.
This project is a joint effort between federal IT security staff and volunteers from organizations like NIST, NASA, the US Navy, and the Center for Internet Security. Apple even covers it on its Apple support website. The project uses a set of tested controls for macOS and maps them against supported security guides. Your team can use it as a resource to easily create customized security baselines by leveraging a library of validated configuration settings. These baselines produce the actual content you need to load into your management tools to achieve compliance.
How M.A.C.E. works
The macOS Security Compliance Project relies heavily on editing complex YAML files, understanding scripts, and navigating a folder structure that feels more like a developer’s playground than something that everyday IT engineers can use.
M.A.C.E. solves this by acting as a graphical user interface for the mSCP. Instead of hunting through lines of code to find the rule that disables the macOS camera or enforces a screenlock password, M.A.C.E. shows you these controls in a dashboard. You can load a standard baseline, such as NIST 800-171 or the CIS Benchmark, and then toggle specific rules on or off based on your organization’s requirements.
Once you have customized your baseline, the app generates the necessary output files. These include the configuration profiles and scripts that you can upload directly to your device management service. This means that even smaller IT teams can deploy strong security standards without needing a dedicated security engineer or external vendor
Wrap up
One of the risks of using free open-source community tools is that they can sometimes become abandoned. However, M.A.C.E. appears to have an active roadmap that addresses some of the most significant friction points for IT teams. The developer is working on tools that will enable you to import existing mSCP 1.0 and 2.0 baselines. The roadmap also includes the ability to run the official mSCP audit and, more importantly, apply fixes directly from the results. If implemented well, this would close the loop between finding a compliance failure and remediating it. When you combine that with automatic rule updates from the mSCP repository, M.A.C.E. could become a “set it and forget it” utility for compliance management.
Perhaps the best part of M.A.C.E. is that it comes with a free price tag. Because it is an open-source project from the Ma admins community, there is no subscription fee and no procurement process for your purchasing team. You can download the latest release directly from GitHub. Of course, if you find it useful for your company, you can buy the developer a coffee (or 50).
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
FTC: We use income earning auto affiliate links. More.
