Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
It’s time to retire the idea that “MDM is all you need.” We are past that with Apple in the enterprise. What we need now is a shift in mindset. Pushing configuration profiles and deploying apps to the Mac is just a piece of a larger puzzle to making Apple the best endpoint in the enterprise. The real work happens when you start thinking about the entire service portfolio around Apple devices. That’s where success with Apple in the enterprise happens.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
First of all, I’d like to retire the term MDM (mobile device management). Device management is a requirement for Apple at work, but checking the MDM box and thinking your deployment is done doesn’t work. Real Apple deployments need to think bigger. It’s not just about managing a device. It’s about identity. It’s about app delivery. It’s about patching, access, compliance, and security. That’s the portfolio Apple IT needs to be building. I believe Apple recognizes this, and based on WWDC25, I think that’s exactly what their vision is signaling.
Here is what that looks like.
Identity is the starting point
If users can’t sign in easily and securely, nothing else matters. Managed Apple Accounts and Platform SSO are no longer optional. They’re foundational. Apple is putting identity at the center of the Mac deployment experience, and IT needs to follow that lead.
With Platform SSO now built into Setup Assistant, users can authenticate with their identity provider immediately. No more local account first, then moving to SSO later. The entire flow is streamlined from the start. Once the user signs in, the Mac is automatically enrolled, the account is created, and their password is synced with the identity provider or stored securely using the Secure Enclave. It’s smooth. It’s secure. And it’s designed for scale.
At WWDC25, Apple introduced Authenticated Guest Mode for shared Macs. This mode brings the same modern login experience to shared-use environments like healthcare, retail, and labs. Users can log in with cloud-based credentials and get full access to apps and services without leaving any data behind. When they log out, the session is wiped, and nothing stays around. Apple even took it a step further with Tap to Login. By provisioning access keys in Apple Wallet, users can tap their iPhone or Apple Watch on a Mac to sign in instantly.
Local-only accounts are no longer realistic or scalable. Apple understands that reality and gives IT teams the tools to make identity-based deployments standard across every environment. Identity has to be the starting point, whether it’s a MacBook in a one-to-one setup or a shared iMac at a nurses’ station.
Identity needs to go deeper than login
There are keys, certificates, Wi-Fi credentials, app secrets, and everything in between. Some of it fits into device management. A lot of it does not. With things like the ManagedApp framework and Secure Enclave support, Apple is giving IT the tools to manage credentials in a secure and scalable way. IT just needs to start using them.
Declarative is the future
At WWDC25, Apple made it clear. The move to DDM is not just coming. It is already here. Declarative management is now supported across every major platform, including iPhone, iPad, Mac, Vision Pro, and even Apple TV. Using declarative configuration, you can now set software update schedules, defer OS versions, define compliance policies, and manage Safari settings. You can also deliver apps and packages, pin specific versions, and get real-time status updates to track installs and failures. It is a major improvement over the old workflow.
Apple is phasing out legacy MDM support. That means older, command-based systems are on borrowed time. Declarative is the only direction Apple is investing in going forward.
If your device management vendor is not fully supporting declarative, that is a problem. If you are not using declarative yet, now is the time to start. If your current vendor is not ready, it is time to look elsewhere.
Too many vendors still treat macOS like it is Linux with some UI changes. That is not good enough. Apple does not work like Linux, and it should not be treated that way. Security tooling for the Mac needs to be purpose-built. It needs to support System Extensions, use Endpoint Security APIs properly, and understand how TCC works. If your EDR vendor does not have a real macOS engineering team, your data is not as protected as you think. Apple should be a first-class citizen with your EDR vendor, not an afterthought.
Another area that often gets overlooked is log collection. Apple IT teams need visibility into what is happening on the Mac, just like they would with any other endpoint. However, traditional collection methods do not always work well with Apple platforms. Telemetry data on macOS is growing fast, but the tools for collecting and processing that data have not kept up. Whether it is security, compliance, or performance monitoring, you need a plan for collecting, moving, and analyzing that data reliably for Apple’s ecosystem and that also fits into IT’s existing telemetry services environments.
Security starts with visibility, and visibility on Apple devices takes real investment from your vendor. They probably are if your current tools feel bolted on to the Mac.
Access management is critical
At WWDC25, Apple highlighted identity and access as foundational to winning with Apple at work. AccessMule, an SMB-focused tool built to tackle one of the most common access challenges organizations face (especially in small and midsize environments). AccessMule automates onboarding and offboarding, tracks who has access to which tools, encrypts password sharing, and even supports shared MFA workflows.
This is a perfect example of what I’m talking about here. It has nothing to do with device management, but it is a key part of success with Apple at work.
It is bigger than device management now
Device management still plays a role with Apple and IT, but success with Apple in the enterprise is about the full experience, covering a much larger vision. From login to logout, access management, every part of the stack needs to be designed to work with Apple the way Apple expects and giving what IT needs. That includes identity, app delivery, update control, patch management security posture, and credential management.
Apple is building the pieces. It is up to IT to put them together into something that works. What’s needed for IT and an Apple Services System/Solution that allows IT to build a collection of services and solutions similar to how IT solutions on Windows are built. To succeed with Macs at scale, stop thinking about device management as the finish line. It is just the first step. Everything else depends on what you build around it. And let’s retire the term MDM while we’re at it.
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
FTC: We use income earning auto affiliate links. More.
