As an IT pro, bringing a level of automation to onboarding and updates with zero touch installation just makes your job easier. If a person can take an Apple device out of the box, sign in using their work credentials and get onboarded automatically, they get to work faster and you don’t even have to touch the machine to provision it.
Apple includes several key tools to help facilitate what is called zero touch implementation. It starts when you purchase the device. After it ships, the third-party reseller sends key identifying information such as the serial number and date of purchase to Apple Business Manager servers via a special reseller API. This in turn communicates with a third-party mobile device management (MDM) vendor your company is using.
The MDM is configured by you in order to enforce an organization’s special requirements. When the recipient powers the device on, they will go through the normal device setup process. As they do, the MDM will ensure the setup is done correctly by communicating with the device OS.
What’s more, with the MDM software installed on the device, you can manage updates and patches and ensure that employees are using sanctioned tools. This helps keep the machines secure and in compliance with company security and governance guidelines.
Choosing an MDM vendor for zero touch
While Apple has made it easy to enable zero touch enrollment, as an MSP you still have to choose the MDM tool to enforce the configuration rules on each device. Perhaps the best known pure play Apple device management vendor is JAMF, a Minnesota company that has been managing Apple devices since 2002.
That was long before the days of zero touch or even Macbooks, iPads, iPhones and AppleTVs, but the company has evolved with the hardware. Today it is considered the leader in the pure-play Apple device management market.
If you would prefer a startup, you might want to look at Kandji, a company started by three industry veterans in 2018. They wanted to build a modern device management solution from the ground up. The company is well capitalized having raised over $88 million.
#MDM enables the management of updates and patches to ensure that employees are using sanctioned tools. #Auotmation #MSP
If you want to manage more than just Apple devices, you have a number of options such as Microsoft InTune or VMware Workspace ONE (the product that used be called AirWatch).
There are others of course, and as always you should do your homework. If your client is an all-Apple shop, try taking advantage of zero touch deployment. If you manage multiple device types, you might want to look at one of the choices that allows for more diverse device management.
Photo: sergey causelove / Shutterstock