JNUC: Apple explains its approach to enterprise tech
Jamf CEO, Dean Hager spoke with Jeremy Butcher, from Apple’s Enterprise and Education Product Manager to explore Apple’s approach to the enterprise at JNUC 2020, where we also saw huge news around Microsoft support for Apple in the enterprise.
Apple, the enterprise and the need for good UI
The following is a very lightly edited and very partial transcript of the discussion in Q&A format – you’ll have to visit JNUC for more.
So, without further ado:
You know 20 years ago people didn’t talk about using their Apple devices at work much, but in recent years, Jamf has really seen Apple take off. How would you explain that?
The 10-year mark is definitely an inflection point, you know something like iPhone really started this new wave. And what started off as executives coming to it and saying hey I really want to use this to work, has expanded to really everybody wanting to do BYOD, but also a big contingent of that is, you know, corporate owned and liable devices as well so I think it’s been a big part of customer demand, but also a lot that we’ve put into the operating systems to make that process of bringing these devices into the office or now taking them back out to your house, but doing work on them as easy as possible for it.
Now we’re seeing employees leaving the workplace because of COVID-19 and going into their homes. What impact do you think that’s going to have on Apple deployment?
We’ve already seen great momentum in that space… I think the key thing and people have heard this already, is just the acceleration of these plans because it really forces you to think about what the priority is and then make the changes that are necessary to meet the priorities.
Tell us about your philosophy with Apple at work.
So, the short version is that philosophy makes its way into our strategy from a work perspective as well… They’re unique devices they need to behave differently, but that doesn’t mean they shouldn’t share key features so things like user enrolment things like Single Sign On extensions. The fact that managed Apple IDs work across iPhone, iPad and Mac. All of these and a lot more are good examples of the types of things that we make an effort to make sure are available across all of our platforms…
We come up with new things each year and as we address feedback from customers we want to make sure that we have as much parity as possible while still appreciating the fact that these are unique devices that have different use cases for customers.
At WWDC 2019 you announced the deprecation of kernel extensions. I wanted to talk about the strategy?
System extensions is kind of the concept that we introduced last year to move as much out of the kernel as possible. So last year we did security, networking, a whole host of categories that were using kexts. We expanded that this year.
We’ve said it loud and clear that we want to move as much of that code out of the kernel as possible I think this audience knows better than any why that’s important. There’s security benefits, performance and stability benefits to it. And now that Apple silicon has been announced, I think the motivation is even more clear that we can bring that same level of security, stability performance etc that we have on iOS, iPad OS (where we haven’t had kernel extensions) to something like the Mac.
We’ve been pretty vocal about making sure that from a developer perspective, they’re taking advantage of the system extension API’s (and) letting us know what parts of it worked for them, what parts don’t really… (We’re) trying to work closely with them to make sure that they’re unblocked to ship their products with system extensions as soon as possible.
Security at work…
This idea that there needs to be a distinction between enterprise grade security and consumer grade security is kind of a fallacy. So, “why shouldn’t everybody have amazing security?” is really the approach that we start out with.
The first thing is you know how many things can we enable by default, how many things can we make the one and only choice, so that the platform itself starts out as just a really solid foundation from a security perspective.”
We also know that there are certain things that fall more into the space around control or manageability that have benefits to security but aren’t by definition security items themselves and so that’s where things like the MDM protocol comes into play to help establish some of those controls and management capabilities. And for us, a good example of trying to solve that balance between the two is user enrolment. That is, you know, taking off at this point… (it) is kind of focused on that BYOD space that bring your own device…
What impact will Apple Silicon for the Mac have for Apple at work?
First and foremost, we’re super excited to see the engineering teams that build our amazing chips, take a crack at the Mac and see what they can come up with. We know that on iPhone and iPad we’ve had this amazing track record for this concept of performance per watt…
Speaking of trade-offs between you know things like security and user experience, there shouldn’t be a trade-off between performance and battery life”
The other thing is from a platform perspective… there’s a lot of different technology choices [developers] can invest in that result in really broad adoption of their software, across iPhone, iPad, Mac, Apple TV, Watch — the whole gamut because of the consistency that the platform brings.
How important is it … that we all embrace the native Apple capabilities that you’ve made available?
It’s definitely the direction we want to see people head… [It is] also our way of helping people stay as future proofed as they can be. Obviously, things change …. but taking advantage of the native capabilities of our operating systems really does help people be as prepared as possible when changes come along. And so, things like user enrolment, we think are a great example of that where, if you go down other paths to try to do management of devices that maybe you don’t own.
The discussion ended with a demonstration in which Microsoft Azure AD was used to set up a personal iPhone for secure business use — this is something that was unheard of just a few weeks ago, took a couple of minutes, and ended up with the enterprise data being stored in a secure partition on the personal iPhone.
Which should be quite popular.
There’s so much more in the full discussion and a huge host of additional useful insights and observations available at JNUC 2020, which you can attend remotely here.