Mac administrators brace for big changes to Apple-powered fleets

New features could shake-up how macOS machines are managed


Special report A looming set of changes to the macOS has some administrators worried that the way they manage and configure Apple systems will need switching up.

Those changes, which have only been partly revealed by Apple, will see a new file system implemented in the OS and, in the process, a lockdown of key components of the operating system – away from attackers and admins alike.

Central to the idea is the Apple File System (APFS), a technology Cupertino already uses for iOS that is currently being offered for tests in preview versions of macOS Sierra, with plans for a bootable release next year.

When the shift does happen, some admins believe Apple will also institute a number of the security policies and protections being used for iOS devices – such as isolating and protecting core system files – that were described loosely by Apple in its 2016 Black Hat security talk (see video).

That move would likely include a shift in the way Apple devices are managed in the enterprise. Administrators would no longer be able to change basic system files – instead, permissions and policy would be instituted via the same Mobile Device Management (MDM) system used for managing iOS devices such as iPads and iPhones.

Youtube Video

For most users, this change will have little to no effect on day-to-day use of their Mac desktops and notebooks, and the change-over will be little more than another annual macOS update. For administrators, however, it could present a number of challenges.

The idea of a shift to MDM was outlined by admin Michael Lynn earlier this fall in a blog post, and immediately gained a following. While Lynn stresses that his piece was merely speculation and not a prediction of Apple's plans, a number of other admins who manage Mac networks and spoke with The Register believe he is onto something, and that Apple is in fact looking to move toward an MDM model for managing macOS machines.

"It's reasonable to expect that at some point in the future, MDM becomes the standard means for managing macOS," said Kaitlin Shinkle, director of communications and content marketing for JAMF software. "There are a lot of good reasons to move in this direction, namely security and user convenience."

That shift would also bring about a number of challenges. In particular, admins worry that some tasks – such as setting up and managing printers or encryption key settings – could be more difficult or impossible with the tools they currently use.

"If Apple is going to lock [macOS] down like iOS, there are simply things that Mac admins need to do that they won't be able to, unless Apple extends the MDM functionality," said Robert Hammen, a Mac admin with the National Center for Biotechnology Information at the National Institutes of Health.

Hammen told El Reg that while switching to an MDM management system will hardly be a deal-breaker for companies running macOS, some will need to find new ways to manage their machines and enforce policies.

"Depending on how difficult Apple makes it to configure and install things, there may be some pushback on total cost of ownership and supportability," he said.

To that end, the companies that develop administration tools for developers could be key to the move.

Next page: MDM pains

Similar topics

Broader topics


Other stories you might like

  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has darted the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading
  • Canadian charged with running ransomware attack on US state of Alaska

    Cross-border op nabbed our man, boast cops and prosecutors

    A Canadian man is accused of masterminding ransomware attacks that caused "damage" to systems belonging to the US state of Alaska.

    A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out "cyber related offences" – including a specific 2018 attack on a computer in Alaska.

    The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation "that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol."

    Continue reading

Biting the hand that feeds IT © 1998–2021