Apple @ Work is an exclusive presentation from MosyleApple’s only unified platform. Mosyle is the only solution that integrates into a single professional-grade platform all the solutions necessary to automatically and seamlessly deploy, manage and protect Apple devices at work. More than 45,000 organizations trust Mosyle to prepare millions of Apple devices to work effortlessly and at an affordable cost. Request your EXTENDED TEST today and understand why Mosyle is everything you need to work with Apple.
There was a time when a stolen iPad or MacBook was a double nightmare for an IT department. He had to worry about the data, but he also knew that the physical hardware was gone forever and would have to be replaced. A thief could wipe the device, reinstall the operating system, and sell a perfectly good machine on Facebook Marketplace. However, with the maturity of the Apple Business platform and zero-touch enrollment, Apple has largely destroyed the financial incentive to steal corporate Macs and iPads.
About Apple@Work: Bradley Chambers has been an IT administrator at Apple since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, thousands of Macs, and thousands of iPads, Bradley will highlight the ways Apple IT administrators deploy Apple devices, build networks to support them, train users, share stories from the trenches of IT management, and ways Apple could improve its products for IT departments. IT.
In the early days of technology management, physical theft was a very profitable enterprise. If a thief stole a stack of laptops from a car or an office, he knew exactly how to fence them. As long as they could boot from a recovery drive or use a USB installer, they could format the drive. All traces of the original company would be erased. The device became a blank slate that could easily be sold on FB Marketplace or at a pawn shop.
We rely heavily on firmware passwords to prevent this, but they were cumbersome to manage at scale. If a device was lost, IT had to write off the entire cost of the hardware. The secondary market thrived on these stolen goods because buyers had no way of knowing the device had been stolen until it was too late. In 2011, I managed IT for an organization that lost over 10 iPads during a weekend theft. This was back in the days when we configured iPads through iTunes (before Apple Configurator).
That all changed with the introduction of automated device enrollment, which was tied directly to Apple Business Manager (now known as Apple Business). When an organization purchases an iPhone, iPad, or Mac from Apple or an authorized enterprise reseller, the device’s serial number is permanently assigned to the company portal upon activation.
From the Apple Business console, IT assigns that serial number to its device management platform. This is what creates the magic of contactless enrollment. When an employee unpacks a new Mac and connects it to Wi-Fi, the device securely registers with Apple’s activation servers, recognizes that it belongs to the company, and automatically downloads all management profiles, applications, and security policies.
The theft deterrent
That same hands-off workflow is what makes stealing these devices incredibly frustrating for thieves. Let’s say a thief steals a managed MacBook Pro. Your first instinct is to erase the drive and reinstall macOS.
The moment a freshly cleaned Mac connects to the Internet to complete the setup wizard, it pings Apple. The device immediately appears with a remote management screen that requires corporate login credentials. There is no way to skip it. There is no combination of key commands to prevent this. The Mac is encrypted to belong to your organization at the server level upon activation.
Combine this with managed activation lock and your stolen device will be effectively locked. The thief can’t use it and certainly can’t sell it to an informed buyer. The only value left is to disassemble the device for non-serialized spare parts, which drastically reduces the profit margin from theft.
Wrap
Apple has quietly built one of the world’s most effective hardware theft deterrents by tying physical hardware to cloud activation. As an IT administrator, there is tremendous peace of mind in knowing that if a device is lost or stolen, its data will be protected by FileVault and the hardware itself will be useless to the person who took it.
If you manage Apple devices in a business or K-12 environment and don’t use Apple Business with automated device enrollment, you’re leaving your hardware exposed. Buying off-the-shelf devices from a retail store and managing them manually means you lack that ownership at the server level. Th
Apple @ Work is an exclusive presentation from MosyleApple’s only unified platform. Mosyle is the only solution that integrates into a single professional-grade platform all the solutions necessary to automatically and seamlessly deploy, manage and protect Apple devices at work. More than 45,000 organizations trust Mosyle to prepare millions of Apple devices to work effortlessly and at an affordable cost. Request your EXTENDED TEST today and understand why Mosyle is everything you need to work with Apple.
FTC: We use automatic affiliate links that generate income. Further.
