Do you want to replace desktop PC's with iPads to work for 8-hours? I don't think most customers would replace their 23"+ screen for a 12.9" screen with an awful keyboard, and a touchscreen in vertical position, as you would do with iPad. Even Apple think touch screen in vertical position is a bad idea. Federighi said in an inverview "We really feel that the ergonomics of using a Mac are that your hands are rested on a surface, and that lifting your arm up to poke a screen is a pretty fatiguing thing to do," he said. https://www.wired.com/story/wwdc-2018-federighi-ios-apps-on-macos/
Do you really think users want that experience?
Second, have you consider why most IT choose Windows over Apple? One example is Apple lack of business / enterprise management tools for their own devices. At least Jamf and even MS are doing something to fix this. Another thing IT consider is ecosystem, and MS is miles ahead of Apple. MS business / enterprise ecosystem is huge, MS Office, MDM. databases, virtualization, ERP, collaboration, ECM, Azure, and the list goes on. if Apple had a similar ecosystem\, IT would have consider them for more than just iOS devices.
Maybe IT is not the one to blame in your workplace for the lack of Apple devices.
“You're using it wrong”: iPads are tablets, so no add-ons. Typing can be done all day on an iPad laying on a table with a slight angle and hands around it at the near end. Works like a charm.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in. IT (hate that abbreviation) can close the shop.
I think people have not problems with soft keyboard for light tasks. But they will never replace a full desktop / notebook for extended periods of work.
Mac not "just blends in." That's the reason you need Jamf and MS tools to manage them in business. And sometimes it means restrictions and obstruction, but sometimes that's the only way to protect business information, files and other type of data from misuse, loss and theft, among other security issues. I don't think they can close the shop, as you said.
I find it no problem to ‘work’ hours on end on an iPad. So anyone can.
I have extended experience running Macs in a non Mac work environment and found no problems at all. What needs to be protected is the corporate network and thus its endpoints while connected. Access to data is of course always restricted by a specific key and the data itself is of course always encrypted within its container. Protecting data otherwise is a lost cause and the evidence is all over the place to support that. If you don't trust the people working for you, don't hire them. If someone gets out of line sue him/her.
Do you want to replace desktop PC's with iPads to work for 8-hours? I don't think most customers would replace their 23"+ screen for a 12.9" screen with an awful keyboard, and a touchscreen in vertical position, as you would do with iPad. Even Apple think touch screen in vertical position is a bad idea. Federighi said in an inverview "We really feel that the ergonomics of using a Mac are that your hands are rested on a surface, and that lifting your arm up to poke a screen is a pretty fatiguing thing to do," he said. https://www.wired.com/story/wwdc-2018-federighi-ios-apps-on-macos/
Do you really think users want that experience?
Second, have you consider why most IT choose Windows over Apple? One example is Apple lack of business / enterprise management tools for their own devices. At least Jamf and even MS are doing something to fix this. Another thing IT consider is ecosystem, and MS is miles ahead of Apple. MS business / enterprise ecosystem is huge, MS Office, MDM. databases, virtualization, ERP, collaboration, ECM, Azure, and the list goes on. if Apple had a similar ecosystem\, IT would have consider them for more than just iOS devices.
Maybe IT is not the one to blame in your workplace for the lack of Apple devices.
“You're using it wrong”: iPads are tablets, so no add-ons. Typing can be done all day on an iPad laying on a table with a slight angle and hands around it at the near end. Works like a charm.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in. IT (hate that abbreviation) can close the shop.
I think people have not problems with soft keyboard for light tasks. But they will never replace a full desktop / notebook for extended periods of work.
Mac not "just blends in." That's the reason you need Jamf and MS tools to manage them in business. And sometimes it means restrictions and obstruction, but sometimes that's the only way to protect business information, files and other type of data from misuse, loss and theft, among other security issues. I don't think they can close the shop, as you said.
I find it no problem to ‘work’ hours on end on an iPad. So anyone can.
Not, not anyone. I have customers that requieres multiple monitores. One of them have 6 monitors to work multiple Excel spreadsheets, some of them with +10K rows. Others have to work with multiple applications at the same time, including documents, Excel reports, etc. These are some examples of users that would never work efficiently with an iPad + soft keyboard.
I have extended experience running Macs in a non Mac work environment and found no problems at all. What needs to be protected is the corporate network and thus its endpoints while connected. Access to data is of course always restricted by a specific key and the data itself is of course always encrypted within its container. Protecting data otherwise is a lost cause and the evidence is all over the place to support that. If you don't trust the people working for you, don't hire them. If someone gets out of line sue him/her.
I work IT and have no issues with Macs and Windows devices, but if you want to deploy them in places that requires compliance, for example, with HIPAA, you have to use tools to deploy them. Again, Mac doesn't "just blend in". And you cannot blame IT for this. They have to comply with those requirements.
IT have mechanisms to reduce the possibility data loss, not to eliminate it 100%, since this is impossible to do. But reduce is better than nothing, don't you think?
Every business have some degree of trust with their employees. But they have to work under some rules, and they have to remember It's the business / company data, not users data. I agree that some IT departments could do a better job, but most of them try to do the best they can with the tools they have. Which takes me to my initial point, Apple don't have tools to deploy their devices in business and enterprises. IT went to Jamf and MS to make it happen. Maybe that's the reason you see so few Mac in business in enterprises.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people. Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people.
Every company that hire an employee have some degree of trust. But that doesn't means you won't be careful with people you trust. There are a lot of examples of good people doing bad things. Don't you think that's one simple reason of having security mechanisms for when things like this happens?
Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
If there is malware for a platform, as it happens with macOS and Windows, then you cannot rely on the OS 100% to protect the user. That the reason social engineering is so successful, resulting in phishing and ransonware attacks in both macOS and Windows users.
These are just a few examples of security issues found in macOS. That's the reason a good IT manager will do their work and protect both, Windows and macOS users. To think that you are safe because you run macOS is not true at all.
I mean if you want to say, "Well iOS isn't macOS or iOS is not a REAL OS. Well I got news for you, we've been saying the same thing about Windows for quite some time now. And really I would almost say iOS is much more comparable to Windows 10, than macOS at this point. macOS is akin Linux as is Android honestly...
I mean if I had some client or family member say they were looking at getting. a really nice machine (especially "starting out"), I would say: "Well you like the iPhone right? What about a nice 12.9" with 512 (4GB RAM) or 1TB (6GB RAM), a pencil and your choice of 3-4 keyboards? for under $2,000? I honestly would be WAAAY happier if they choose that, because I wouldn't have to worry, very much about anything... you could push them off on their own and they would be just fine. Give them a Windows 10?!? are you kidding me?!? But purely when iOS 13 hits, then that's that, iOS 13 ~= Window 10... (if we even want to give Windows that much credit :P )
This is some of the funniest stuff I've read in a long time! Have you even USED Windows 10 lately? Probably not. You do realize that >80% of all computers run Windows? And it's not a real OS? Yet you consider iOS, which has no mouse support, a real OS? If you travel outside your little box and imagine the world's office workers all sitting in front of mouse-less iPads and tiny keyboards, trying to do their daily work, how many of them would be thrown out the window or in the trash? Currently, the iPad is NOT a replacement for a computer. Someday, maybe. I want to use my iPad Pro as my travel laptop, but lack of apps and no mouse support is a deal breaker. I was excited to hear there was some form of mouse compatibility with the new iPadOS, but turns out you can't really do much with it other than click on something.
I use Windows 10 (current build) everyday and it’s still a joke as a graphical OS and can’t be taken seriously at all for touch - it’s borderline fraudulent. Like most other professional, office-based workers, I didn’t decide on Windows and would use a Mac or iPad Pro in a heartbeat. The decision to use Windows was made by people who have no clue what business productivity is. Given the BYOD/user-chosen tech stats I suspect most of those 80% Windows users would rather not be. If you could leave the 80s behind for a moment, you’d realise few people need a mouse (or local filesystem access). If only Corp IT would listen to its customers, we’d trade our total IT spend for a bunch of iPads + in-house software so we could leave our desks & do our real jobs rather than be chained to those desks by that disastrous desktop OS.
Do you want to replace desktop PC's with iPads to work for 8-hours? I don't think most customers would replace their 23"+ screen for a 12.9" screen with an awful keyboard, and a touchscreen in vertical position, as you would do with iPad. Even Apple think touch screen in vertical position is a bad idea. Federighi said in an inverview "We really feel that the ergonomics of using a Mac are that your hands are rested on a surface, and that lifting your arm up to poke a screen is a pretty fatiguing thing to do," he said. https://www.wired.com/story/wwdc-2018-federighi-ios-apps-on-macos/
Do you really think users want that experience?
Second, have you consider why most IT choose Windows over Apple? One example is Apple lack of business / enterprise management tools for their own devices. At least Jamf and even MS are doing something to fix this. Another thing IT consider is ecosystem, and MS is miles ahead of Apple. MS business / enterprise ecosystem is huge, MS Office, MDM. databases, virtualization, ERP, collaboration, ECM, Azure, and the list goes on. if Apple had a similar ecosystem\, IT would have consider them for more than just iOS devices.
Maybe IT is not the one to blame in your workplace for the lack of Apple devices.
To answer this...people would trade their 23” monitors gladly for a device that needs very little maintenance. I have people at Cisco and other companies that would all argue that having an iPad and Macs increased productivity. You can manage these devices via Microsoft Intune quite easily. Many IT techs speak out of ignorance, but as an IT executive, I can tell you that Macs and iPads are more cost effective and the TCO is lower for Apple devices and our LCM is 6 years, if not more.
My point was related to ergonomics. I already posted how even Apple think that touchscreen notebooks are terrible from an ergonomic POV. That's how an iPad works with a smart keyboard. So the combination of a small screen and terrible ergonomics is not the best when working with a device for 8 hours everyday. TCO and productivity is another story, and it can easily go in favor or against Apple, MS, Google or whatever service or device you use. As you said, many IT may speak from ignorance, but I think they are a minority. I prefer to have a positive POV of the work IT departments do, and how they take educated decisions. Some may see better results with Apple devices, while other with MS / Windows devices. It's clear that Apple is not the better option for all cases, neither is MS.
As a Microsoft leader, you are talking like an old school tech. Microsoft is going platform agnostic, which makes many of your arguments irrelevant. Their push is the cloud and the landscape of IT has changed. Regardless of the platform, you have to find what works for your organization.
First, I'm not a MS leader. I have devices from Apple and MS, and use services from both. And in my line of work, I have to deploy and manage devices and services from both companies. Regarding my post, it was about reasons why many IT departments prefer MS over Apple, and being platform agnostic, as you said, is one of them. Second, Apple don't have a business / enterprise MDM solution / service. I gave examples like Jamf and even MS that create solutions to help IT to deploy Apple devices, since Apple did nothing to help. Now MS and Jamf are working together.
Don't you think that Apple could have done a better job helping IT deploying devices, instead of waiting for Jamf and MS to take the lead? No I can see IT departments having tools and better experience deploying and managing Mac's.
1. You’re assuming the incumbent ‘sitting at a a desktop PC’ for 8-hours a day is optimal for business productivity - it isn’t. Look at how workplaces are changing current business tools have become the means to their own end and do little to support current work practices. 2. Why do you think it’s so easy for Jamf & MS to add MDM to iOS/macOS? Because most of the work is done by Apple - built in to the OS’. The vendors add the UI, Jamf does it well MS can’t decide between crap webUI & PowerShell. Oh & I admin our MS365; largely redundant, self-serving crap.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people. Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
In what way do you think you are using the word "meaningful" there?
I'd agree that a network cannot be secured by central administrators in an absolutely reliable way, but to say that those administrators should therefore not even bother using tooling to prevent network attacks, and data loss or user malpractice is throwing the baby out with the bathwater. Desktop management software and tools are increasingly mature and allow a great deal of protection against a lot of common attack vectors that Apple and macOS do not insure against. Such tools aren't always appropriate, but that's more dependent on the business than the user's desktop OS. Other operating systems also have protections built in, but exactly the same applies - the "trust" you mention, whether it's in users or Apple is not an insurance policy, or an SLA, and is something most organisations that protect sensitive data would laugh in your face at.
Not to mention, the tooling talked about doesn't exist solely for security, but as a means to deliver application and system updates in a consistent and reliable way so users don't have to manage their own devices, or worry about incompatibility. That's a boon for a lot of business who make heavy use of IT, but don't necessarily have a technically literate workforce.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people.
Every company that hire an employee have some degree of trust. But that doesn't means you won't be careful with people you trust. There are a lot of examples of good people doing bad things. Don't you think that's one simple reason of having security mechanisms for when things like this happens?
Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
If there is malware for a platform, as it happens with macOS and Windows, then you cannot rely on the OS 100% to protect the user. That the reason social engineering is so successful, resulting in phishing and ransonware attacks in both macOS and Windows users.
These are just a few examples of security issues found in macOS. That's the reason a good IT manager will do their work and protect both, Windows and macOS users. To think that you are safe because you run macOS is not true at all.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people. Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
In what way do you think you are using the word "meaningful" there?
I'd agree that a network cannot be secured by central administrators in an absolutely reliable way, but to say that those administrators should therefore not even bother using tooling to prevent network attacks, and data loss or user malpractice is throwing the baby out with the bathwater. Desktop management software and tools are increasingly mature and allow a great deal of protection against a lot of common attack vectors that Apple and macOS do not insure against. Such tools aren't always appropriate, but that's more dependent on the business than the user's desktop OS. Other operating systems also have protections built in, but exactly the same applies - the "trust" you mention, whether it's in users or Apple is not an insurance policy, or an SLA, and is something most organisations that protect sensitive data would laugh in your face at.
Not to mention, the tooling talked about doesn't exist solely for security, but as a means to deliver application and system updates in a consistent and reliable way so users don't have to manage their own devices, or worry about incompatibility. That's a boon for a lot of business who make heavy use of IT, but don't necessarily have a technically literate workforce.
Your right about the last sentence. Version management can sometimes be important (for example if you rely on compile servers running on macOS). My security policy is, as I stated before, to have the company network secure and all its attached services, as a bonus I would make all data retrievable or editable secure by having it encrypted within its container. This means that if you manage to bypass network security and somehow manage to get data from a key protected service, its still impossible to access the data because its encrypted, only to be unlocked by people having the key to this specific data. Of course its essential that people having data access rights can be trusted. I don't think a sensible company will laugh at that, if they understood the concept.
Edit: Meaningful as in meaningful: having any additional value
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people.
Every company that hire an employee have some degree of trust. But that doesn't means you won't be careful with people you trust. There are a lot of examples of good people doing bad things. Don't you think that's one simple reason of having security mechanisms for when things like this happens?
Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
If there is malware for a platform, as it happens with macOS and Windows, then you cannot rely on the OS 100% to protect the user. That the reason social engineering is so successful, resulting in phishing and ransonware attacks in both macOS and Windows users.
These are just a few examples of security issues found in macOS. That's the reason a good IT manager will do their work and protect both, Windows and macOS users. To think that you are safe because you run macOS is not true at all.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people.
Every company that hire an employee have some degree of trust. But that doesn't means you won't be careful with people you trust. There are a lot of examples of good people doing bad things. Don't you think that's one simple reason of having security mechanisms for when things like this happens?
Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
If there is malware for a platform, as it happens with macOS and Windows, then you cannot rely on the OS 100% to protect the user. That the reason social engineering is so successful, resulting in phishing and ransonware attacks in both macOS and Windows users.
These are just a few examples of security issues found in macOS. That's the reason a good IT manager will do their work and protect both, Windows and macOS users. To think that you are safe because you run macOS is not true at all.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people. Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
In what way do you think you are using the word "meaningful" there?
I'd agree that a network cannot be secured by central administrators in an absolutely reliable way, but to say that those administrators should therefore not even bother using tooling to prevent network attacks, and data loss or user malpractice is throwing the baby out with the bathwater. Desktop management software and tools are increasingly mature and allow a great deal of protection against a lot of common attack vectors that Apple and macOS do not insure against. Such tools aren't always appropriate, but that's more dependent on the business than the user's desktop OS. Other operating systems also have protections built in, but exactly the same applies - the "trust" you mention, whether it's in users or Apple is not an insurance policy, or an SLA, and is something most organisations that protect sensitive data would laugh in your face at.
Not to mention, the tooling talked about doesn't exist solely for security, but as a means to deliver application and system updates in a consistent and reliable way so users don't have to manage their own devices, or worry about incompatibility. That's a boon for a lot of business who make heavy use of IT, but don't necessarily have a technically literate workforce.
Your right about the last sentence. Version management can sometimes be important (for example if you rely on compile servers running on macOS). My security policy is, as I stated before, to have the company network secure and all its attached services, as a bonus I would make all data retrievable or editable secure by having it encrypted within its container. This means that if you manage to bypass network security and somehow manage to get data from a key protected service, its still impossible to access the data because its encrypted, only to be unlocked by people having the key to this specific data. Of course its essential that people having data access rights can be trusted. I don't think a sensible company will laugh at that, if they understood the concept.
Edit: Meaningful as in meaningful: having any additional value
Then you're incorrect. Well administered remote management tools can provide substantial obstacles to users with malicious intent being able to cause damage to your company. Moreover, they don't just prevent malicious intent, they help prevent damage from accidental or careless behaviour.
Not blanket coverage obviously, but even if a lock won't prevent a determined burglar you still lock your door.
I just bought the SB2 (15") and I love it. It does everything I ask of it: office productivity, pen and tablet for note taking and web surfing, programming, and occasional gaming.
I have a 2 year old MacBook Air that I think is a great computer, but this is a better fit for what I need.
I think this review is a little misplaced. The SB2 was released in late 2017. If you want to just nitpick raw specs against the latest laptops, then this isn't your machine. If you want to talk about use cases and fitting people's needs, the SB2 is a unique offering that some, like myself, appreciate. If you want a JUST an optimized gaming PC, an inexpensive tablet, or a CPU intensive data crunching work horse, the SB2 isn't for you. If you want something unique that can do all of the above in an elegant package, the SB2 is for you.
Management tools means obstruction and restriction on a computers use, thats not suitable for a Mac, it just blends in.
What does that mean, "it just blends in"?
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with Intune.
My point is that restriction is the wrong way to think. Blending in means, you connect to the company network and it all works. Like I did years on end.
And your company was happy with you connecting a computer running unknown software to their network? Many wouldn't be, which is the point of Enterprise Management tools.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Of course they were ok with that. Its not a Windows computer infested with spyware and viruses I attached to the network. So I ‘know whats running’, also all services on the network should be protected against hacking and need keys to get in, and its data is of course encrypted with keys for the right individuals only. Service access-points and network monitor software should also log strange behavior all the time.
Your company is/was a lot more easy-going than a lot of others out there. I can't think of a single place I've worked that would tolerate a computer that they have no remote control over being allowed onto their back office network, Mac, Windows, or otherwise. Trusting a user's judgement is not in enterprise DNA.
Trust is the keyword here. I read a lot of years ago about a master hacker (Takedown) who made clear that nothing can be done about hacking, but you can contain it. The same is true for untrustworthy people. Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent. The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
In what way do you think you are using the word "meaningful" there?
I'd agree that a network cannot be secured by central administrators in an absolutely reliable way, but to say that those administrators should therefore not even bother using tooling to prevent network attacks, and data loss or user malpractice is throwing the baby out with the bathwater. Desktop management software and tools are increasingly mature and allow a great deal of protection against a lot of common attack vectors that Apple and macOS do not insure against. Such tools aren't always appropriate, but that's more dependent on the business than the user's desktop OS. Other operating systems also have protections built in, but exactly the same applies - the "trust" you mention, whether it's in users or Apple is not an insurance policy, or an SLA, and is something most organisations that protect sensitive data would laugh in your face at.
Not to mention, the tooling talked about doesn't exist solely for security, but as a means to deliver application and system updates in a consistent and reliable way so users don't have to manage their own devices, or worry about incompatibility. That's a boon for a lot of business who make heavy use of IT, but don't necessarily have a technically literate workforce.
Your right about the last sentence. Version management can sometimes be important (for example if you rely on compile servers running on macOS). My security policy is, as I stated before, to have the company network secure and all its attached services, as a bonus I would make all data retrievable or editable secure by having it encrypted within its container. This means that if you manage to bypass network security and somehow manage to get data from a key protected service, its still impossible to access the data because its encrypted, only to be unlocked by people having the key to this specific data. Of course its essential that people having data access rights can be trusted. I don't think a sensible company will laugh at that, if they understood the concept.
Edit: Meaningful as in meaningful: having any additional value
Then you're incorrect. Well administered remote management tools can provide substantial obstacles to users with malicious intent being able to cause damage to your company. Moreover, they don't just prevent malicious intent, they help prevent damage from accidental or careless behaviour.
Not blanket coverage obviously, but even if a lock won't prevent a determined burglar you still lock your door.
Management tools are - apart from cumbersome unneeded and restrictive - an attack vector in itself.
I am not a Mac user. My phone is Android and I do work with Windows 10 around 14 hours a day. So I do not know how Apple treats their customers. Please tell me you have had the same experience as mine, so that I can find some company with my misery! I damaged the SD card slot on my Surface Book II. That happened just before I sent the item to Microsoft in Sydney to fix its charging issue (which now I know is a common problem). I was just hit hard when I heard that they can't repair my device's charging problem because the SD card slot is broken!!! No one told me this device is not repairable and can only be replaced and now that the warranty is voided because of the SD card, I have to pay around $1000 for non-warranty replacement. A thousand dollars for a slight damage to the sd card reader! No one told me that I had to live with a critical function issue (not charging) because a couple of SD card wires are broken when I was buying this piece of junk. That is the worst product design, service design and customer care I have ever experienced.
I was trying to find where and how I was informed that the device is not repairable when I was buying this item. I cannot find sales terms, good job making it hard to find Mr. Gates! Why no one told me that the device is not repairable? How was I supposed to see it while sales terms are not supplied with the item? I know, there are things that you know and you look for them while buying a device, but this is not something you expect. Where was I supposed to look? The lesson for me is that next time I decided to buy anything, I'll sit in the shop for two hours and read every line of the sales terms. Something that you shouldn't have to do in a market where there is trust. Yes, trust, something that is now a rare thing, especially with Microsoft.
Comments
I have extended experience running Macs in a non Mac work environment and found no problems at all.
What needs to be protected is the corporate network and thus its endpoints while connected. Access to data is of course always restricted by a specific key and the data itself is of course always encrypted within its container.
Protecting data otherwise is a lost cause and the evidence is all over the place to support that.
If you don't trust the people working for you, don't hire them. If someone gets out of line sue him/her.
I work IT and have no issues with Macs and Windows devices, but if you want to deploy them in places that requires compliance, for example, with HIPAA, you have to use tools to deploy them. Again, Mac doesn't "just blend in". And you cannot blame IT for this. They have to comply with those requirements.
IT have mechanisms to reduce the possibility data loss, not to eliminate it 100%, since this is impossible to do. But reduce is better than nothing, don't you think?
Every business have some degree of trust with their employees. But they have to work under some rules, and they have to remember It's the business / company data, not users data. I agree that some IT departments could do a better job, but most of them try to do the best they can with the tools they have. Which takes me to my initial point, Apple don't have tools to deploy their devices in business and enterprises. IT went to Jamf and MS to make it happen. Maybe that's the reason you see so few Mac in business in enterprises.
Enterprise Management definitely need to be able to restrict Macs just as much as they do PCs, as well as iOS devices. Microsoft have this well covered with
Intune.
Like I did years on end.
Saying "that's not suitable" is not a good or viable argument against enterprise IT.
Service access-points and network monitor software should also log strange behavior all the time.
Regarding allowing Macs within the workplace: its not about a users judgment its about relying on macs - not being infested with viruses and malware (like Windows computers) - so essentially relying on macOS and Apples updates, and its user not having malicious intent.
The former is a great idea and saves a lot of hinderance, cumbersome work and a lot of money, the latter cannot be resolved with management tools in a meaningful way.
If there is malware for a platform, as it happens with macOS and Windows, then you cannot rely on the OS 100% to protect the user. That the reason social engineering is so successful, resulting in phishing and ransonware attacks in both macOS and Windows users.
You mention about relying in macOS and Apple updates. But, what happens when both fail, as with the Gatekeeper bug or the blank root password? Millions of users, like you, thought they had a perfect secure device at their worksplace, when it wasn't true. Another example are the bugs announced every year at the Blackhat and Pwn2Own events?
https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/
https://www.wired.com/story/macos-gatekeeper-vulnerability/
https://www.powerpage.org/hackers-uncover-two-critical-safari-vulnerabilities-at-pwn2own-conference-in-vancouver/
These are just a few examples of security issues found in macOS. That's the reason a good IT manager will do their work and protect both, Windows and macOS users. To think that you are safe because you run macOS is not true at all.
2. Why do you think it’s so easy for Jamf & MS to add MDM to iOS/macOS? Because most of the work is done by Apple - built in to the OS’. The vendors add the UI, Jamf does it well MS can’t decide between crap webUI & PowerShell. Oh & I admin our MS365; largely redundant, self-serving crap.
I'd agree that a network cannot be secured by central administrators in an absolutely reliable way, but to say that those administrators should therefore not even bother using tooling to prevent network attacks, and data loss or user malpractice is throwing the baby out with the bathwater. Desktop management software and tools are increasingly mature and allow a great deal of protection against a lot of common attack vectors that Apple and macOS do not insure against. Such tools aren't always appropriate, but that's more dependent on the business than the user's desktop OS. Other operating systems also have protections built in, but exactly the same applies - the "trust" you mention, whether it's in users or Apple is not an insurance policy, or an SLA, and is something most organisations that protect sensitive data would laugh in your face at.
Not to mention, the tooling talked about doesn't exist solely for security, but as a means to deliver application and system updates in a consistent and reliable way so users don't have to manage their own devices, or worry about incompatibility. That's a boon for a lot of business who make heavy use of IT, but don't necessarily have a technically literate workforce.
My security policy is, as I stated before, to have the company network secure and all its attached services, as a bonus I would make all data retrievable or editable secure by having it encrypted within its container. This means that if you manage to bypass network security and somehow manage to get data from a key protected service, its still impossible to access the data because its encrypted, only to be unlocked by people having the key to this specific data. Of course its essential that people having data access rights can be trusted.
I don't think a sensible company will laugh at that, if they understood the concept.
Edit:
Meaningful as in meaningful: having any additional value
Not blanket coverage obviously, but even if a lock won't prevent a determined burglar you still lock your door.
I have a 2 year old MacBook Air that I think is a great computer, but this is a better fit for what I need.
I think this review is a little misplaced. The SB2 was released in late 2017. If you want to just nitpick raw specs against the latest laptops, then this isn't your machine. If you want to talk about use cases and fitting people's needs, the SB2 is a unique offering that some, like myself, appreciate. If you want a JUST an optimized gaming PC, an inexpensive tablet, or a CPU intensive data crunching work horse, the SB2 isn't for you. If you want something unique that can do all of the above in an elegant package, the SB2 is for you.
I damaged the SD card slot on my Surface Book II. That happened just before I sent the item to Microsoft in Sydney to fix its charging issue (which now I know is a common problem). I was just hit hard when I heard that they can't repair my device's charging problem because the SD card slot is broken!!! No one told me this device is not repairable and can only be replaced and now that the warranty is voided because of the SD card, I have to pay around $1000 for non-warranty replacement. A thousand dollars for a slight damage to the sd card reader! No one told me that I had to live with a critical function issue (not charging) because a couple of SD card wires are broken when I was buying this piece of junk. That is the worst product design, service design and customer care I have ever experienced.