back to article Apple update approach 'not realistic' in enterprise, but login 'shim' gets thumbsup

Not many people are talking about Apple's recent WWDC from an enterprise standpoint. But identity and machine management tool maker JumpCloud says a "shim" to connect "the login to the device through to the Safari browser" is a notable development. JumpCloud provides identity services, which is why chief strategy officer Greg …

  1. Pascal Monett Silver badge

    "Apple demonstrates they don't have a deep appreciation of the enterprise"

    Ouch.

    That said, I'm sorry but even as an individual user, I don't appreciate the idea of losing everything I am working on because somebody else decided I have to update now.

    1. Oh Matron!

      Re: "Apple demonstrates they don't have a deep appreciation of the enterprise"

      So, it's a little more nuanced than that. Admins have the flexibility of when updates are installed, even including the scheduling of updates. JumpCloud are new to MDM to I'd give their comments a little latitude

      However, surely it's better than, "I'll just reboot windows before this important ca,,,,,, WTF? Why are you installing updates that you didn't tell me about NOW?!"

    2. Anonymous Coward
      Anonymous Coward

      Re: "Apple demonstrates they don't have a deep appreciation of the enterprise"

      @Pascal

      I run my business on Macs and, like you, also for personal use. I have just looked (in system preferences/software update v12.4) and automatic updates has to be switched on, and even then you have various choices.

      TL:DR, you choose when to update not Apple.

      Cheers... Ishy

      1. Pascal Monett Silver badge

        Doesn't seem to be the case from the article.

        And if you have to go check your OS settings to ensure that you do not lose work, well I'm not impressed.

        But don't worry, Borkzilla's AutoPatch is sure to bring us much entertainment in not so long.

        1. Anonymous Coward
          Anonymous Coward

          You don't appear to have read my comment correctly. I explained that...

          quote have just looked (in system preferences/software update v12.4) and automatic updates has to be switched onUnquote.

          Your last sentence made me smile. I am not really sure who borkzilla is but assuming it is Microsoft the best way to deal with their "borks" is to get a standing order for popcorn.

          Cheers... Ishy

      2. Richard 12 Silver badge

        Re: "Apple demonstrates they don't have a deep appreciation of the enterprise"

        And that IS the problem.

        In a corporate environment, the IT dept need to do two major things with updates:

        1) Test updates in sacrificial environments to make sure they won't take down important machines or software. Any updates that cause such issues must be blocked, and reported up to the supplier for a proper fix.

        2) Make sure that all the company machines get the updates within a relatively short time period.

        On macOS, this is basically impossible. They are not centrally manageable.

        The end user chooses whether and when to install any updates, unless they set it to Auto in which case Apple chooses whether and when to install them.

        So a user can easily install something that breaks their Mac or important business software, or conversely can decide never to install any updates at all, leaving the company at risk of all the security flaws Apple have fixed.

        It seems that it is now possible for the IT dept to force macOS updates to install, but only by using a massive hammer. Which they absolutely won't do.

        On Windows, end users get a popup dialog saying "your IT dept need to install updates, Now? In an hour? Tonight?"

        Or something like that. So they can delay it until close of business if they are busy, but no later than that.

        1. Ace2 Silver badge

          Re: "Apple demonstrates they don't have a deep appreciation of the enterprise"

          Enterprises can deploy profiles that lock a Mac to a specific internal update server. Then the admin controls which updates are made available on that server.

          I’m sure it sounded like a good idea, but it sucked to be 2 major versions behind because they hadn’t gotten around to it.

    3. Charlie Clark Silver badge

      Re: "Apple demonstrates they don't have a deep appreciation of the enterprise"

      If you're a company with more than a few machines you will want to make sure that security patches are installed in a timely manner, ie. in a manner that you control but reduces the surface for attacks. You can only do this with some kind of management software. Users may still have some control but if, say a week after you've approved and depoyed patches, they still haven't updated, it may be time to have a word: it's a company resource and the risks are to the company.

      WSUS will at least give you information about the OS but you'll generally need something more comprehensive to include all the standard software.

      1. Anonymous Crowbar

        Re: Stop pissing about

        My company has been using JAMF for MACs since I started about 4 years ago and it seems to do everything they require.

  2. Charlie Clark Silver badge

    Link?

    Shouldn't there be a link to the report the company is touting?

  3. VoiceOfTruth

    Apple permissions

    -> Apple's approach is to ask the user to confirm their identity before anything can be done to a system.

    That might be one reason why Apple is less susceptible to malware generally than the Windows insecurity model. I'm not suggesting that Apple is perfect, they have plenty of problems. But compared to Windows it's Apples and windows.

  4. rutrohrorge

    As a previous user of JumpCloud, you don't really want them doing anything with macOS. It was a fairly common occurrence where users would disappear or logins stopped working which forced a complete wipe and reinstall.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like