GoKawiilApple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage, and protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
There was a time when a stolen iPad or MacBook was a double nightmare for an IT department. You had to worry about the data, but you also knew the physical hardware was gone forever and would have to be replaced. A thief could wipe the device, reinstall the OS, and sell a perfectly good machine on Facebook Marketplace. However, with the maturity of the Apple Business platform and zero-touch enrollment, Apple has mostly destroyed the financial incentive for stealing corporate Macs and iPads.
About Apple @ Work: Bradley Chambers has been an Apple IT admin since 2009. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, share stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
In the early days of managing mobile technology, physical theft was a highly profitable enterprise. If a smash-and-grab thief took a stack of laptops from a car or an office, they knew exactly how to sell them. As long as they could boot to a recovery drive or use a USB installer, they could format the disk. All traces of the original company would be erased. The device became a blank slate that could be easily sold on Facebook Marketplace or at a pawn shop.
IT teams relied heavily on firmware passwords to prevent this, but those were cumbersome to manage at scale. If a device was lost, IT had to write off the entire cost of the hardware, and it was likely lost forever. The secondary market thrived on these stolen goods because buyers had no way of knowing the device was stolen until it was too late. I managed IT for an organization in 2011 that lost 10+ iPads over a weekend break-in. This was during the days when we were setting up iPads via iTunes (pre Apple Configurator).
Everything changed with the introduction of Automated Device Enrollment, which was tied directly to Apple Business Manager (now known as Apple Business). When an organization purchases an iPhone, iPad, or Mac from Apple or an authorized enterprise reseller, the device’s serial number is permanently mapped to the company portal at activation.
From the Apple Business interface, IT assigns that serial number to their device management services. This is what makes zero-touch enrollment magic. When an employee unboxes a brand-new Mac and connects it to Wi-Fi, the device securely checks in with Apple activation servers, recognizes that it belongs to the company, and automatically downloads all management profiles, apps, and security policies.
The theft deterrent
That exact same zero-touch workflow is what makes stealing these devices incredibly frustrating for thieves. Let us say a thief steals a managed MacBook Pro. Their first instinct is to wipe the drive and reinstall macOS.
The moment that a freshly wiped Mac connects to the internet to complete the setup assistant, it pings Apple. The device is immediately hit with a Remote Management screen that demands corporate login credentials. There is no way to skip it. There is no combination of key commands to bypass it. The Mac is hardcoded to belong to your organization at the server level at activation.
... continue reading