The management of MacOS is such a PITA

cm0002@lemmy.world

We are, but it's not very helpful when the device can't reach out to the MDM servers because it's become disconnected from the WiFi for one reason or another

Oh and apparently you can't use an Ethernet USB dongle from the lock screen either, thanks Apple so wonderful and secure/s

toes@ani.social

Agreed. They are junk. Esp the clowns that used 1.1.1.1 for them.

kit@lemmy.blahaj.zone

You're doing something wrong. If the devices are pre-enrolled in JAMF and you've configured PreStage Enrollment properly, they'll automatically connect to corporate wifi on boot without needing a local user account or manual wifi connection.

cm0002@lemmy.world

Remote only company, there's no "Corporate WiFi", it does have a fallback WiFi profile where I have the employee start a hotspot on their phone with the matching info

But it doesn't always work on MacOS, almost like it stops trusting it if it's not regularly connected to or something.

Either way, no matter how you dice it, MacOS SUCKS on the business management side, Windows will let you do anything you want in any number of ways. MacOS is rigid and inflexible, the fact you need specific MDM platforms that focus on only MacOS/iOS to be any good should tell you that

"Windows is an enterprise OS with consumer features, MacOS is a consumer OS with (half-assed) enterprise features" ~Me

some_guy@lemmy.sdf.org

The first time I saw IT tooling on Windows (as a Mac / Linux guy), I was floored. Comparing that to Apple Remote Desktop (which hasn’t evolved in two decades) made me realize how far behind Apple was / is in these areas.

cm0002@lemmy.world

Heh yea, "Windows is an enterprise OS with consumer features, MacOS is a consumer OS with (half-assed) enterprise features" ~Me

At least Linux will let you get there, might not be out of the box, but you can configure your way there, MacOS is very rigid when it comes to enterprise management

2xsaiko@discuss.tchncs.de

You could turn on the guest account

cm0002@lemmy.world

Without remote access and the user locked out that can only be done through the MacOS recovery mode, if I'm already walking them through that mess might as well just reset their main account

kit@lemmy.blahaj.zone

I previously worked for a remote only company with similar roadblocks. The best option I found was to have the Macs shipped directly to a tech to be configured on their network (with their network profile configured in pre enrollment for ease of use) then ship it to the end user afterwards. The end users liked the "white glove" service.

I worked for many years in endpoint management and actually like Macs. They're not difficult to manage once you get the hang of it. In this oddly specific scenario, though, Windows would definitely be easier because the users could just login with their 365 account for provisioning.

cm0002@lemmy.world

Yup, that's pretty much the flow I've had to put in place, I actually figured out how to pull off the MacBook box "seals" without ripping them and then reseal it when we're done with so the employee feels like it's brand new LMAO

I worked for many years in endpoint management and actually like Macs. They're not difficult to manage once you get the hang of it.

Idk bro, seems like Apple considers all their business tooling and support as an after thought, perhaps it would be easier if we were all in on either/or but we have a 50/50 Windows/Mac/Android/iOS mixed environment and all the device management platforms seems to fall in to 2 categories: "Good with all devices except Apple" or "Good with Apple devices and sucky at everything else"

Most in other mixed environments seem to settle into having 2 platforms, JAMF for Apple and something else for everything else. My funding request was denied for 2 though lol

randomvideos@programming.dev

That sounds like a pretty rare problem

Why can you not shutdown or restart on the locked screen on windows and at least some linux distributions? The button is there, but its only used to suspend the pc

thwompthwomp@lemmy.world

I teach computer engineering, and Macs have gone from wonderful to the bane of labs in the last decade. Students never have the right dongle, the permissions are a mess, compilers are locked down. It’s sad actually. Macs took over cs departments and a lot of tech usage, but they seem to have entirely turned their back on that audience

dual_sport_dork@lemmy.world

?

You totally can, on every computer I've ever owned running Windows since NT (and most running some variant of Linux). The only reason it would not be there is if some turkey disabled it in Group Policy for some reason. The power button offers you power off, restart, suspend, and hibernate if you have hibernation enabled.

kn33@lemmy.world

That's only when FileVault is on, though, yeah?

kn33@lemmy.world

Isn't that Cisco's fault?

toes@ani.social

Cisco definitely encouraged it with their examples.

But the admin should have known better when setting up their environment.

tophneal@sh.itjust.works

I'm just curious here, but what are your Mac users doing to lock their accounts so often that this has become such a recurring pain point?

I feel for you, ever since I got approval to move all our mac's to kandji for management, I have less issues reported from Mac users than windows users.

example@reddthat.com

the larger a company the more cases you'll have in absolute numbers, even if the relative numbers stay the same

tophneal@sh.itjust.works

I understand and agree with you but I'm a bit confused, is that in reference to part of my comment?

example@reddthat.com

you asked why it happens so often, I provided a possible explanation.

just yesterday we had a similar case where a usb ethernet adapter wouldn't work on a locked device due to a similar issue, even if that one may be more logical.

especially when you have to follow an outdated password policy where people have to change their passwords at regular intervals you'll have such cases more frequently than when they only need to set it once until a suspected compromise.