Scaling Secure Apple Management Without Scaling Headcount

Recording in progress, the webinar has started. That means, at least theoretically, we’re live and people should be joining in. So, yep, looks like we’re getting some attendees in. We can go ahead and kick things off with a quick round of introductions on who you’re hearing from, who you’re gonna be hearing for the next, you know, hour or so. I’m Catherine Davis. Work at Adagy. I’m the head of product. Been in the Apple admin space for more years than I’d like to admit out loud, but well over a decade. I’ll go ahead and pass it over to Manny who’s also from Adagy. Manny Capura, manager solutions architect team here. Well versed in everything Apple has been similar to Catherine, over ten years of experience in the runabout business, also very familiar with the MSP business. But here just to be able to collaborate and be able to provide some really good information to the folks out there. Thank you. Pass it over over to Justin now. And thanks, Manny. Hi, everyone. My name is Justin Ascar. I’m the owner of the Virtual Consulting Group, home of Virtual Computers. We’re an Apple based MSP, been around since two thousand eight. I’ve been in this industry longer than that. Unfortunately, I am one of, I think, Atigi’s first customers, in the very beginning, And, Virtual Commuters is the only Atigee professional services company so far in existence. I like I like holding that title. And I won most humorous in times of pressure from Atigee, like, a couple weeks ago. So super excited about that, and I’m very happy to be here to help my friends at Atigee talk about their product today to all of you. Awesome. Well, we are excited to have you, and the title is well earned. If anyone, hears Justin or sees him, at Aces or anything, you will immediately learn it’s well earned. But yeah. So looks like we’re getting some of the people filing in, so we’ll go ahead and kick this off. Thanks, everyone, for joining for this webinar. We’re going to be talking about, you know, sailing scaling secure Apple management without growing your headcount. You know, we’ve got a couple people from Adigee, and then, of course, Justin’s got the expertise. But, you know, we think about the world, like, just to set the stage, like, the device counts are growing. People are expected to not only manage more devices with higher security in a higher risk, higher pressure environment, but they’re also asked to do that with fewer and fewer resources. You don’t have room to grow your teams. Maybe there’s just hiring freezes. Things are happening so that you really just can’t throw people at it. I, you know, think back to, again, dating myself a little bit, back when I was an a Windows systems administrator, and it was two thousand ten. Yeah. Two thousand ten, and the iPad was released for the first time. And I worked at a university, and everybody wanted iPads in the classroom and set up for everything. Well, fun fact, there was a very brief period of time where there was actually no mobile device management for iPads after it was released because it didn’t come out until iOS four point o. So everything was manual, and I was fortunate enough to have an army of student employees that I could just be like, go do the thing. It’s not really how that works for a lot of companies now, especially when we’re remote and located all over. You can’t just send people down. So we’re gonna kinda talk about that and how automation and modern management tools really help with that. Manny or Justin, you wanna add anything to our kinda kickoff? Yeah. Manny. So, essentially, what as you all are probably in the more Windows focused space, right, our goal is to be able to help you understand that managing Apples is not very different than managing any Windows environment that you have today. You just wanna make sure you have the right tools in place and be able to make sure that you wanna be successful using the right tools. Right? Having worked in the MSPs many many hats ago, I I can understand how you have to be a jack of traders and be able to essentially have the ability to wear many hats simultaneously on the same day. Right? You wanna be able to go from fixing a network panel to be able to essentially log in and create a user directory for a new employee that is onboarding for a customer. But at the same time, you also need to be able to prepare a Mac to get us started for that new employee for that customer, right, along with all the other service tickets that you have hanging around. Right? And if you have to go through that process and do it manual, wow, I’m I can only imagine because I’ve been there, and I know exactly how that feels. So and once you understand what it looks like to be able to manage an Apple device, you you know, in my case, I never wanted to go back to Windows. I’m not gonna say that that’s the same case for everyone here, but I can say that you probably will be more lenient in preference than to be able to manage an Apple device moving forward. Justin, what has been your experience in the last years of, you know, managing your Apple devices and growing your Apple footprint? Yeah. It is I mean, look. I’ve been in this industry a long time. And going back from when we would use tools like remote desktop to, like, just log in to someone’s computer on an insecure line in two thousand and four to what we do today. You know, when Apple released what was the start of MDM, it changed the game for a lot of people. The ability to push controls to devices, Macs, iPads, iPhones, eventually to the watch, the Apple TV, to the Apple Vision Pro if you’re so lucky to get one. It has really changed how we, as IT providers, MSPs, admins, take care of our fleets. Apple paved that way with MDM, and now on the Microsoft side, you all are getting the benefit of that from using things like Intune and getting away from your traditional RMM only plans. Now you have the ability to set controls from an organizational standpoint and, you know, have it be cloud based. You know? I I joke that COVID, it was a game changer, and I don’t mean that in the negative way, but in the positive way for IT people that it allowed all of us to finally prove to our customers we don’t need to be in your office every time. You know? For us, all of our customers are like, well, we don’t see you. What are we paying you for? And I was like, you don’t need to see us. We’re doing everything in the background. Trust me. And then when COVID happened, I was like, see, you’re still running because we’re still doing everything in the background. So it kinda worked out. And as we’ve moved forward, I mean, it’s been six years now. The technology is getting bad. It’s getting better. It’s faster. It’s stronger. Right? Six million dollar man kind of thing. There’s a couple of solid players that do the things we need to do. Atigee is the gold standard for Apple management when you’re doing especially when you have multi tenancy comparative to Intune on the PC side. And there’s nice integrations between the two. So I think there’s been a very big up shift. What’s you said, Catherine, you mentioned something about the the iPad coming up. I have a a first generation iPad up there that actually has engraved in it demo unit, not for resale. Don’t ask me how I got it. But, you know, it was great to see that come out and see how that technology can work because I really think it was the iPhone and iPad that really bond what MDM started as and to where we are today where we can get computers to be in some sort of level of compliancy, right, to have phones that are protecting data between their personal and their work lives. It it it really has changed how companies can look at security and compliance and protection and efficiency and productivity. So, yeah, long winded answer. I apologize. No. It’s it’s great. And I will admit it bring it gives me some flashbacks to my, like, SCCM two thousand seven days, and I’m so glad we’ve grown since then. Not just on the Windows side, but definitely on the Apple side. I mean, back then, MDM didn’t exist to your point. So, yeah, I think just to kind of transition into kinda some of the next topics, we’re gonna launch poll. Curious for the people that are joining us today. Who’s managing your Apple devices today? We know that people are always at different stages. And just curious, you know, if it’s a managed service provider that’s supporting multiple customers. Maybe it’s your internal IT team. Maybe it’s a hybrid. You’re doing some co management. Or maybe you’re just getting started, you just have one or two test Macs or iPads, and you’re like, how in the world do I manage these? So please answer that poll question, and we’ll, you know, kind of talk a little bit more about, you know, what happens when environments grow and also the environment mix of devices. You know, a lot of people are going to a user choice program. Maybe they’re choosing more Macs, more iPads. They’re, you know, taking some of the consumer things that they’re used to and bringing them into the workplace. How do teams deal with that when your team size isn’t growing? Maybe you’re a Windows admin, a Windows shop, and, you know, you’re suddenly given I have a really good friend who manages Windows devices, and she was basically handed, hey. Here’s forty Macs. You manage them now too. And she’s like, I’ve never used a Mac in my life. Like, how do how do people even deal with that? Like, I’m curious, Manny and Justin, what kind of scenarios you guys are seeing in terms of handling that and growing? Yeah. So what in in my experience is the first thing is to be able to find a right tool. Right? Doing it once is okay. Doing it multiple times is not fun. Right? Once you encounter that, that scenario is gonna be repetitive. You have to find a solution. And for me, in my case, various MDMs, back in the day, right, the the the footprint in MDM, products have expanded. What I found back in the day that worked for me the best is honestly be able to use something like Atigi, being able to essentially have that MDM solution that provides the needs of the speed and be able to essentially make sure that I have something that will allow me to reduce my operation processes and be able to deploy apps. We all know that c level executives are the most known users to use Apple devices, but they also wanna be in the less secure ones. They don’t want complex passwords. They don’t complex passwords. They don’t want, you know, third party apps to be updated or macOS patching updates to be deployed, because their their focus is to help grow the business. So how can you do that in the process that does not interrupt, you know, their business ongoing and be able to be as least business disrupted as possible? Right? So certainly, encapsulating the right tool. And I will actually like to quickly show, a little bit encapsulate that in how we help customers now and they be able to engrave that. Right? So this is the Adity environment. Maybe most of you the first time you’re seeing it, but one of the greatest things that helps me essentially understand what the end user is experiencing is some of the go live features. Right? Through the go live experience, you have the ability to be able to run terminal commands, be able to essentially restart, shut down, lock the device in the race, look at performance live, right, Be able to see what kind of software is installed on the machine, be able to run scripts, and run some security audits. So little things like this really makes your day in terms of be able to operate in a more efficient way. Right? So you always wanna keep in hand that, yes, you have the testing in hand, but what is the process that you wanna be able to include to be able to reduce that operation times? Right? That was my focus back in the day, and I think it’s the focus for most of you today. What is your take on that, Justin? Oh, you’re muted, buddy. Sorry. You wouldn’t have mic. I muted on my mic so I can type something. If you’re a Windows admin and you’re now forced to be in the Apple ecosystem, whether it’s a Mac or iPhone, doesn’t matter. You made a good point, Manny. Right? Use the right tool for the right job. You know, if you’re going to install new Windows in your house, you’re not gonna use a hammer to do that because that would break the glass. Right? Right tool for the right job. Totally agree with that. I think also to what Catherine was saying about her friend who’s never touched a Mac, to be honest, look, a computer is a computer. They all go to the Internet. They all have pros and cons. There is the the concept behind how do I move myself forward to be able to take care of the things that I’m being asked to take care of. Right? And so I think the goal for today is not to come in and say, you need to learn seventy eight new systems. You need to know what you know with your Windows side, and you need to know a couple things on the Apple side and how those two can mesh well. Years ago, I have a client we have a a big nonprofit that we take care of that was an all Apple shop with Google, and the other company that they were merging with was an all PC shop with Microsoft. And luckily, I had a seat at the table in the boardroom, but I’m listening to the IT manager from that company and people from that from the the other company saying, no. We’re gonna go all PC. All the Mac people are getting rid of their Macs. They’re getting PCs. And all the Mac people are like, no. No. No. No. No. We’re gonna move all you guys to Macs. And there was no there was no win. I I I shyly raised my hand. I was like, hey. What about employee choice? And they were like, what? And I was like, we can manage both Macs and PCs. You have your internal IT guy do the PC side for this particular client, and we do the Macs. And everybody’s happy. And so we were able to, like, agree on that, and it increased their productivity. So I don’t like when I hear a PC MSP or Windows admin say, like, I don’t do Mac. I hate Mac. Macs cause problems for me because what you’re doing is you’re denying someone on your in your company the ability to do their job as effectively and as possible. There are tools to manage Macs. And to say, like, you know, I don’t wanna be bothered with it. I think right out the gate you’re coming in with the wrong attitude. If you can say to yourself, you know what? There are going to be Apple devices. The CEO wants an iPhone. We need to be able to make sure it’s secure without bothering him. We need to know the tool set that’s needed to make that work. That’s the right way to go. And coming in with that particular attitude and then picking the right tool, Adegy, It’s it’s one of those, like, just keep spoon feeding it. Right? Pick the right tool for it. You can manage that from a a very easy posture and make sure that those devices are secure. Yeah. No. Absolutely great points. I’m gonna go ahead and have us launch another poll question just around, you know, what does your organization do when device count grows but head count doesn’t? And while people are answering that poll, there’s a couple really good questions that have come in through the chat that I’m just gonna really quickly address before we talk a little bit more. Yeah. So in terms of integrating with existing PSAs, yes, we have a lot of integrations for, like, ConnectWise, Kaseya, a bunch of integrations. They’re listed on our website, or reach out to us. We can give you more information specifically on, like, what it is, what it does, all of that good stuff. And then in terms of compliance, yeah, we have both monitoring and automated remediation for things like CIS level one, level two, CMMC. Yes. Can I touch can I touch on that, Katherine, for a second? Yeah. Absolutely. I’ve recently went to a security class where we discussed the idea of getting Macs secure for compliance. So for the Windows admins who don’t know, you you need to do a little reading on what’s called the MSCP program or the ISCP program. It’s the Mac security compliance program or iOS security compliance program. There have been a lot of very smart people who came together and created a great framework to make MACs secure to these compliance levels. I think NIST was the kicker, and everything else kinda stemmed off of it. Atigee is the only we keep saying MDM, but to be honest, now called a DMS, device management service, is the only service that I know that can get computers into a compliance and remediate it and report on that without me having to do anything else. Once I’ve told the computer these are the benchmarks, I want it on CMMC and I want it to auto remediate, I’m done. Which means I have finished making an entire client c m c CMMC compliant with a couple of clicks, and I’m done. You can’t do that on Windows. Like, I have looked and if someone wants to correct me, I look forward for your tweets and emails. But, like, I’ve yet to find the tool that does that on Windows. And that has been a massive game changer that we can get a computer we can get an entire client compliant within a very short amount of time, and it takes five times as long to get the Windows machines into that same compliance. Yeah. And and pulling a little bit of thread on that, Justin, you’re absolutely correct. I just wanted to go ahead and show the audience a little bit what that looks like in the platform just for a few seconds to get a feel of it. So in Atogee, you have what is called a catalog, but under that compliance stance, these are all of our benchmarks that we have today. Right? We have CAIS level one for the different macOS versions, CMMC level one and level two, and we also have vSYS TIC. What’s great about it is that we can also deviate from the standard benchmarks. We know that it’s sometimes a one sit one size fits all is not what is applicable for all the different requirements and regulations that you need for your internal audit. So you can just simply click select and clone and select your benchmarks. Once a benchmark is applied to it, a simple remediation process will happen on the device level and be able to essentially see the type of compliance status that you have. Once you have your compliance status, you can also run historical reports on the compliance performance of your devices and such. So as Justin explained, very easy to do. We’re able to essentially enforce your the compliance stance on your devices and have the ability to be able to meet your security audits through a process. Yeah. I think I think that has been an absolute game changer for our the clients that we have that need that, especially in those mixed environments. You know? Putting together those compliance reports, I will say this as just as an asterisk. We do not write what the benchmarks are being. We have engaged with a cybersecurity firm to write those benchmarks, and I’ve given them all of the what do you the items within the benchmark, like, as an Excel document to the cybersecurity firm. I said, okay. Client a, tell me what needs to be on. Client b, tell me what needs to be on. They come back to us, and then we we push it out. But Atogee has made it, like, super easy to do all of that. Yeah. And just to add on to that a little bit more since I know this is especially if you’re newer to the Apple side and don’t necessarily know how to do all the testing yourselves. One of the things that, you know, we’ve heard a lot and Adigee has really leaned into is before we push out any updates to our automated remediation, say there’s updates to the benchmarks, say there’s updates to Apple’s OS, or heaven knows, everything changes so fast. We actually have a team internally that vets all of those, so you’re not just pushing them out and potentially bricking all of your devices. That’s something that, you know, some other tools that say, hey. We automatically remediate, you know, compliance or automatically enforce these benchmarks. Yeah. They do, but they’ll just kind of push scripts out right away. It’s not necessarily tested internally, whereas we make sure we’re testing it against multiple kinds of devices, different versions, really putting it through its paces. And then in addition to that, we had all the ones that you could see when Manny was showing it. We’re actively, like, adding more and then getting them through that vetting and constant testing process. But we also have custom benchmarks, which a lot of people use. I know I’m like, I saw someone say HIPAA in the chat. You know, that’s something we’re we’re working on adding as, like, a predefined click and deploy one, but you could add everything that you need with custom benchmarks right now. And if you don’t need everything in, like, CIS level one, you can say, okay. Cool. I want seventy of the ninety four. I think there’s ninety four. But yeah. So a lot of flexibility there, and it’s actually been tested on real devices, which is something that you don’t see a lot in the Apple world, unfortunately. With that, we kind of talked a little bit. We’ve been jumping around on, you know, our topics, but I think this was really good to talk about some of the compliance and security right away. I think, though, it would be great to kind of talk about, you know, scalable automation. From my perspective, you know, having been, again, a lifetime ago in the admin seat and from hearing from customers, hearing at conferences, you know, what people are dealing with, I really see that as starting off on the right foot when you’re kind of onboarding and deploying your Macs, your iPads, your iPhones. You’re getting that fleet set up and having a really good standard kind of from day one with the right tool. I’d love to hear, you know, what you do, Justin, or what you see with regards to, like, zero touch deployments and reusable workflows and kind of how you structure that in order to be more scalable. Yeah. I mean, like I said earlier, with COVID, everyone went distributed. So we don’t we don’t touch computers anymore for setup. Right? So I guess show of hands in the Zoom, like, how many of you as Windows admins understand Apple Business Manager? Because that’s kind of a key element to this whole piece working. With Apple Business Manager, which for the most part, can consider it like a device management or inventory management for devices, users, and apps, That’s your starting point. This is something that I find that a lot of Windows admins don’t look at, which is getting Apple Business Manager for security purposes anyway, but Apple Business Manager is where it starts. Because what happens is any Mac that we ship out to a client I have clients all over. I got I’m in New Jersey, I have clients in Colorado, Hawaii, whatever. When they turn the computer on, as long as the device was purchased the right way, it’s in Apple Business Manager, and Apple Business Manager is tied to our Atogee instance, that computer is gonna turn on and it’s gonna say, hey. This computer is owned by your organization. Click here to go. And you hit it and all of a sudden now, the computer sets itself up. It downloads all the apps that are required. It adds the user account that’s acquired. It downloads all the profiles and all the security tools and everything. Boom. Right to it. All of a sudden, the user has just has to log in. And if it’s configured with, let’s say, Microsoft for platform SSO, the user only has to be given their Microsoft account credentials. Or if you wanna take it to another level, you can go so far as to give them temp credentials, let them set up two factor authentication on their phone, and then they never need their password, which is kinda cool. But you have to do it in that order. It has to be Apple Business Manager to your device management service, Atigi, and then within there, you’ve configured everything. This allows my team to, like, ship a computer somewhere from Apple to wherever. We say, hey, turn it on. Turns on. We say wait an hour for everything to download depending on how much stuff they’re downloading because it’s on their Internet. And then then we do whatever we need to do to white glove the rest of it if we’re gonna do that. Most of the time, we don’t have to. That’s signing people into things or whatever. That’s the white glove part. But from a zero touch, it’s literally if it’s configured properly, it’s turn it on and go. And that’s the best part of it. So if you’re not aware already with ABM, do that. I see in the chat here, Steven Jenkins wrote, if you have Macs in your company, you don’t use ABM. You’re doing yourself a disservice and wasting money. That is very close to the right answer here, Steven. Even if you don’t have Macs in your company, you should have Apple Business Manager. I know I’m off topic for a second. But to ensure that no one is creating unmanaged Apple accounts with your company domain. Apple Business Manager allows you to claw those back. So right there, security point. Plus, you get to manage you get to push your Macs in there to go to Atigi. So plus plus. Right? There’s so much that you’re gonna do there. If you’re gonna push Apple apps to iPhones, iPads, and Mac devices, you need Apple business manager to purchase those apps through what they call the volume purchasing program or content management now and push that out. So start there, connect it to Atigi, ship a computer, French chef’s kiss. And that’s AG Assist. That way, you can have the end user’s experience be just icing on top of the cake. Right? Be able to just Oh, yeah. Tell the end users exactly what’s happening on their machine. Totally game changer nowadays because that just complements the end user experience end to end. So Yeah. It’s like a little window that pops up. It says, like, I’m now installing Google Chrome. I’m now installing Firefox. Please wait. With a little bar that I think every ad I think every IT admin in the world knows what that bar means. But, like, it does tell you that things are being installed. That way, that user knows what’s happening, and then they’re ready to go, and they’re prompted with a login. Yeah. It it’s especially nice. Like, we are able to do things with, like, applications. For example, we have what’s called prebuilt applications. So that’s a big thing. Like, again, like, thinking back to the evolution of some of the things people request is like, okay. Cool. How do I get, you know, this application, you know, PowerPoint, math notes, who knows, whatever whatever the user wants on my device? Well, you know, one of the things to look at for Apple management is the click and deploy and automatically keep things up to date. So even if you’re not the person that’s installing, maybe you’re only partially managing your Macs. You’re not fully there. But, you know, Chrome, there’s a CVE vulnerability, like, every other hour for Chrome. It’s, like, always needing to be updated. Even if you weren’t the one that installed software, if it’s in our prebuilt applications catalog, we can automatically update it to the newest version based on that. So it’s basically even if the user’s installing stuff that maybe you’re not intentionally pushing out, make sure it’s up to date so they’re secure anyway. There’s your patch man there’s your Windows patch management that people live and die for on in their RMMs. Absolutely. Yeah. Yeah. So, you know, I I’m gonna launch another another poll just because I’m really curious with this one. With the with the group, how automated kind of is your Mac onboarding today? So I think we’ll get that one popped up, and we’ll kind of continue on with this. But I wanna just just kind of talk about, like, know, we’ve we’ve really been focused on security, compliance, kind of that zero touch, but it’s all very, like, linked together. And how do we make sure like, say you’re a new admin or you’re trans transitioning from, like, Jamf, or I’ve seen some other ones, and they’re like, Meraki. Like The Meraki system manager that’s end of life all of a sudden. Now everybody’s jumping ship and trying to figure out what to do. Yeah. Yeah. Like, how do you start to look at that as like, okay. Cool. I need a tool where I get security and compliance and automation without the added effort. Like, what are the critical things that you guys see that need to be looked at? What are the kind of biggest things? Like, we’ve touched on one touch deployment of compliance, but, like, there’s gotta be more. I know there’s more. I mean, for us, a lot of this is what we’re pushing in a packet in a I’m putting the word packaging quotes because it it has double meaning here. Like, what we’re pushing in a package when we deploy a device. Right? Because between after we’re grabbing from the volume purchasing program or content and tokens between and and then now we have pre built apps so we can push things like Chrome and Firefox regularly and keep them updated. And then profiles, which are gonna be setting those restrictions on these devices to allow or not allow certain things. Like, there’s your kit and caboodle for for output, and that’s gonna allow the user, the end user, to have a great experience. But as the admin, you’re gonna want more than just the end user having a experience. You wanna have a great experience with it also. And if you can kinda set it and forget it, like, I gotta admit, like, we have, I don’t know, seventy policies in our Atogee right now. Right? I I don’t know the last time anyone on my team has updated the onboarding process in terms of the what’s in Atogee. Maybe we’ve added a couple of apps here and there, but, but, like, we don’t have to touch it. We don’t have to once a year, have to update the certs, but we don’t have to touch the rest of it. It’s set and done. The device is purchased and it enrolled and does what it needs to do. On top of that though, we have really nice features in Atogee that allow us to pull custom facts, And we can get information about computers. We can see its uptime. We can see its IP address, its internal IP address, its MAC address. All of these really important pieces of data that as an admin, we need to do something with. And so all of that’s in there. And I think also on top of that, that those facts play into Atogee’s, like, maintenance tools. So if a computer hasn’t been rebooted in seven days, Adigi itself pushes out the notification to the user saying like, hey. Hi. It’s time to reboot. Right? Those are built in. Cleaning out cache files and temp files that normally get filled up. Built in maintenance. Turn it on and walk away. So, like, it’s been really easy to maintain the health of these devices that we take care of because of what’s already pre built into Atigi and enabling just a couple of buttons. Yeah. That’s correct, Justin. And and as you expand with that, it it reminds me of the days where, basically, you got an urgent request and you had to use, like, either profile manager or you had to use Apple Configurator, right, and be able to essentially configure those devices and be able to jump the hoops. Right? Like, how long ways we have come from that? And I just wanna, like, quickly share with the audience a little bit of what actually you meant around some of the automation that happens in the back end, be able to assist with that process. Right? Again, if we go to one of our policies here, we have what we have we what we call the maintenance items. Right? And we have a daily reboot for APM, flush DNS. But you have over three hundred device facts that you can go ahead and use. You can even use your own script and be able to put a frequency to it. You also have your general monitoring events that just alerts, as Justin explained, to some of the admins here what’s going on with the device. So you have over two hundred and forty of them right available right out the box to be able to use, plus the ones that you can add to your own script. So having those items available makes sure that you as the admin know what the actual status of the device is, and it gives you that reassurance to be able to make sure that the end user is at a good place to be able to be have a managed Apple device. Right? So going to the the the the rethinking of how we manage Apple devices to date, nine days from using Apple Configurator, and to be able to use something like Adity to be able to essentially expand and create workflows that were not thinkable years ago. And being able to put a lot of security on that stuff too. Right? Yeah. And making it so that the security and the secure state is, like, the default rather than kind of the, oh, I happened to be able to set this Mac up in the way I wanted to. I think, you know, Manny, to your point of, like, it’s night and day different to even how it was a couple years ago, not just with, like, our tool, but the industry entirely. I mean, Apple’s been moving over to declarative device management, which for those of you that don’t know, traditional mobile device management, we, as the device management service, have to kind of ping the device and kind of push information. Whereas declarative device management, aka DDM, it’s making an attestation on the device. So the device kind of keeps itself in check. It knows what its default state is. And so there’s less of a downtime in terms of making sure that it’s in the secure and compliant state, has all the configurations that you want. So as you’re kind of looking at Apple, like, that is the way that they’ve been making it very clear they’re going. Device declarative device management, if I could talk, lots lots of those big fun words. That’s a really big thing to kind of keep an eye on as you’re evaluating your options and how you’re going to grow because, you know, there there’s a lot. I am gonna really quick plug the Atigee video series if y’all are new to Apple management, especially. My team, the product managers and myself are doing it’s called the MDM field guide. We’re taking some of these meaty topics that might seem a little overwhelming, like, okay. Cool. VPP, volume purchasing program. How do I deal with applications and licensing and pulling licenses back or doing things like that? What in the world are OS updates with declarative device management? Putting them into small snippets, videos that are really consumable. Check it out. And, also, let us know if there’s a topic you wanna hear about. Sorry. That was my just little plug to get more info for people because it’s great. Yeah. Absolutely. And just to add to that, Catherine, there is there can there can be patching Tuesday for macOS and iOS devices as well. Right? Apple has made it very easy nowadays to be able to make sure you have a patching mechanism with Declared Device Management. And we’ve seen, at least in our platform, great success using DDM. Right? And we just continue to expand on that. But in addition to that, now there’s less conversations of the admin not wanting to update the device because the experience has improved so much that now it’s coming almost second nature as we noticed in the at the end user level to be able to understand what patching is because it’s less disruptive as it used to be in the past. Something else I I wanna add on. I’m gonna backtrack a little bit, Manny. One of the things you’re pointing out with the the custom scripts and the monitoring, everything we talked about, because someone had asked earlier about integration with PSAs. All of that information get piped into your PSA. So, like, we use Halo PSA, and there’s a great integration. And the reason we went to Halo PSA from Zendesk was because it had a built in Atogee integration. And if something happens in or was reported by Atogee, it will open a ticket in our Halo PSA. And if it solves itself, because, like, maybe a script ran, it will close the ticket in Halo PSA. Or someone who might if it doesn’t close because of a reason or it needs more human intervention, my team can handle it. So having that having those data points and all there’s so many data points within Anagy about a device piped into our PSA so my team can handle it means that we, as admins, are taking care of the end users far better than guessing at what’s wrong or waiting for them to come to us with something that’s wrong. Right? Being able to say like, hey, your backblaze isn’t backing up because of this and because we have a custom fact that tells us the last time it backed up allows us to be able to make sure that their data is safe before they go, hey, I dropped my computer in the lake. When was the last time I backed up? Right? So it comes in handy to have all of that data. And it’s not data for data’s sake. I I I’m not a big fan of that. But you can program in relevant pieces that for you as an admin and have that pipe outwards to be able to be a better admin for your end users. No. Absolutely. I think one of the things that, like, you know, having been in this space for a long time and having worked, you know, for those those people who have know know me and have seen me around potentially, like, I worked for Jamf for many years as a product manager there. I’ve been an admin, speak at some of the conferences. One of the biggest things that I hold kinda near and dear to my heart as a tenant is designing workflows around the user experience while also supporting the admin. And so a lot of that comes into how are you setting up for your workflows? Are you being proactive versus reactive? A lot of people come into the Apple, admin space, and they were Windows admin. So, like, I wanna just talk a little bit with you guys about, you know, some of the differences in how we have to think about things, like, you know, configuration profiles. They’re a little bit different than GPOs. Macs don’t need constant reimaging or constant reconfiguration. I guess, Justin Mani, do you have stuff you wanna kinda talk about about what you’re seeing in the field and with your customers? Yeah. I mean, for us, it’s it setting the profiles, especially when it comes to things like security, it you gotta remember that MDM was based around profiles, What when those people call GPOs. Right? It was around the idea of setting these restrictions. What is allowed and not allowed on a device? And it grew from there. One thing to think about though for Atogee, I I think this is kind of important distinction is that and I’m gonna put this into Windows terms is that Atigee is both the MDM and an RMM tool together. That’s a that’s a very big distinction compared to some of the other DMS services that are out there. To have started from just profiles and putting restrictions on devices to then also be able to remote into a device and help them directly, that has been the ultimate game changer for us as admins. Right? Those profiles that we’re putting into place can either make the user more productive or add more security. It’s never both. Right? So, like, disabling Siri or iCloud Drive or whatever, you know, adds a level of security to a customer, but also maybe pisses off the end user, and that’s a that’s a different topic. But being able to push those profiles out very quickly, being able to create them right from within Atigi as opposed to having to write them in another piece of software and bring them in has made it a lot easy a lot easier to manage these devices. I think the biggest problem that we run into with it is we’re writing so many profiles, is keeping the nomenclature clean so we know who’s getting what profile. So we’ve like we have internal documentation around how to name profiles, but that’s like an us problem. Maybe, you know, if you’re not managing eight hundred, nine hundred devices across seventy customers, it might be easier to manage. But starting from there and working your way down. Right? Because the profiles are the key element here. What do you allow? We’ve done things where we had a client who had three Wi Fi networks. They had a guest network, a mobile network, and their main network, and we hid their main network so no one can join it. And then we VLAN it all off. Well, how do if it’s a hidden network, how do we get the device on it? Cool. When the device connects to the guest network, it calls it does all of its automated device enrollment like we talked about earlier. Hi. You have computers on by so and so. It downloads all the stuff. And included is a profile for the Wi Fi for the hidden network, and it’s set as a higher priority. So it auto and I think we added a script to forget the guest network also. So it does all this stuff. It loads that WiFi profile. It restarts the computer, and then it connects to the hidden WiFi. Like, that’s amazing when you think about this that, like, I don’t know, twelve years ago, we were all using Nokia fifty eight sixties and now we have these kind of devices that have more power than the Apollo twelve that can immediately connect to a WiFi network because I told it to. Like, that’s crazy power for any sort of mobile device management. And then and then being able to, like, automate that and say, great. Now turn on all twelve Macs or all twelve iPhones. They’re all gonna have the same experience. Makes a wonderful experience for the company that we’re helping. Yeah. And pulling that thread a little bit more, Justin, I think how we make that process easier for both the admin and the end user is is a great talking point as well because at least in our platform, we have the ability to go into just in the profile section by clicking new. You automatically see the list of items that you’re able to restrict or GPO into the end user’s device. Right? You have your Wi Fi payloads. Simply name your Wi Fi, select your protocols or certificates that you need. Once you have it in your policy, you’re good to go. You can go back to sleep. Right? You have the ability to be able to easily manage your footprint and scale without having to put much effort into it. Right? So as you dig in baby steps into some of these nuances that Justin is explaining, just keep in mind that it is doable. It’s not something that is unattainable. Justin speaks very well of it because he’s been doing it for quite a while, but doesn’t mean that because you’re new, you don’t get to the to talk to the same, clients as, he has. So I think it’s a great opportunity to emphasize that not only, has the practical items had gotten easier, but how we get there as well has gotten much easier as well. Can I can I talk about my favorite restriction? Yeah. Really right here. Okay. So for those who don’t know, right, we’ve we’ve talked about Apple Business Manager, and we’ve talked about Atogee and how a device will automatically enroll. But and we haven’t talked about this yet. Well and I’m I’m basically prompting Catherine to get into the conversation about BYOD. But if we have if you have staff that bring their personal devices and you wanna add that level of security, like, we don’t want staff checking their email or accessing corporate data on their personal devices. If you have a BYOD policy, great. You can enroll a device in Atigy through BYOD. Now the device has two iCloud accounts on it. It has their personal account and it has a managed app account that is tied to Atigy. Alright? And there’s a little technical piece behind this, but I’m gonna skip past that. When you do this, you are creating cryptographically separated sections of the phone. Personal data is here. Work data is here on the same device. You can actually stop people from copying and pasting from personal to work and from work to personal. And I just showed this off at a conference last week, and it and it the conference is all PC MSPs, and it, like, literally blew everybody’s mind that you can stop this from happening. You can stop somebody from copying data in Microsoft Word on their phone that is pushed from Atogee through a BYOD policy and pasting it into their notes app in their personal iCloud account. If you wanna talk about data security, like, this one checkbox, it’s literally one checkbox in the restrictions profile, can save so much time, and say and give you such a higher level of security. Sid just asked a question. Bring BYOD without having to reset it. A hundred percent. Apple has on their phones if you have an iPhone, you can do this. If you head over to your settings, you’ll see your personal iCloud account right on the top. And under general device manage VPN and device management, you can sign in with Worker School, very similar to like what you see on the Microsoft side. You sign in with a managed Apple account that you built in ABM and boom. Now the device is in two systems. So you can I know it’s kinda hard to see on my camera, but you’ll see iCloud and then you see one called Atogee MDM right underneath it because this device is my personal phone also enrolled in Atogee with b o BYOD? So there’s amazing technology that that Apple there’s amazing frameworks that Apple has put into place that Atogee has capitalized on to ensure that you can do this type of management and protections. Now, when you have BYOD, no, you cannot erase somebody’s phone. No, you can’t look at their pictures. No, you can’t look at their text messages. They think you can because it says something and that’s not Atogee’s fault, that’s Apple’s fault. But, no, we can’t. Nor do we want to, really. That’s what I usually tell people. Like, you can read my text messages. I’m like, I do not want to read your text messages. I talk to you on a regular basis. I know who you are. I don’t I don’t need to go any further into the psyche of you. Yeah. Absolutely. And I think, you know, Justin, to that point, like, Apple is known for taking user security very seriously, and the way they’ve implemented BYOD definitely, you know, sometimes makes it harder for us as a device management when we’re looking at BYOD. Like, there are limitations. There’s people that are like, well, I wanna track where the iPhone goes. I’m like, cool. Personally owned devices. We’ve got limitations. There’s a lot more nuance to what we can and can’t do, but it’s really nice for organizations where it’s more common. Like, I remember back when I used to carry two phones around. A lot of people used to do that where it’s like, cool. I wanna separate personal work. Now you don’t have to do that by having different devices, which I’m not gonna lie. I’m lazy. I don’t wanna take two phones everywhere. Makes it nicer. You don’t just, you don’t just, like, Velcro them together so it looks like one phone. I mean, Justin. Then you can’t use the camera. I I don’t have pockets. Let’s be real. Sure. Women’s clothing. You know? So I just need my one phone so I can actually carry it. But, you know, it’s something that people are oftentimes when they’re coming from, like, the Windows world, you know, equivalent to, like, man, the mobile application management, being able to kind of, like, do data segmentation. Apple’s really kind of honed in on this, and we’ve taken a lot of, like, effort to, I like to say, do it right as Adegy because we care about security. Apple cares about security. Cool. Let’s bring those two things together and make a good user experience. So You you you talk a great point there, Catherine. And what you know, one of my favorite things that I’m glad we don’t have to do anymore, buying macOS devices to active directory. I know that’s a big topic. I know everybody has their preference, but, you know, I’m very thankful to how we can get to user authentication much easier, password resets much easier. I don’t wanna keep doing Kerberos extensions and be able to essentially time out tickets all the time. So, with new platform SSO introductions, other tools that we have integrated and added you such as added the identity as well, it just makes that end user authentication that we no longer need to bind devices to Active Directory. So Atogee Identity has been a a game changer for us. So for those who don’t know, Atogee Identity is Atogee’s way of allowing the user to sign in with Microsoft credentials, Google credentials, and I think Okta credentials out the gate. This was this came out before platform SSO, which is only Microsoft and kind of Okta now. But and you guys can all laugh at me. We do a lot of Google. We’re a big Google workshop company. And so having our users be able to log in to their computer with their Google credentials means one less password for them to remember, means we have two factor authentication on their logins because they’re using their Google credentials. It has two factor authentication. And we didn’t have to add any sort of extra software to make this work. It’s caked into Atigee. So configuring that, also super easy. And then all of a sudden, now they they turn on the computer, instead of a normal login, they get a Google login. And they type in their email and their password or whatever it is. They have two factor against their phone, and now they’re in their computer. So security ease for the customer because they remember their password, and providing that level of single sign on through a tool that Ategy built. For a lot of you that are Windows shops probably are running Microsoft, you’re gonna wanna look at platform SSO also available through Adegy, and that’s gonna allow your users to sign in with their Microsoft credentials and automatically be allowed to sign into anything else that their Microsoft credentials auto signs them into. So the Office Online’s email, Power Automate, or any other service that you may have used Microsoft OAuth for. So these are things that are already caked into the software. I keep saying cake because, obviously, I’m hungry for lunch. But it’s it’s built into the software, and and you don’t have to do a whole lot. You don’t have to worry about another tool, which is what I really like about it. Yeah. I I’m so happy you brought that up, Justin, because, one, I can get really nerdy about identity because I love it. And biggest reason is, you know, we mentioned earlier, you can’t usually make a device more secure and also not impede the user experience. You know, you wind up locking something down. User doesn’t always love that, but it’s more secure. Identity is one of those things where it’s, like, an exception to the rule. It’s like, cool. You make it easier for me to log in while also making things more secure. And the nice thing is, you know, Apple, is really focused on this. Adegy is focusing a lot on this in the in the coming months. But the more you can keep users from having to remember their passwords at all, move towards passkeys passkeys, QR code logins. I mean, password fatigue and things like that are a huge security risk. And I don’t know about you guys, but I hate having to remember, like, seven passwords and type it in. And it’s like, okay. Well, that one’s, like, sixteen characters. Let me take two minutes to type it because I typed it wrong the first couple times. Where did I put that exclamation mark in that password? Exactly. So if you know, the goal of identity and what Apple’s kinda pushing towards and what Atigi is going towards is, like, up the security in one of the areas that’s considered, you know, a weak area for attacks. Like, passwords are still a big thing for getting, you know, attacked and accessed to your environments, to your devices, but also make the user experience better. Like, you don’t get opportunities where those things kind of converge very often. And so, again, kind of a nerd about it. It’s fantastic, and we’re very focused on that for that reason. And the and the best thing is that we support both. So pick whatever experience gives you and the end user the best experience. Right? If I were to just give a glimpse of what that looks like real quick, you’re able to see that under a policy and entity, you have the ability to use Azure, or Entro ID, Google, and Okta. Once you put in your client ID, redirect URL, and domain, you can choose what the user experience looks like and be able to essentially customize. And if we wanna go and deep dive a little bit further, not to nerd out, as Catherine mentioned, you can even use there’s user attributes to create workflows and Adity, depending on who they are, what kind of access, and what kinda content you wanna be able to deploy to them, based of who the end user is. So pretty cool stuff to check out. Yeah. Absolutely. Again, we won’t go down the nerd tangent fully for that, but I do wanna kinda do a quick time check. We’ve got looks like about seven minutes left. So wanna just throw it to, you know, Justin and Manny quick for, like, you know, what are what are just high level some of the key lessons that you’ve learned while supporting growing environments that you wish you would have known before you started? Naps are good. I mean, all growth is painful in some way, shape, or form. Right? I am very thankful for my relationship with AdaGee and having been around the game for so long to be able to help really understand some of the back end pieces to make it make things work. And I wish younger me probably made more friends because I would’ve, like, had this type of relationship with other companies as well to make things work better and easier. I mean, truth of the matter is that, like, I I don’t really have a don’t really have an answer for this like, a good answer for this one, Catherine, because, like, I don’t know what I would know, and I would have never known where the failure points are. Also, you know, Apple is the most secretive company on the planet. Right? So, like, even if I had contacts inside of Apple beyond what I already have, It’s not like they would be like, guess what’s coming out tomorrow when it comes to MDM. Like, that that doesn’t happen. So staying on top of things, I I I would probably put more time into studying. Right? I’m not a great student. It’s cool. But, like, I I this is why I go for my certifications with you guys, for example, or my certifications with Apple just so I can stay abreast of what’s going on. You know, things change in our industry at such a pace that today is this and tomorrow is that. And no one knows us more than Windows admins because Microsoft’s marketing department has really upped their game on changing product names on a daily basis. Like, if I ask everybody like, hey, do you have Defender? Everyone’s answer should be like, which Defender you mean? Because they have nineteen versions of Defender now. Right? So I don’t I don’t know what younger me would’ve would’ve wanted to know truthfully other than, you know what? It’ll be okay. Yeah. One day, you could do a webinar with with your friends on do this. Going to I think the one thing that I can take away, going back to Justin’s point, I think, certainly building relationships, but more specifically through the MacAdmins community, be able to invest more time perhaps building the MacAdmins group and be able to attend to those more frequent. Right? For those who don’t know, in Slack, there’s something called the MacAdmins community, in which is free to join, but you have people who are very passionate about Apple. And there’s people who are very willing and nearly to be able to provide and lend a hand. And more often than not, you find solutions and workflows, and you learn from others. So for me, I think as I was growing into app Apple footprint and be able to deep dive more, I think I I should have could have spent a little bit more time building those relationship and community through the Mac admins. Yeah. Absolutely. The Mac admins community is amazing, and then there’s a lot of different conferences for once you wanna learn a little bit more and tons of great resources that the MacAdmins Foundation puts out online in terms of, like, YouTube videos of all the sessions, getting started guides, things like that. Cool. Well, thank you, Manny and Justin. I definitely wanna say, like, thank you everyone that has joined us today. Hopefully, you got some good takeaways from this. I do wanna say if you have any follow-up questions, please don’t hesitate to reach out, depending on, you know, if already have someone you can talk to from our sales team or customers, support contact, account representative. Otherwise, you know, the product team loves talking to anyone who’s in this space and understanding real real pain points. We’re product at Adigy dot com. Nice and easy to remember, hopefully. Otherwise, feel free to reach out, schedule a demo, reach out to us with any questions if you already are an Adigy customer. But, yeah, really grateful everybody joined us today. Yeah. Thank you for having me. Appreciate it. If you need anything, I’m always I’m in the Mac admins community in the in a couple places. We also host our own conference. But if you ever need anything Atogee related or wanna talk shop before buy, please reach out to me. I’m I’m always available to help everybody. Absolutely. And I think all of us are on the Mac admin Slack. So if you ever need anything and forget that, you know, one of the Adigee emails, again, product at Adigee dot com. The product managers and myself are kinda nerds, so we’re happy to talk shop. Otherwise, just Slack us on Mac admins. We’re happy to chat about whatever. Yes. Indeed. And thank you very much, everyone, for certainly giving us a few minutes of your day and much appreciated, and hope we can connect again soon in the future. Alright. Now let’s all go eat cake. Oh, that sounds so good. Awesome. Well, thank you, everyone. Have a good rest of your day.