It can be quite helpful for IT teams to have an accurate overview of all the Macs in their organization. And this should include the software installed on those devices for this can be crucial for the organization’s software inventory management, for instance. How many copies of which productive software products are being used? Or in reverse: On how many Macs is a given software product installed?
Software inventory management of this kind can be a great
help for co-workers in the purchase department in their effort to put together
license packages and so save the company money. Detailed reports not only
covering device inventory but also software products installed on many systems
will help IT teams handle their resource planning as well. IT teams can only
plan the software outfit and potential training needs for any given
organisational unit if they have this information available. Here are some
hints to help admins prepare custom reports in SCCM containing this important
How to setup a query for Mac software inventory
Parallels Mac Management for SCCM lets IT teams not only manage hardware and software inventories and roll them out to employees within the organization but also analyse and monitor these assets. This clarifies the software needs of individual business units and the licensing requirements to be planned for the future.
The first step is to open the SCCM console and to navigate
to “Monitoring -> Overview -> Reporting -> Reports -> Create
Report”. Now a wizard will appear to help configure a customized SCCM
report. The first choice to make here is “SQL based report”. The
admin should then proceed to choose a preferably meaningful name for this
report. A storage location for the report also needs to be selected at this
After these easy steps, the admin can continue with defining
the SQL query. The “SQL Server Report Builder” serves this purpose.
Clicking on “Table or Matrix” is the next thing to do. Now a data set
needs to be created. Things to look out for here include selecting the right
data base entries and activating “Autodetect”. Admins can find the
right search categories and parameters to use in this help article. Once this
custom report has been defined, IT teams can search it for software products by
entering free text into a search field, after which they are shown on how many
and which devices the program is installed.
Knowledge Base | How to create a custom report
Parallels Blog | Keeping Tabs on Asset Management
Youtube | Basic Management using Parallels Mac Management
Parallels Mac Management | Administrator’s Guide (PDF)
The post How to Prepare Software Inventories of Mac Computers in SCCM | Managing Mac Computers with SCCM appeared first on Parallels Blog.
Many organizations are successfully using Parallels Desktop on a day-to-day basis to make use of Windows seamlessly under macOS. On the other hand, it is important for IT teams to be able to define certain rules and policies for productive applications in their organizations. Parallels Desktop and Parallels Mac Management for SCCM are integrated into each other in an ideal way enabling those IT teams to configure and manage Parallels Desktop for corporate users centrally using Parallels Mac Management for SCCM. Examples for this include safety specifications and a password policy for users. The ability for users to change Parallels Desktop settings can be regulated this way as well. Moreover, admins can also specify within the Parallels Desktop dialog how the user’s Mac should behave with regard to Parallels Desktop if a USB storage medium is connected. Another thing IT teams can do from this point is to define the Parallels Desktop’s network configuration for all Macs in the organisation. And they can define how Parallels Desktop will respond to new updates.
Added to that, Parallels Mac Management for SCCM can also specify the properties of the virtual machine (VM) used for Parallels Desktop. How many resources may the VM occupy on the employees’ systems? Will the VM be encrypted? Other settings pertain to backups and the Coherence Mode popular with users. Password rules are defined by safety settings offering IT teams a broad range of options for what users should be allowed or not allowed to do. Image: Parallels Desktop configuration
How to define settings for Parallels Desktop in SCCM
As might be expected, the SCCM console is where to go for
configuring Parallels Desktop using Parallels Mac Management. The place to
navigate to is “Assets and Compliance / Overview / Compliance
Settings”. The option, “Create Parallels Configuration Item”,
enables IT admins to define a configuration for Parallels Desktop or for a
related virtual machine. After that, a final dialog follows covering possible
options for the policies.
IT teams should add these configurations to the
“Configuration Baseline” for appropriate device groups in SCCM in order
to distribute them to the respective Macs in the organization. Rolling the
rules and policies out takes place automatically.
Parallels Blog | What’s New in Parallels Desktop 14 for Mac
Parallels Mac Management | Administrator’s Guide (PDF)
Windows-FAQ | Windows erfolgreich auf dem Mac nutzen
Mac Einsteiger | Windows auf dem Mac
Parallels | Success Stories from Our Customers
The post How to Configure Parallels Desktop for Clients | Managing Macs with SCCM appeared first on Parallels Blog.
A major shortcoming of SCCM is the way it provides for integrating Mac computers into the corporate IT environment—admins have to install the SCCM client program on the respective devices by hand. This is time-consuming and unnecessarily cumbersome. IT departments that need to support Mac clients frequently or in large numbers will not find an ideal solution for managing them in SCCM alone.
Since 2014, Apple has been offering the Device Enrollment Program, which makes it significantly easier to use Mac in a corporate environment. The underlying idea is simple: Organizations can buy Mac clients from distributors in a pre-registered state, easing and accelerating the subsequent enrollment process. Organizations supply Apple with details of their device management via Business Manager. This enables Apple or the reseller involved to preconfigure the systems prior to their delivery. A new Mac will then connect to the organization’s device management system automatically via the Apple interface to be configured.
The given device management must support this procedure, however. Microsoft SCCM by itself does not support Apple DEP. Parallels® Mac Management for Microsoft® SCCM, a plug-in for SCCM, can help IT teams easily retrofit SCCM with support for Apple DEP—while continuing to work with the management system’s user interface with no change.
Apple finalizes their support for Mac clients in business
By the end of November 2019, Apple DEP will be replaced by Apple Business Manager, which was launched in June 2018. This will be the only place where Apple will be offering services formerly performed by DEP for device enrollment and VPP for volume purchase of software licenses in organizations. This means that after November, admins will only be able to use Business Manager for their volume license purchases and automated devices enrollments.
Watch webinars for more information
Join our webinars to learn how you can manage corporate Mac clients natively within Microsoft SCCM.
The post How to Enroll Mac Computers Easily with Apple DEP or Business Manager | Managing Mac with SCCM appeared first on Parallels Blog.
To earn the
Microsoft Most Valued Professional (MVP) title, it is not enough to just flaunt
your expertise with a few tips and tricks in appropriate news groups now and
then. A lot more is needed to get this honorary title that Microsoft has been
awarding since 1995. A jury picked from the members of an MVP team evaluates
the technical expertise and helpfulness of nominees who have commended
themselves through a substantial number of high-level lectures, blog posts, and
forum contributions during the previous year. So it might not come as a
surprise that the number of people who have cleared this hurdle isn’t large. In
2019, no more than 3,169 individuals were honored with the rank of Microsoft
MVP—out of more than 100 million IT community members.
Nair is one of the members of this illustrious group. A solution architect
based in Bangalore, India, Anoop supports users from all over the world seeking
help over multiple channels, demonstrating his impressive knowledge in complex
matters such as the Microsoft System Center Configuration Manager (SCCM), SCOM,
Intune, Mobile Device Management, and Azure. In 2015, the high quality of his
work along with the enthusiastic response of community members led to him being
awarded the MVP title in the field of Enterprise Client Management.
While Parallels assigns no awards of this kind, Anoop would be among the first to receive such an award if they did. Being one of the world’s leading SCCM experts, he of course also knows all about managing corporate Mac® clients. And it is no surprise that he has come to the conclusion that SCCM‘s basic functionality is not enough to manage Mac in a really comprehensive and convenient way. The reasons for this are explained in the article, „SCCM Mac Management – A Good Idea?“, which he posted recently in his very readable blog.
The post Introducing Anoop C. Nair, Microsoft MVP and Parallels Mac Management Evangelist appeared first on Parallels Blog.
Lost or stolen hardware presents organizations with a great safety hazard. This risk needs to be minimized with suitable measures. Parallels® Mac Management for Microsoft® SCCM helps IT teams lock Mac® clients remotely—and even wipe them should the need arise. This Remote Lock and Wipe is an important tool, often acting as a last resort to keep internal systems secured and prevent critical corporate data from ending up in the wrong hands. For admins to be able to lock and wipe Mac remotely, these devices need to be integrated into the organizations’ device management solution. Parallels Mac Management complements Microsoft SCCM, enabling it to lock and wipe Mac clients remotely.
On the safe side with clear rules
Consistent rules for employees form another part of corporate risk prevention. IT should be notified immediately as soon as a Mac laptop has been forgotten in a train or vanished at a conference. This is the only way to lock lost computers and to safeguard company data right away. If the device doesn’t reappear, IT can issue an instruction for the data to self-destruct. As soon as the device is booted and reconnects to the Internet, the data will be deleted. To lock or wipe a client, an admin has to select the respective device by right-clicking on it under “Assets and Compliance / Devices” in the Configuration Manager Console and select “Parallels Mac Management Tools > Wipe Mac > Wipe Mac.” This system lock will not work if the thief or finder removes the hard disk from the computer and tries to gain access to the data directly.
By the way, the modern Macs equipped with a T2 chip will make it impossible to gain access to the data by removing internal storage, which is cryptographically tied to a particular device. So if internal storage media is physically moved from one device to another, the files they contain are inaccessible. It helps to improve security even more.
encryption is an additional level of effective protection for corporate data.
Parallels Mac Management further complements Microsoft SCCM with the ability to
activate File Vault 2 and encrypt the entire hard disk. Without Parallels Mac
Management, Microsoft SCCM lacks this capability.
now, free of charge, for weekly Webinars and learn more about Parallels Mac
Management for Microsoft SCCM.
The post Blockade: How to Lock and Wipe Mac Devices Remotely | Managing Mac with SCCM appeared first on Parallels Blog.
For many organizations, a public key infrastructure (PKI) is a crucial part of their security architecture. Administrators have the option to set up Parallels® Mac Management for Microsoft® SCCM with a PKI mechanism to enable secure mutual authentication between a SCCM server and Mac® clients. This allows Mac clients so connect to SCCM servers securely via HTTPS.
connections are relevant not only in sensitive environments and security-minded
organizations but can quite generally protect communications between management
servers and clients. Encrypted connections are actually required by Parallels
Mac Management if clients are to be managed outside of the corporate network
over the Internet. To enable this, IT teams must select the “HTTPS”
option of the “Distribution Point Properties” when installing
Parallels Mac Management.
Enabling encrypted connections
Windows Server 2008 or later is needed for employing PKI certificates. Mac clients need certificates issued by an instance trusted by SCCM. For this purpose, IT needs to create certificate templates, which requires installing the Windows Certification Authority if this has not already been done. A security group is also needed that has the right to request certificates. This is necessary for the proxy to receive its own certificate. Admins can find detailed steps for preparing these certificate templates in the best way for Mac on corporate networks in the Parallels Mac Management Administrator’s Guide.
helping install Parallels Mac Management, the wizard will automatically
identify an existing Windows Certification Authority and display it on the
“Parallels Client certificate management settings” page. Under
“Parallels Proxy certificate template,” admins can then select the
certificate template prepared earlier. Expiring certificates are not a problem
with Parallels Mac Management. The Parallels Mac Manager proxy can respond
automatically and renew expiring clients’ certificates.
Microsoft Docs – PKI Certificates | Windows Server 2008
Microsoft Docs | How to deploy Client Certificate for Mac Computers
Parallels Mac Management | Administrator’s Guide (PDF)
Microsoft Docs – PKI Certificates | How to Backup a Public Key-Infrastructure (PKI)
now, free of charge, for our weekly Webinars and learn more about Parallels Mac
The post Parallels Mac Management and PKI Certificates| Managing Mac with SCCM appeared first on Parallels Blog.
The needs of education centers rapidly
change in order to meet the challenges of technology in the classroom. More
Mac® computers are being used in Windows-centric educational environments, and
many Windows administrators don’t have native enterprise tools to meet this
How many IT specialists are required for an environment to remain free from performance failures and stay up to date? West College Scotland has 30 IT professionals to keep their infrastructure running. Their environment is typical: devices are diverse, remote, and spread out across different locations.
Windows applications (such as Office 2016
and Office 365) as well as different project-management, 3D, and
game-development solutions can be found on the 5,000 PCs at West College
Scotland. On top of this, Office and graphic-design programs from Microsoft and
Adobe are used on 300 Mac® computers. These computers are primarily used as
part of the college’s design courses, as well as in the private apartments of
The three originally independent colleges
and current campus of West College Scotland had already successfully
implemented Microsoft System Center Configuration Manager (SCCM) for efficient
administration of their infrastructures. Thanks to SCCM, it was possible to
roll out application programs, operating systems, and required updates in a
centralized manner. Microsoft SCCM offered ultra-convenient asset and device
management and quickly replaced previous installation and imaging routines, which
had been manual and taken up a great deal of time.
However, one question remained: How would they deal with the ever-increasing number of Apple® computers on campus? The basic functionalities that Microsoft SCCM provides for managing Mac were indeed an improvement on the previous, exclusively manual administration of iMac® and MacBook® devices. But the standard of management it offered was far from convenient. Even DeployStudio, which had been developed by one of the employees to create and restore hard drive images, was unable to resolve this issue.
The Mac Management Dilemmas Faced by IT Education
The alternative to managing Mac and PC computers together is usually a siloed approach for support and management. This adds more cost to already tight education budgets where investments in students, staff, and administration are the highest priorities. These siloed approaches carve up support budgets into smaller, less productive spends. They also set up separate support structures, which grow into their own concerns.
These days, the “bad guys” don’t care if you’re on a Mac or a PC. The Intel central processing unit (CPU) in Mac computers is similar to those in PCs, and as such both are vulnerable to many common attacks. If your Mac isn’t up to date with macOS patches, it could be vulnerable. How do you centrally automate these updates to make sure Mac computers are safe and protected?
Spread across a campus, classrooms and labs need to support many macOS versions. Automating this from a central source—with the ability to select specific macOS versions for each application or classroom—isn’t always easy. However, it can be.
In a hybrid environment with a mix of Windows and Mac computers, what drives management: Windows or Mac priorities? Why can’t it be both? What if you could add the same right-click management that Windows devices receive in Microsoft System Center Configuration Manager (SCCM) to Mac devices? What if you could do it with a short learning curve, no silos, and the same system administrators?
Microsoft SCCM remains a standard for PC management, but what do you use for third-party solutions for Mac management? Using Active Directory and console-based tools for managing macOS like mobile devices is a compromise. Would you manage a Windows PC solely with a limited set of mobile management tools? How do you integrate the Apple Device Enrollment Program (DEP) into a Windows-centric management platform for zero-touch enrollment—and then enroll it into Microsoft SCCM?
Thanks to Parallels® Mac Management for Microsoft® SCCM, the West College Scotland IT team is now able to automatically integrate new and existing Mac computers into the company network. Their solutions administrator and his colleagues can install new software packages, updates, and scripts from a central interface. They can also leave the installation of defined applications in the hands of users via a self-service portal.
“…we are now able to administer our entire heterogeneous fleet of computers and the applications used on them in a centralized manner with the aid of one single product, Microsoft SCCM, and a powerful expansion called Parallels Mac Management.” Chris Parker, System Administrator
Setting up the Parallels solution went
seamlessly, even though Parallels support was needed now and then. Chris
elaborates: “I had to make a few phone calls, as our specific setup was a
little bit different to the one outlined in the solution’s documentation. But
thanks to the truly excellent support provided by Parallels and its highly
dedicated employees, who were always willing to lend me their time, we quickly
got to grips with smaller problems, such as issues with our WSUS servers during
the installation of updates. I was really impressed by the team at Parallels!”
When asked what he thinks are the biggest advantages of the Parallels solution, one answer springs to mind. “Firstly, I would say that one major benefit is the truly convenient, quick, and simple rollout of software and operating system updates, which means that we can finally implement all the criteria stipulated in the Cyber Essentials issued by the National Cyber Security Centre. On top of that, we are now able to administer our entire heterogeneous fleet of computers and the applications used on them in a centralized manner with Microsoft SCCM and Parallels Mac Management. As we can now efficiently use SCCM to manage virtually all of our clients, we are now saving enormous amounts of time and money, not to mention our nerves!”
Parallels Mac Management for SCCM can be demoed and tested in your production or test environment. You can even get a trial in a box for $3.75 per Mac/per month. You can manage your Macs with Microsoft SCCM, where you already have invested IT budget, time and training.
The post Manage Mac in Education with SCCM: A New Approach for Device Management appeared first on Parallels Blog.
client agent is the counterpart to the SCCM server on the user’s side. Residing
in managed client computers, this piece of software acts as an intermediate
between the IT administrator’s actions and the actual policy enforcement and
software deployment actions on the user’s system. So the SCCM client agent
(often simply called “client”—and not to be confused with the client
computer) is essential for managing client computers.
program is also responsible for taking stock of the existing hardware and
software. Admins can compile complete lists and reports of the inventory
present in the organization and generate corresponding requirement and purchase
plans. Without a client agent, a system essentially does not exist for the IT
administration—or at least only as an unmanaged, unknown device within SCCM’s
device collection. That is why it is important for the IT infrastructure as a
whole that SCCM clients are deployed reliably on all the organization’s
endpoint computers—and that the communication between those clients and the
management server is in working order.
systems, there are a number of ways to install the SCCM client on corporate
endpoint computers. All these methods can be automated. No one from IT needs to
produce an USB drive for this purpose.
Microsoft SCCM and Mac
client agent can be retrofitted with enhancements for added functionality. In
addition to distributing software and applying system patches, the agent
program can also be used to patch third-party software. This enables IT to
handle software distribution and update management entirely via SCCM.
There is a
special version of the SCCM client for macOS® systems on the corporate network. But
this includes two alternatives. Microsoft’s SCCM client for macOS is intended
to apply administration procedures from SCCM to Mac® systems. However, these exhibit
major differences compared to Windows systems. On the one hand, SCCM can
natively handle significantly fewer parameters for macOS. On the other, IT is
forced to install the client software for macOS manually on every single Mac in
the organization. Things become much easier with Parallels® Mac Management for Microsoft® SCCM, a plugin for SCCM that adds many
management features to SCCM. Parallels Mac Management enables automated Mac
discovery and client software installation, relieving admins of some of their
Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!
Online training for SCCM | Plural Insights
Ivanti Patch for SCCM | Third Party Patching via SCCM
Verify an SCCM Client is Finished Installing | Interface Technical Training
Install an SCCM Client Manually | Datacenter-Insider
The post SCCM Client Agents Demystified | Managing Mac with SCCM appeared first on Parallels Blog.
Installing Windows SCCM
To manage their clients via SCCM, organizations first need to set up the SCCM infrastructure for Windows. Before the installation can start admins need to do some preliminary work. Admins should use Windows Server 2012 or later. After that is verified, they need to extend the Active Directory Schema. Microsoft supplies a tool, extadsch, that performs this task automatically and documents it in a log file. The third step is to generate a new container, System Management, using the tool ADSIEdit and to specify rights for this container.
Microsoft Windows Assessment and Deployment Kit (ADK)
The Microsoft Windows Assessment and Deployment Kit (ADK) is also required for Windows SCCM. Admins can download this from a Microsoft website. They need two of the kit’s components, the User State Migration tool (USMT) and the Windows Preinstallation Environment (WindowsPE). The Microsoft ADK as a whole is used to provide client systems with Windows images. Windows SCCM works with a database, and an SQL server is essential for this purpose. This SQL server can be installed on the same system as all the other components that make up and help SCCM, if desired. If admins need the SCCM’s reporting functionality, they should activate the Reporting Services when installing the SQL server.
The tool Prerqchk
The tool Prerqchk can verify whether all the requirements for SCCM have been met. The Windows SCCM installation wizard itself asks how SCCM should be installed. Admins can choose “primary site” if SCCM should only manage a single location within the organization. The location code and name to be used for installing are other parameters that need to be entered in the Windows SCCM installation wizard. A link to the SQL server and the choice of whether to install the distribution points along with the application are the final entries.
Managing Mac Clients
The SCCM plug-in, Parallels® Mac Management for Microsoft® SCCM, is an easy way for admins to manage Mac clients as well—directly from the SCCM console.
Learn more in our webinars
Join our webinars to learn how you can manage corporate Mac devices natively within Windows SCCM.
Windows Pro | How to install System Center Configuration Manager (SCCM) 2016
Prajwal Desai | SCCM 1802 Install Guide using Baseline Media
Microsoft Docs | Install the System Center Configuration Manager console
Microsoft Docs | Client installation methods in System Center Configuration Manager
The post How to Install Windows SCCM | Managing Mac with SCCM appeared first on Parallels Blog.
Here at Parallels, I hear the following from SCCM Admins all the time:
“Hey, I like Parallels Mac Management for SCCM a lot – it’s a great way to manage both Windows and Mac endpoints in SCCM…. BUT my CIO/IT Director/Boss/Team/Board doesn’t think Endpoint management is a priority. It’s a nice to have – we’re going to keep doing what we’re doing and look at this next month/quarter/year/budget cycle.”
The kids nowadays have an acronym that they use in text messages and social media—it’s SMH. It stands for “shaking my head.” When I hear this from an SCCM admin, I’m SMH all over the place.
Here are the facts: According to IDC, 70% of successful breaches begin at the endpoint. As of this writing, the National Institute of Standards and Technology (NIST) is tracking almost 122,000 known Common Vulnerabilities and Exposures (CVEs) in its National Vulnerability Database (NVD), almost 5,000 of which have been opened this year!
So what’s the big deal? Simply patch these systems and you’re good to go, right?
Not so fast. If you’re like most companies, it takes and average of 100 – 120 days to patch a vulnerable application or OS – which is disappointing – because the probability of a vulnerability being exploited hits 90% between 40 – 60 days after discovery. That math adds up to breach.
So…if you’re a normal IT team, you’re already behind on your patching vulnerabilities. But you’re an SCCM admin, so at least you can patch all your devices on your Windows network through SCCM-right?
As of right now, Windows only controls 69% of the desktop market share. Apple OS X controls almost 20%! And whether those Macs are CYOD, BYOD or LMNOP, they’re hanging off your WIFI’s and dialing into your remote sessions and VPNing into your intranets!
You cannot just ignore them!
So you can’t get at these Macs via SCCM. Are you going to ask 20% of your end users to “bring their Macs to IT” to do patch updates?
Don’t take a sip of that coffee yet—because it gets worse.
OK, so let’s say you recognize you need to manage the Macs on your network, and let’s say you convince Mac users to bring their Macs in (you should be buying a lottery ticket if this happens). Now it’s time to update and patch. It should be just as simple as updating a Windows 10 patch, right?
Let me ask you, what’s the percentage of your Windows network that isn’t Windows 10? I’m guessing it’s in the single digits.
Look at the breakout of your Macs.
Which version OS patches are you going to deploy? Only 44% of Mac endpoints have the latest OS—Mojave—running.
Imagine trying to patch Windows 10, Windows 8.1, Windows 8, Windows 7 and Windows Vista! At the same time!
All of a sudden endpoint management doesn’t seem like a project you can just push off because your boss/your team/your board/Santa Claus doesn’t think it’s a “priority.”
Listen I get it—endpoint management isn’t sexy or exciting. It’s not hybrid-cloud, Augmented Reality-enabled, Internet of Things, Sustainable Artificial Intelligent Sharks with laser beams on their foreheads!
It’s just imaging, patch management and endpoint security. Basic vanilla stuff.
It’s stuff you handle right now within SCCM for your Windows devices.
Yeah, it’s boring.
But you know what’s NOT boring?
This: When your CFO calls your IT helpdesk from the Denver airport at 5 p.m. on a Friday and leaves this voicemail “Hey, I left my MacBook in the Uber and I have to catch a flight and all the financials from Merger and Acquisition meeting are on it! Can you, like, delete all that stuff? Because if it gets out, it could tank the company stock and put us all out of work. Gotta go—bye!”
If that were a PC, you could just WIPE/LOCK it in SCCM, turn it into a brick and go home for the weekend.
But it’s not a PC.
Feel that trickle of excitement, the feeling of your weekend being ruined? Nothing like an all-hands fire drill to add some EXCITEMENT to the boring old IT department.
Wouldn’t it be nice (and boring) if you could treat a Mac in SCCM just like you treat a PC?
So here’s my “sales pitch:” Endpoint management IS a priority. As an IT professional, it should be your first priority. If you need help convincing your boss/team/board/Easter bunny otherwise, click the link and I’ll meet with you to help you make your case.
Parallels Mac Management for SCCM can be demo’d and trialed in your production or test environment. You can even TRIAL IN A BOX. For $3.75 per Mac/per month, you can manage your Macs in SCCM, where you already have invested IT budget, time and training, so you can stop dreaming and start planning all the other cool sharks with laser beam IT projects we talked about earlier.
Endpoint Management IS a Priority – so let me help you treat it as such.