Category: Parallels Mac Management

SCCM Client Agents Demystified | Managing Mac with SCCM

The SCCM
client agent is the counterpart to the SCCM server on the user’s side. Residing
in managed client computers, this piece of software acts as an intermediate
between the IT administrator’s actions and the actual policy enforcement and
software deployment actions on the user’s system. So the SCCM client agent
(often simply called “client”—and not to be confused with the client
computer) is essential for managing client computers.

This client
program is also responsible for taking stock of the existing hardware and
software. Admins can compile complete lists and reports of the inventory
present in the organization and generate corresponding requirement and purchase
plans. Without a client agent, a system essentially does not exist for the IT
administration—or at least only as an unmanaged, unknown device within SCCM’s
device collection. That is why it is important for the IT infrastructure as a
whole that SCCM clients are deployed reliably on all the organization’s
endpoint computers—and that the communication between those clients and the
management server is in working order.

For Windows
systems, there are a number of ways to install the SCCM client on corporate
endpoint computers. All these methods can be automated. No one from IT needs to
produce an USB drive for this purpose.

Microsoft SCCM and Mac

The SCCM
client agent can be retrofitted with enhancements for added functionality. In
addition to distributing software and applying system patches, the agent
program can also be used to patch third-party software. This enables IT to
handle software distribution and update management entirely via SCCM.

There is a
special version of the SCCM client for macOS® systems on the corporate network. But
this includes two alternatives. Microsoft’s SCCM client for macOS is intended
to apply administration procedures from SCCM to Mac® systems. However, these exhibit
major differences compared to Windows systems. On the one hand, SCCM can
natively handle significantly fewer parameters for macOS. On the other, IT is
forced to install the client software for macOS manually on every single Mac in
the organization. Things become much easier with Parallels® Mac Management for Microsoft® SCCM, a plugin for SCCM that adds many
management features to SCCM. Parallels Mac Management enables automated Mac
discovery and client software installation, relieving admins of some of their
workload.

Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!

Learn more
Online training for SCCM | Plural Insights
Ivanti Patch for SCCM | Third Party Patching via SCCM
Verify an SCCM Client is Finished Installing | Interface Technical Training
Install an SCCM Client Manually | Datacenter-Insider

The post SCCM Client Agents Demystified | Managing Mac with SCCM appeared first on Parallels Blog.

How to Install Windows SCCM | Managing Mac with SCCM

Installing Windows SCCM

To manage their clients via SCCM, organizations first need to set up the SCCM infrastructure for Windows. Before the installation can start admins need to do some preliminary work. Admins should use Windows Server 2012 or later. After that is verified, they need to extend the Active Directory Schema. Microsoft supplies a tool, extadsch, that performs this task automatically and documents it in a log file. The third step is to generate a new container, System Management, using the tool ADSIEdit and to specify rights for this container.

Microsoft Windows Assessment and Deployment Kit (ADK)

The Microsoft Windows Assessment and Deployment Kit (ADK) is also required for Windows SCCM. Admins can download this from a Microsoft website. They need two of the kit’s components, the User State Migration tool (USMT) and the Windows Preinstallation Environment (WindowsPE). The Microsoft ADK as a whole is used to provide client systems with Windows images. Windows SCCM works with a database, and an SQL server is essential for this purpose. This SQL server can be installed on the same system as all the other components that make up and help SCCM, if desired. If admins need the SCCM’s reporting functionality, they should activate the Reporting Services when installing the SQL server.

The tool Prerqchk

The tool Prerqchk can verify whether all the requirements for SCCM have been met. The Windows SCCM installation wizard itself asks how SCCM should be installed. Admins can choose “primary site” if SCCM should only manage a single location within the organization. The location code and name to be used for installing are other parameters that need to be entered in the Windows SCCM installation wizard. A link to the SQL server and the choice of whether to install the distribution points along with the application are the final entries.

Managing Mac Clients

The SCCM plug-in, Parallels® Mac Management for Microsoft® SCCM, is an easy way for admins to manage Mac clients as well—directly from the SCCM console.

Learn more in our webinars

Join our webinars to learn how you can manage corporate Mac devices natively within Windows SCCM.

Links:

Windows Pro | How to install System Center Configuration Manager (SCCM) 2016
Prajwal Desai | SCCM 1802 Install Guide using Baseline Media
Microsoft Docs | Install the System Center Configuration Manager console
Microsoft Docs | Client installation methods in System Center Configuration Manager

The post How to Install Windows SCCM | Managing Mac with SCCM appeared first on Parallels Blog.

Endpoint Management IS a Priority

Endpoint Management IS a Priority

Here at Parallels, I hear the following from SCCM Admins all the time:

“Hey, I like Parallels Mac Management for SCCM a lot – it’s a great way to manage both Windows and Mac endpoints in SCCM…. BUT my CIO/IT Director/Boss/Team/Board doesn’t think Endpoint management is a priority. It’s a nice to have – we’re going to keep doing what we’re doing and look at this next month/quarter/year/budget cycle.”

The kids nowadays have an acronym that they use in text messages and social media—it’s SMH. It stands for “shaking my head.” When I hear this from an SCCM admin, I’m SMH all over the place. 

Here are the facts: According to IDC, 70% of successful breaches begin at the endpoint. As of this writing, the National Institute of Standards and Technology (NIST) is tracking almost 122,000 known Common Vulnerabilities and Exposures (CVEs) in its National Vulnerability Database (NVD), almost 5,000 of which have been opened this year! 

Endpoint Management IS a Priority 1

So what’s the big deal? Simply patch these systems and you’re good to go, right? 

Not so fast. If you’re like most companies, it takes and average of 100 – 120 days to patch a vulnerable application or OS – which is disappointing – because the probability of a vulnerability being exploited hits 90% between 40 – 60 days after discovery. That math adds up to breach. 

So…if you’re a normal IT team, you’re already behind on your patching vulnerabilities. But you’re an SCCM admin, so at least you can patch all your devices on your Windows network through SCCM-right? 

Nope. 

As of right now, Windows only controls 69% of the desktop market share. Apple OS X controls almost 20%! And whether those Macs are CYOD, BYOD or LMNOP, they’re hanging off your WIFI’s and dialing into your remote sessions and VPNing into your intranets! 

You cannot just ignore them! 

Endpoint Management IS a Priority 2

So you can’t get at these Macs via SCCM. Are you going to ask 20% of your end users to “bring their Macs to IT” to do patch updates?

Endpoint Management IS a Priority 3

Don’t take a sip of that coffee yet—because it gets worse. 

OK, so let’s say you recognize you need to manage the Macs on your network,  and let’s say you convince Mac users to bring their Macs in (you should be buying a lottery ticket if this happens). Now it’s time to update and patch. It should be just as simple as updating a Windows 10 patch, right? 

Wrong.

Mac users are incredibly fickle about their OS and there are many Mac OS out there that are not “current.” 

Let me ask you, what’s the percentage of your Windows network that isn’t Windows 10? I’m guessing it’s in the single digits. 

Look at the breakout of your Macs.

Endpoint Management IS a Priority 4

Which version OS patches are you going to deploy? Only 44% of Mac endpoints have the latest OS—Mojave—running.  

Imagine trying to patch Windows 10, Windows 8.1, Windows 8, Windows 7 and Windows Vista! At the same time! 

Endpoint Management IS a Priority 5

All of a sudden endpoint management doesn’t seem like a project you can just push off because your boss/your team/your board/Santa Claus doesn’t think it’s a “priority.” 

Listen I get it—endpoint management isn’t sexy or exciting. It’s not hybrid-cloud, Augmented Reality-enabled, Internet of Things, Sustainable Artificial Intelligent Sharks with laser beams on their foreheads! 

Endpoint Management IS a Priority 6

It’s just imaging, patch management and endpoint security. Basic vanilla stuff. 

It’s stuff you handle right now within SCCM for your Windows devices. 

Yeah, it’s boring.  

But you know what’s NOT boring?

This: When your CFO calls your IT helpdesk from the Denver airport at 5 p.m. on a Friday and leaves this voicemail “Hey, I left my MacBook in the Uber and I have to catch a flight and all the financials from Merger and Acquisition meeting are on it! Can you, like, delete all that stuff? Because if it gets out, it could tank the company stock and put us all out of work. Gotta go—bye!” 

If that were a PC, you could just WIPE/LOCK it in SCCM, turn it into a brick and go home for the weekend. 

But it’s not a PC. 

Feel that trickle of excitement, the feeling of your weekend being ruined? Nothing like an all-hands fire drill to add some EXCITEMENT to the boring old IT department. 

Wouldn’t it be nice (and boring) if you could treat a Mac in SCCM just like you treat a PC?

Endpoint Management IS a Priority 7

So here’s my “sales pitch:” Endpoint management IS a priority. As an IT professional, it should be your first priority. If you need help convincing your boss/team/board/Easter bunny otherwise, click the link and I’ll meet with you to help you make your case. 

Parallels Mac Management for SCCM can be demo’d and trialed in your production or test environment. You can even TRIAL IN A BOX. For $3.75 per Mac/per month, you can manage your Macs in SCCM, where you already have invested IT budget, time and training, so you can stop dreaming and start planning all the other cool sharks with laser beam IT projects we talked about earlier.

Endpoint Management IS a Priority 8

Endpoint Management IS a Priority – so let me help you treat it as such. 

The post Endpoint Management IS a Priority appeared first on Parallels Blog.

Using Mac with Active Directory

Active Directory (AD) is one of the key tools that IT teams use to organize corporate network infrastructures. This includes all their assets and users. It helps manage domains, identities, user groups, and protected content for user accounts. For inconsistent IT environments (ones with both Windows and Mac®), it has the disadvantage of being a Windows solution. Because of this, admins face challenges when working with Mac clients—not all features and instructions work for Mac. Apple® uses its own implementation of the Lightweight Directory Access Protocol (LDAP) standard to connect Mac devices to AD servers or domain controllers: Open Directory. This means that admins lack important features of Active Directory. For example, group policies have no effect on Mac computers. Group Policies are a common feature that allows admins to regulate a range of user rights.

Connecting Mac Devices via Active Directory

However, Mac devices can be connected via Active Directory. Apple offers their Directory Utility to accomplish this. It enables administrators to integrate Mac clients into an existing AD environment. Once the Mac clients are integrated via AD, at least some policies take effect for these clients. Examples include policies for domain passwords and identical user and domain login credentials, along with protected resource authorization. Another alternative for connecting a Mac with a domain controller is to choose the „Users & Groups“ option in the system settings under „Login options“ > „Network account server”. In practice, however, configuring Mac clients manually one by one using Active Directory is not ideal.

Integrating Mac clients into an Active Directory network

Using Microsoft SCCM and Parallels® Mac Management for Microsoft® SCCM is a significantly easier way for administrators to integrate Mac clients into an Active Directory network. The SCCM Active Directory System Discovery tool automatically identifies new Mac devices on the network. And then installs the Parallels Mac client software on them. Check out the “Installing Parallels Mac Client Using Discovery Methods” section of the Administrator’s Guide for a detailed description of how this works.

Learn more about how to manage Mac devices like PCs with Parallels Mac Management in our weekly Webinars. Register now for free!

Links:

Apple Support | Directory Utility User Guide
Stackexchange | Active directory on MacOS

The post Using Mac with Active Directory appeared first on Parallels Blog.

Meet the Parallels Team at MMS Midwest Management Summit


Parallels will be showcasing Parallels Mac Management for Microsoft SCCM at MMS – Midwest Management Summit at Mall of America in Bloomington, Minnesota May 5 – 9, 2019.

The Midwest Management Summit is a 4-day conference purposely capped to just 750 attendees so that nobody gets lost in the crowd.

Event MMS Midwest Management Summit
Date Sunday, May 5, 2019   –   Thursday, May 9, 2019
Booth Parallels Booth 2
Venue Radisson Blu in Mall of America, 2100 Killebrew Dr Bloomington, Minnesota
Presentation Tuesday, May 7, 2019 – 3:00pm – 4:45pm
“How on EARTH do I Manage This? The Challenge of Windows, Macs and MDM in the Microsoft Ecosystem.”
More Info, click here.

Our team Danny Knox, Ellis Jones, and Cristina Gonzalez are looking forward to seeing you at booth 3 at Midwest Management Summit in Bloomington (Minnesota) on May 5 – 9, 2019 and also at Danny Knox’s presentation about “How on EARTH do I Manage This? The Challenge of Windows, Macs and MDM in the Microsoft Ecosystem.” on May 7 from 3:00 – 4:45pm.

For more information or if you would like to schedule a meeting, please click here. 

The post Meet the Parallels Team at MMS Midwest Management Summit appeared first on Parallels Blog.

The Future of BYOD Is CYOD

The bring-your-own-device (BYOD) trend has truly taken off,
largely because business leaders know it’s increasingly something employees
want. IT departments may not always be keen on BYOD—IT managers have to closely
monitor employees’ devices to ensure the business remains protected—but they
know they have to plan for it. Moving from BYOD to choose-your-own-device
(CYOD) can be a good option for companies to minimize risks, while only
introducing a few. (If your company uses Microsoft SCCM, there is an additional
opportunity to make your IT life a little easier…I’ll explain later in this
article.)

BYOD is popular—and it
affects the workspace

This dynamic can
be difficult for companies to accommodate. Employees are now less concerned
about the technology that their companies can provide—they’re bringing and
using their own devices anyway.

According to a report by Forrester Research, as many as 53% of employees brought their own devices to work in 2012. By 2018, those numbers increased to 65%. This trend—as well as other requirements of the digital age—means that companies need to invest a significant portion of their revenue on IT and technological infrastructure. In fact, according to a Deloitte study, 57% of companies’ IT budgets are spent on business operations, including employee technology.

Is
your BYOD policy really secure?

This may sound like an obvious
thing to ensure, but a surprisingly large number of organizations falter here. Many
of the everyday tasks performed by your employees are inherently insecure.

If your BYOD security program only covers a specific operating system (for example, Windows), many devices (including the ever-popular iPhone®) are automatically out of scope. If you have Mac® computers on premise and don’t manage them, you leave them vulnerable to Meltdown and Spectre.

I highly recommend this exceptional 10-minute read from TechGenix about how to check your BYOD policy for consistency and security by asking yourself the right questions and aligning with your IT department and company goals.

Why
CYOD is a smart move in 2019

BYOD brings up new problems that companies have to mitigate. It’s difficult to manage employee-owned devices, so you can’t account for things like software updates, malware protection, and other protective strategies that can secure companies’ sensitive information. Employees are also more likely to use their personal devices on unsecured wireless networks, allow other people to use them, or leave company information on the device when they ultimately get rid of it.

For
these reasons, CYOD is a step forward from a traditional BYOD policy. With
CYOD, IT departments define a lineup of desktop and mobile devices that employees
can get from their employer. Because they are technically company-owned
devices, this mitigates the risks associated with BYOD. Employees can also get
the type of device they like. People
tend to have specific tastes and desires when it comes to their technology.
Some employees are adamantly “Apple® people,” while others will always prefer a
Lenovo device.

However,
to implement CYOD, companies need an enterprise-level device management
solution to effectively manage the offered devices. Do you know how many Mac computers have access
to your company’s sensitive data?

If your company already uses Microsoft SCCM for managing Windows endpoints, consider Parallels® Mac Management for Microsoft® SCCM, an SCCM plug-in that allows IT admins to manage Mac devices like Windows PCs. Having Windows and Mac managed in Microsoft SCCM (in a single pane of glass) is a good strategy. It’s backed by Microsoft’s experience in Windows endpoint management and its commitment to providing tools like SCCM and Intune for enterprise-level device management.

Whatever
decision you and your stakeholders make, it’s important to make note of the
points made here to ensure the viability and longevity of your solution.

The post The Future of BYOD Is CYOD appeared first on Parallels Blog.

How to Prepare for Installing Parallels Mac Management


Parallels® Mac Management for Microsoft® SCCM is a plug-in, so deploying it is not much of a challenge for IT admins. Microsoft SCCM 2012 R2 and Mac® devices running macOS® versions 10.8 to 10.14 are the two requirements for organizations wishing to administer Mac using Parallels Mac Management. Parallels supplies helpful documentation, as well as a tool for making all the preparations and checks needed prior to installation. The Administrator`s Guide gives admins an overview of all the details relevant for such a deployment and is a comprehensive manual describing the individual modules of Parallels Mac Management and their requirements. Admins will also find a host of details on subjects ranging from configuring rights to an at-length description of client configuration.

For something shorter, refer to the Deployment Guide. This helps administrators prepare the preconditions needed for different configurations in a step-by-step procedure. Is Parallels Mac Management to be rolled out at a single site, or does the SCCM architecture span multiple locations housing several servers and proxies? The Deployment Guide helps with either scenario. It also shows what is needed for each component of Parallels Mac Management. This includes:

  • The steps needed to configure the Parallels proxy (a core component of Parallels Mac Management)
  • How admins should set up macOS software update management to roll out software updates via the Apple® server or a company’s own update server
  • How admins can use the Apple Device Enrollment Program (DEP) support via the Parallels MDM server and enable client lock and wipe

Use the Prerequisites Checker

Prior to installing all the needed components, the Parallels Prerequisites Checker helps verify whether the SCCM environment is ready for installing Parallels Mac Management. The checker works like a software wizard. After its launch, components need to be selected for checking: Parallels Configuration Manager Proxy, Parallels MDM Server, Parallels Netboot Server, or Parallels macOS Software Update Point. Before the actual tests can start, details such as server addresses or account information need to be entered. The following checks will run without user intervention. The Prerequisites Checker makes preparing and verifying the preconditions needed for Parallels Mac Management a piece of cake.

Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!

The post How to Prepare for Installing Parallels Mac Management appeared first on Parallels Blog.

Meet the Parallels Team at Microsoft Ignite in Stockholm


Parallels will be showcasing Parallels Mac Management for Microsoft SCCM and Parallels Desktop for Mac Business Edition at Microsoft Ignite, The Tour in Stockholm, Sweden between April 24 and 25, 2019.

Microsoft Ignite is the tech conference where you can explore the latest developer tools and cloud technologies and learn how to put your skills to work in new areas.

Event Microsoft Ignite, The Tour
Date 24 April 2019   –   25 April 2019
Venue

Stockholmsmassan, Mässvägen 1, Älvsjö

 

Our team Timofey Furyaev – Project Manager, Ian Appleby – Sales Territory Manager Northern Europe and Sina Walleit – Channel Marketing Manager are looking forward to seeing you at Microsoft Ignite in Stockholm on April 24 – 25, 2019.

For more information or if you would like to schedule a meeting, please click here. 

The post Meet the Parallels Team at Microsoft Ignite in Stockholm appeared first on Parallels Blog.

How to Enforce Privacy and Kernel Extension Policies for Clients


Version 7.3 of Parallels® Mac Management for Microsoft® SCCM comes with important new features that enable admins to manage kernel extension and roll out privacy policies using configuration profiles. Both kinds of policies are key to safeguard corporate Mac® devices against threats and potential privacy hazards—and both can be applied using Parallels Mac Management 7.3.

Apple® requires that one of two preconditions be satisfied for these safety-related settings to be distributed using configuration profiles:

  1. Users must consent to mobile device management (MDM) enrollment, and the configuration files are distributed via an MDM server, or
  2. The Mac in question must be part of the Apple Device Enrollment Program (DEP).

Apple introduced its new User Approved MDM (UAMDM) Enrollment with the macOS® High Sierra release. It enables MDM solutions to make use of new, enhanced safety policies. Parallels Mac Management 7.3 supports UAMDM—and along with that, the helpful safety policies for kernel extensions and privacy settings without the need for Apple DEP.

Tailor-made data privacy

Using privacy rules, admins can determine which applications should be allowed to access global positioning data or images, for example. Other rules define whether specific programs may access a camera or microphone. Directory access is a crucial privacy parameter under the EU’s General Data Protection Regulation (GDPR). The intention is to prevent unauthorized access to customer data by applications—to process them without their owners’ permission, for example. The Apple name for these privacy policies transferred as a configuration profile payload is Privacy Preferences Policy Control (PPPC). These privacy settings can only be rolled out to Mac® computers running macOS Mojave (10.14) or later.

Kernel extension policies

Kernel extensions for macOS are what users generally call “drivers.” Devices that macOS does not support out of the box need specific kernel extensions—but that’s not all. In many cases, software tools that dive deep into the operating system’s entrails try to install their own kernel extensions in order to work properly. Capturing tools and VPN software are two such examples. But kernel extensions have extensive system access rights, which is why they also represent a potential risk for the systems’ safety or stability. With User Approved MDM Enrollment, admins are allowed to include kernel extensions into a white list using team or bundle identifiers.

Parallels Mac Management 7.3 lets admins make use of User Approved MDM Enrollment, enabling them to apply new, advanced safety configurations in cases where Apple DEP is not used to roll out corporate Mac devices.

Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!

The post How to Enforce Privacy and Kernel Extension Policies for Clients appeared first on Parallels Blog.

How to Master Challenges Posed by Multiple Locations


In 2013, three regional colleges in Scotland joined forces to form a new educational institute, with one administration and IT organization. With three locations and 30,000 students, West College Scotland demonstrates the challenges for IT departments posed by mergers and multiple locations.

With inconsistent IT environments managed independently from each other, reconciling all the different devices and requirements turned out to be quite a daunting task. West College Scotland’s sites are spread widely around the west side of Glasgow. The college’s IT struggled with distances, merging structures, and an IT environment made up mostly of Windows clients—with a couple hundred Mac® computers thrown in. These Mac devices caused more than their share of work. The college already had Microsoft SCCM in place, so the Windows clients were well taken care of, but the tools available for Mac clients were quite limited.

However, nothing more was needed than Parallels® Mac Management for Microsoft® SCCM. A plug-in for SCCM, Parallels Mac Management allowed IT to manage Mac alongside all the Windows systems via a single user interface. “Today, we can use SCCM for managing all our clients to the last one efficiently, so we are saving a really big amount of time, money, and nerves,“ solutions administrator Chris Parker explained.

Today, Parallels Mac Management helps the college’s IT team integrate Mac devices automatically. Chris and his co-workers are able to install new software packages, updates, and scripts from a single centralized user interface. They can also put the installation of selected applications into the hands of users through a self-service portal.

This West College Scotland case study shows how the institution gained control over their PC and Mac clients.

Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!

The post How to Master Challenges Posed by Multiple Locations appeared first on Parallels Blog.

Categories