To earn the
Microsoft Most Valued Professional (MVP) title, it is not enough to just flaunt
your expertise with a few tips and tricks in appropriate news groups now and
then. A lot more is needed to get this honorary title that Microsoft has been
awarding since 1995. A jury picked from the members of an MVP team evaluates
the technical expertise and helpfulness of nominees who have commended
themselves through a substantial number of high-level lectures, blog posts, and
forum contributions during the previous year. So it might not come as a
surprise that the number of people who have cleared this hurdle isn’t large. In
2019, no more than 3,169 individuals were honored with the rank of Microsoft
MVP—out of more than 100 million IT community members.
Nair is one of the members of this illustrious group. A solution architect
based in Bangalore, India, Anoop supports users from all over the world seeking
help over multiple channels, demonstrating his impressive knowledge in complex
matters such as the Microsoft System Center Configuration Manager (SCCM), SCOM,
Intune, Mobile Device Management, and Azure. In 2015, the high quality of his
work along with the enthusiastic response of community members led to him being
awarded the MVP title in the field of Enterprise Client Management.
While Parallels assigns no awards of this kind, Anoop would be among the first to receive such an award if they did. Being one of the world’s leading SCCM experts, he of course also knows all about managing corporate Mac® clients. And it is no surprise that he has come to the conclusion that SCCM‘s basic functionality is not enough to manage Mac in a really comprehensive and convenient way. The reasons for this are explained in the article, „SCCM Mac Management – A Good Idea?“, which he posted recently in his very readable blog.
The post Introducing Anoop C. Nair, Microsoft MVP and Parallels Mac Management Evangelist appeared first on Parallels Blog.
Lost or stolen hardware presents organizations with a great safety hazard. This risk needs to be minimized with suitable measures. Parallels® Mac Management for Microsoft® SCCM helps IT teams lock Mac® clients remotely—and even wipe them should the need arise. This Remote Lock and Wipe is an important tool, often acting as a last resort to keep internal systems secured and prevent critical corporate data from ending up in the wrong hands. For admins to be able to lock and wipe Mac remotely, these devices need to be integrated into the organizations’ device management solution. Parallels Mac Management complements Microsoft SCCM, enabling it to lock and wipe Mac clients remotely.
On the safe side with clear rules
Consistent rules for employees form another part of corporate risk prevention. IT should be notified immediately as soon as a Mac laptop has been forgotten in a train or vanished at a conference. This is the only way to lock lost computers and to safeguard company data right away. If the device doesn’t reappear, IT can issue an instruction for the data to self-destruct. As soon as the device is booted and reconnects to the Internet, the data will be deleted. To lock or wipe a client, an admin has to select the respective device by right-clicking on it under “Assets and Compliance / Devices” in the Configuration Manager Console and select “Parallels Mac Management Tools > Wipe Mac > Wipe Mac.” This system lock will not work if the thief or finder removes the hard disk from the computer and tries to gain access to the data directly.
By the way, the modern Macs equipped with a T2 chip will make it impossible to gain access to the data by removing internal storage, which is cryptographically tied to a particular device. So if internal storage media is physically moved from one device to another, the files they contain are inaccessible. It helps to improve security even more.
encryption is an additional level of effective protection for corporate data.
Parallels Mac Management further complements Microsoft SCCM with the ability to
activate File Vault 2 and encrypt the entire hard disk. Without Parallels Mac
Management, Microsoft SCCM lacks this capability.
now, free of charge, for weekly Webinars and learn more about Parallels Mac
Management for Microsoft SCCM.
The post Blockade: How to Lock and Wipe Mac Devices Remotely | Managing Mac with SCCM appeared first on Parallels Blog.
For many organizations, a public key infrastructure (PKI) is a crucial part of their security architecture. Administrators have the option to set up Parallels® Mac Management for Microsoft® SCCM with a PKI mechanism to enable secure mutual authentication between a SCCM server and Mac® clients. This allows Mac clients so connect to SCCM servers securely via HTTPS.
connections are relevant not only in sensitive environments and security-minded
organizations but can quite generally protect communications between management
servers and clients. Encrypted connections are actually required by Parallels
Mac Management if clients are to be managed outside of the corporate network
over the Internet. To enable this, IT teams must select the “HTTPS”
option of the “Distribution Point Properties” when installing
Parallels Mac Management.
Enabling encrypted connections
Windows Server 2008 or later is needed for employing PKI certificates. Mac clients need certificates issued by an instance trusted by SCCM. For this purpose, IT needs to create certificate templates, which requires installing the Windows Certification Authority if this has not already been done. A security group is also needed that has the right to request certificates. This is necessary for the proxy to receive its own certificate. Admins can find detailed steps for preparing these certificate templates in the best way for Mac on corporate networks in the Parallels Mac Management Administrator’s Guide.
helping install Parallels Mac Management, the wizard will automatically
identify an existing Windows Certification Authority and display it on the
“Parallels Client certificate management settings” page. Under
“Parallels Proxy certificate template,” admins can then select the
certificate template prepared earlier. Expiring certificates are not a problem
with Parallels Mac Management. The Parallels Mac Manager proxy can respond
automatically and renew expiring clients’ certificates.
Microsoft Docs – PKI Certificates | Windows Server 2008
Microsoft Docs | How to deploy Client Certificate for Mac Computers
Parallels Mac Management | Administrator’s Guide (PDF)
Microsoft Docs – PKI Certificates | How to Backup a Public Key-Infrastructure (PKI)
now, free of charge, for our weekly Webinars and learn more about Parallels Mac
The post Parallels Mac Management and PKI Certificates| Managing Mac with SCCM appeared first on Parallels Blog.
The needs of education centers rapidly
change in order to meet the challenges of technology in the classroom. More
Mac® computers are being used in Windows-centric educational environments, and
many Windows administrators don’t have native enterprise tools to meet this
How many IT specialists are required for an environment to remain free from performance failures and stay up to date? West College Scotland has 30 IT professionals to keep their infrastructure running. Their environment is typical: devices are diverse, remote, and spread out across different locations.
Windows applications (such as Office 2016
and Office 365) as well as different project-management, 3D, and
game-development solutions can be found on the 5,000 PCs at West College
Scotland. On top of this, Office and graphic-design programs from Microsoft and
Adobe are used on 300 Mac® computers. These computers are primarily used as
part of the college’s design courses, as well as in the private apartments of
The three originally independent colleges
and current campus of West College Scotland had already successfully
implemented Microsoft System Center Configuration Manager (SCCM) for efficient
administration of their infrastructures. Thanks to SCCM, it was possible to
roll out application programs, operating systems, and required updates in a
centralized manner. Microsoft SCCM offered ultra-convenient asset and device
management and quickly replaced previous installation and imaging routines, which
had been manual and taken up a great deal of time.
However, one question remained: How would they deal with the ever-increasing number of Apple® computers on campus? The basic functionalities that Microsoft SCCM provides for managing Mac were indeed an improvement on the previous, exclusively manual administration of iMac® and MacBook® devices. But the standard of management it offered was far from convenient. Even DeployStudio, which had been developed by one of the employees to create and restore hard drive images, was unable to resolve this issue.
The Mac Management Dilemmas Faced by IT Education
The alternative to managing Mac and PC computers together is usually a siloed approach for support and management. This adds more cost to already tight education budgets where investments in students, staff, and administration are the highest priorities. These siloed approaches carve up support budgets into smaller, less productive spends. They also set up separate support structures, which grow into their own concerns.
These days, the “bad guys” don’t care if you’re on a Mac or a PC. The Intel central processing unit (CPU) in Mac computers is similar to those in PCs, and as such both are vulnerable to many common attacks. If your Mac isn’t up to date with macOS patches, it could be vulnerable. How do you centrally automate these updates to make sure Mac computers are safe and protected?
Spread across a campus, classrooms and labs need to support many macOS versions. Automating this from a central source—with the ability to select specific macOS versions for each application or classroom—isn’t always easy. However, it can be.
In a hybrid environment with a mix of Windows and Mac computers, what drives management: Windows or Mac priorities? Why can’t it be both? What if you could add the same right-click management that Windows devices receive in Microsoft System Center Configuration Manager (SCCM) to Mac devices? What if you could do it with a short learning curve, no silos, and the same system administrators?
Microsoft SCCM remains a standard for PC management, but what do you use for third-party solutions for Mac management? Using Active Directory and console-based tools for managing macOS like mobile devices is a compromise. Would you manage a Windows PC solely with a limited set of mobile management tools? How do you integrate the Apple Device Enrollment Program (DEP) into a Windows-centric management platform for zero-touch enrollment—and then enroll it into Microsoft SCCM?
Thanks to Parallels® Mac Management for Microsoft® SCCM, the West College Scotland IT team is now able to automatically integrate new and existing Mac computers into the company network. Their solutions administrator and his colleagues can install new software packages, updates, and scripts from a central interface. They can also leave the installation of defined applications in the hands of users via a self-service portal.
“…we are now able to administer our entire heterogeneous fleet of computers and the applications used on them in a centralized manner with the aid of one single product, Microsoft SCCM, and a powerful expansion called Parallels Mac Management.” Chris Parker, System Administrator
Setting up the Parallels solution went
seamlessly, even though Parallels support was needed now and then. Chris
elaborates: “I had to make a few phone calls, as our specific setup was a
little bit different to the one outlined in the solution’s documentation. But
thanks to the truly excellent support provided by Parallels and its highly
dedicated employees, who were always willing to lend me their time, we quickly
got to grips with smaller problems, such as issues with our WSUS servers during
the installation of updates. I was really impressed by the team at Parallels!”
When asked what he thinks are the biggest advantages of the Parallels solution, one answer springs to mind. “Firstly, I would say that one major benefit is the truly convenient, quick, and simple rollout of software and operating system updates, which means that we can finally implement all the criteria stipulated in the Cyber Essentials issued by the National Cyber Security Centre. On top of that, we are now able to administer our entire heterogeneous fleet of computers and the applications used on them in a centralized manner with Microsoft SCCM and Parallels Mac Management. As we can now efficiently use SCCM to manage virtually all of our clients, we are now saving enormous amounts of time and money, not to mention our nerves!”
Parallels Mac Management for SCCM can be demoed and tested in your production or test environment. You can even get a trial in a box for $3.75 per Mac/per month. You can manage your Macs with Microsoft SCCM, where you already have invested IT budget, time and training.
The post Manage Mac in Education with SCCM: A New Approach for Device Management appeared first on Parallels Blog.
client agent is the counterpart to the SCCM server on the user’s side. Residing
in managed client computers, this piece of software acts as an intermediate
between the IT administrator’s actions and the actual policy enforcement and
software deployment actions on the user’s system. So the SCCM client agent
(often simply called “client”—and not to be confused with the client
computer) is essential for managing client computers.
program is also responsible for taking stock of the existing hardware and
software. Admins can compile complete lists and reports of the inventory
present in the organization and generate corresponding requirement and purchase
plans. Without a client agent, a system essentially does not exist for the IT
administration—or at least only as an unmanaged, unknown device within SCCM’s
device collection. That is why it is important for the IT infrastructure as a
whole that SCCM clients are deployed reliably on all the organization’s
endpoint computers—and that the communication between those clients and the
management server is in working order.
systems, there are a number of ways to install the SCCM client on corporate
endpoint computers. All these methods can be automated. No one from IT needs to
produce an USB drive for this purpose.
Microsoft SCCM and Mac
client agent can be retrofitted with enhancements for added functionality. In
addition to distributing software and applying system patches, the agent
program can also be used to patch third-party software. This enables IT to
handle software distribution and update management entirely via SCCM.
There is a
special version of the SCCM client for macOS® systems on the corporate network. But
this includes two alternatives. Microsoft’s SCCM client for macOS is intended
to apply administration procedures from SCCM to Mac® systems. However, these exhibit
major differences compared to Windows systems. On the one hand, SCCM can
natively handle significantly fewer parameters for macOS. On the other, IT is
forced to install the client software for macOS manually on every single Mac in
the organization. Things become much easier with Parallels® Mac Management for Microsoft® SCCM, a plugin for SCCM that adds many
management features to SCCM. Parallels Mac Management enables automated Mac
discovery and client software installation, relieving admins of some of their
Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!
Online training for SCCM | Plural Insights
Ivanti Patch for SCCM | Third Party Patching via SCCM
Verify an SCCM Client is Finished Installing | Interface Technical Training
Install an SCCM Client Manually | Datacenter-Insider
The post SCCM Client Agents Demystified | Managing Mac with SCCM appeared first on Parallels Blog.
Installing Windows SCCM
To manage their clients via SCCM, organizations first need to set up the SCCM infrastructure for Windows. Before the installation can start admins need to do some preliminary work. Admins should use Windows Server 2012 or later. After that is verified, they need to extend the Active Directory Schema. Microsoft supplies a tool, extadsch, that performs this task automatically and documents it in a log file. The third step is to generate a new container, System Management, using the tool ADSIEdit and to specify rights for this container.
Microsoft Windows Assessment and Deployment Kit (ADK)
The Microsoft Windows Assessment and Deployment Kit (ADK) is also required for Windows SCCM. Admins can download this from a Microsoft website. They need two of the kit’s components, the User State Migration tool (USMT) and the Windows Preinstallation Environment (WindowsPE). The Microsoft ADK as a whole is used to provide client systems with Windows images. Windows SCCM works with a database, and an SQL server is essential for this purpose. This SQL server can be installed on the same system as all the other components that make up and help SCCM, if desired. If admins need the SCCM’s reporting functionality, they should activate the Reporting Services when installing the SQL server.
The tool Prerqchk
The tool Prerqchk can verify whether all the requirements for SCCM have been met. The Windows SCCM installation wizard itself asks how SCCM should be installed. Admins can choose “primary site” if SCCM should only manage a single location within the organization. The location code and name to be used for installing are other parameters that need to be entered in the Windows SCCM installation wizard. A link to the SQL server and the choice of whether to install the distribution points along with the application are the final entries.
Managing Mac Clients
The SCCM plug-in, Parallels® Mac Management for Microsoft® SCCM, is an easy way for admins to manage Mac clients as well—directly from the SCCM console.
Learn more in our webinars
Join our webinars to learn how you can manage corporate Mac devices natively within Windows SCCM.
Windows Pro | How to install System Center Configuration Manager (SCCM) 2016
Prajwal Desai | SCCM 1802 Install Guide using Baseline Media
Microsoft Docs | Install the System Center Configuration Manager console
Microsoft Docs | Client installation methods in System Center Configuration Manager
The post How to Install Windows SCCM | Managing Mac with SCCM appeared first on Parallels Blog.
Here at Parallels, I hear the following from SCCM Admins all the time:
“Hey, I like Parallels Mac Management for SCCM a lot – it’s a great way to manage both Windows and Mac endpoints in SCCM…. BUT my CIO/IT Director/Boss/Team/Board doesn’t think Endpoint management is a priority. It’s a nice to have – we’re going to keep doing what we’re doing and look at this next month/quarter/year/budget cycle.”
The kids nowadays have an acronym that they use in text messages and social media—it’s SMH. It stands for “shaking my head.” When I hear this from an SCCM admin, I’m SMH all over the place.
Here are the facts: According to IDC, 70% of successful breaches begin at the endpoint. As of this writing, the National Institute of Standards and Technology (NIST) is tracking almost 122,000 known Common Vulnerabilities and Exposures (CVEs) in its National Vulnerability Database (NVD), almost 5,000 of which have been opened this year!
So what’s the big deal? Simply patch these systems and you’re good to go, right?
Not so fast. If you’re like most companies, it takes and average of 100 – 120 days to patch a vulnerable application or OS – which is disappointing – because the probability of a vulnerability being exploited hits 90% between 40 – 60 days after discovery. That math adds up to breach.
So…if you’re a normal IT team, you’re already behind on your patching vulnerabilities. But you’re an SCCM admin, so at least you can patch all your devices on your Windows network through SCCM-right?
As of right now, Windows only controls 69% of the desktop market share. Apple OS X controls almost 20%! And whether those Macs are CYOD, BYOD or LMNOP, they’re hanging off your WIFI’s and dialing into your remote sessions and VPNing into your intranets!
You cannot just ignore them!
So you can’t get at these Macs via SCCM. Are you going to ask 20% of your end users to “bring their Macs to IT” to do patch updates?
Don’t take a sip of that coffee yet—because it gets worse.
OK, so let’s say you recognize you need to manage the Macs on your network, and let’s say you convince Mac users to bring their Macs in (you should be buying a lottery ticket if this happens). Now it’s time to update and patch. It should be just as simple as updating a Windows 10 patch, right?
Let me ask you, what’s the percentage of your Windows network that isn’t Windows 10? I’m guessing it’s in the single digits.
Look at the breakout of your Macs.
Which version OS patches are you going to deploy? Only 44% of Mac endpoints have the latest OS—Mojave—running.
Imagine trying to patch Windows 10, Windows 8.1, Windows 8, Windows 7 and Windows Vista! At the same time!
All of a sudden endpoint management doesn’t seem like a project you can just push off because your boss/your team/your board/Santa Claus doesn’t think it’s a “priority.”
Listen I get it—endpoint management isn’t sexy or exciting. It’s not hybrid-cloud, Augmented Reality-enabled, Internet of Things, Sustainable Artificial Intelligent Sharks with laser beams on their foreheads!
It’s just imaging, patch management and endpoint security. Basic vanilla stuff.
It’s stuff you handle right now within SCCM for your Windows devices.
Yeah, it’s boring.
But you know what’s NOT boring?
This: When your CFO calls your IT helpdesk from the Denver airport at 5 p.m. on a Friday and leaves this voicemail “Hey, I left my MacBook in the Uber and I have to catch a flight and all the financials from Merger and Acquisition meeting are on it! Can you, like, delete all that stuff? Because if it gets out, it could tank the company stock and put us all out of work. Gotta go—bye!”
If that were a PC, you could just WIPE/LOCK it in SCCM, turn it into a brick and go home for the weekend.
But it’s not a PC.
Feel that trickle of excitement, the feeling of your weekend being ruined? Nothing like an all-hands fire drill to add some EXCITEMENT to the boring old IT department.
Wouldn’t it be nice (and boring) if you could treat a Mac in SCCM just like you treat a PC?
So here’s my “sales pitch:” Endpoint management IS a priority. As an IT professional, it should be your first priority. If you need help convincing your boss/team/board/Easter bunny otherwise, click the link and I’ll meet with you to help you make your case.
Parallels Mac Management for SCCM can be demo’d and trialed in your production or test environment. You can even TRIAL IN A BOX. For $3.75 per Mac/per month, you can manage your Macs in SCCM, where you already have invested IT budget, time and training, so you can stop dreaming and start planning all the other cool sharks with laser beam IT projects we talked about earlier.
Endpoint Management IS a Priority – so let me help you treat it as such.
Active Directory (AD) is one of the key tools that IT teams use to organize corporate network infrastructures. This includes all their assets and users. It helps manage domains, identities, user groups, and protected content for user accounts. For inconsistent IT environments (ones with both Windows and Mac®), it has the disadvantage of being a Windows solution. Because of this, admins face challenges when working with Mac clients—not all features and instructions work for Mac. Apple® uses its own implementation of the Lightweight Directory Access Protocol (LDAP) standard to connect Mac devices to AD servers or domain controllers: Open Directory. This means that admins lack important features of Active Directory. For example, group policies have no effect on Mac computers. Group Policies are a common feature that allows admins to regulate a range of user rights.
Connecting Mac Devices via Active Directory
However, Mac devices can be connected via Active Directory. Apple offers their Directory Utility to accomplish this. It enables administrators to integrate Mac clients into an existing AD environment. Once the Mac clients are integrated via AD, at least some policies take effect for these clients. Examples include policies for domain passwords and identical user and domain login credentials, along with protected resource authorization. Another alternative for connecting a Mac with a domain controller is to choose the „Users & Groups“ option in the system settings under „Login options“ > „Network account server”. In practice, however, configuring Mac clients manually one by one using Active Directory is not ideal.
Integrating Mac clients into an Active Directory network
Using Microsoft SCCM and Parallels® Mac Management for Microsoft® SCCM is a significantly easier way for administrators to integrate Mac clients into an Active Directory network. The SCCM Active Directory System Discovery tool automatically identifies new Mac devices on the network. And then installs the Parallels Mac client software on them. Check out the “Installing Parallels Mac Client Using Discovery Methods” section of the Administrator’s Guide for a detailed description of how this works.
Learn more about how to manage Mac devices like PCs with Parallels Mac Management in our weekly Webinars. Register now for free!
Parallels will be showcasing Parallels Mac Management for Microsoft SCCM at MMS – Midwest Management Summit at Mall of America in Bloomington, Minnesota May 5 – 9, 2019.
The Midwest Management Summit is a 4-day conference purposely capped to just 750 attendees so that nobody gets lost in the crowd.
|Event||MMS Midwest Management Summit|
|Date||Sunday, May 5, 2019 – Thursday, May 9, 2019|
|Booth||Parallels Booth 2|
|Venue||Radisson Blu in Mall of America, 2100 Killebrew Dr Bloomington, Minnesota|
|Presentation||Tuesday, May 7, 2019 – 3:00pm – 4:45pm
“How on EARTH do I Manage This? The Challenge of Windows, Macs and MDM in the Microsoft Ecosystem.”
More Info, click here.
Our team Danny Knox, Ellis Jones, and Cristina Gonzalez are looking forward to seeing you at booth 3 at Midwest Management Summit in Bloomington (Minnesota) on May 5 – 9, 2019 and also at Danny Knox’s presentation about “How on EARTH do I Manage This? The Challenge of Windows, Macs and MDM in the Microsoft Ecosystem.” on May 7 from 3:00 – 4:45pm.
For more information or if you would like to schedule a meeting, please click here.
The post Meet the Parallels Team at MMS Midwest Management Summit appeared first on Parallels Blog.
The bring-your-own-device (BYOD) trend has truly taken off,
largely because business leaders know it’s increasingly something employees
want. IT departments may not always be keen on BYOD—IT managers have to closely
monitor employees’ devices to ensure the business remains protected—but they
know they have to plan for it. Moving from BYOD to choose-your-own-device
(CYOD) can be a good option for companies to minimize risks, while only
introducing a few. (If your company uses Microsoft SCCM, there is an additional
opportunity to make your IT life a little easier…I’ll explain later in this
BYOD is popular—and it
affects the workspace
This dynamic can
be difficult for companies to accommodate. Employees are now less concerned
about the technology that their companies can provide—they’re bringing and
using their own devices anyway.
According to a report by Forrester Research, as many as 53% of employees brought their own devices to work in 2012. By 2018, those numbers increased to 65%. This trend—as well as other requirements of the digital age—means that companies need to invest a significant portion of their revenue on IT and technological infrastructure. In fact, according to a Deloitte study, 57% of companies’ IT budgets are spent on business operations, including employee technology.
your BYOD policy really secure?
This may sound like an obvious
thing to ensure, but a surprisingly large number of organizations falter here. Many
of the everyday tasks performed by your employees are inherently insecure.
If your BYOD security program only covers a specific operating system (for example, Windows), many devices (including the ever-popular iPhone®) are automatically out of scope. If you have Mac® computers on premise and don’t manage them, you leave them vulnerable to Meltdown and Spectre.
I highly recommend this exceptional 10-minute read from TechGenix about how to check your BYOD policy for consistency and security by asking yourself the right questions and aligning with your IT department and company goals.
CYOD is a smart move in 2019
BYOD brings up new problems that companies have to mitigate. It’s difficult to manage employee-owned devices, so you can’t account for things like software updates, malware protection, and other protective strategies that can secure companies’ sensitive information. Employees are also more likely to use their personal devices on unsecured wireless networks, allow other people to use them, or leave company information on the device when they ultimately get rid of it.
these reasons, CYOD is a step forward from a traditional BYOD policy. With
CYOD, IT departments define a lineup of desktop and mobile devices that employees
can get from their employer. Because they are technically company-owned
devices, this mitigates the risks associated with BYOD. Employees can also get
the type of device they like. People
tend to have specific tastes and desires when it comes to their technology.
Some employees are adamantly “Apple® people,” while others will always prefer a
to implement CYOD, companies need an enterprise-level device management
solution to effectively manage the offered devices. Do you know how many Mac computers have access
to your company’s sensitive data?
If your company already uses Microsoft SCCM for managing Windows endpoints, consider Parallels® Mac Management for Microsoft® SCCM, an SCCM plug-in that allows IT admins to manage Mac devices like Windows PCs. Having Windows and Mac managed in Microsoft SCCM (in a single pane of glass) is a good strategy. It’s backed by Microsoft’s experience in Windows endpoint management and its commitment to providing tools like SCCM and Intune for enterprise-level device management.
decision you and your stakeholders make, it’s important to make note of the
points made here to ensure the viability and longevity of your solution.