With recent events, more and more companies are increasing the amount of time their employees are working from home, with some moving to entirely remote workplaces.
This creates special challenges for IT departments, which often rely on having ready access to devices to troubleshoot problems and tightly controlled networks to maintain security. (We wrote about the challenges of going to a 100 percent remote workplace and the things an IT department can do to smooth the transition in an earlier blog post.)
In the Apple IT sphere, one thing the shift to work from home highlights is the importance of having a robust device management provider. An MDM solution is already an incredibly important tool in your arsenal as an IT manager. With most of the devices operating out in the world, a robust remote management solution becomes mandatory.
Most device management providers add a fair bit of overhead, however, which is not something you need during this trying time. But device orchestration through Fleetsmith enables a high level of security and compliance while alleviatiating as much manual work as possible, giving you more capacity to devote to all the other challenges you’re facing right now.
Here’s a few of the things Fleetsmith can help with:
1. Device security
With employees working from home, it becomes nearly impossible to ensure the networks that they’re connecting to are secure. Some will choose to work off of public WiFi, and it’s not likely that their home network security is up to the bar of a corporate network.
This puts even more onus than before on device security. Fleetsmith can help ensure a baseline on all of your devices by enforcing such things as secure passwords, screen lock, full disk encryption, VPN, remote lock and wipe capability, and more. Whereas a lot of device management providers default to run-once for this kind of configuration, Fleetsmith can enforce these settings with a single click to enable self-healing devices. This means that Fleetsmith will automatically detect when a device has drifted from a secure state and work to correct that, without you having to take any action at all.
2. Seamless software deployment
As you analyze your fleet’s compliance, security, and productivity needs during a work-from-home period, you’ll probably discover that there are gaps that will need to be filled by new software, which you’ll have to figure out how to deploy to your device fleet. This is something that’s always challenging, but it’s made even more so by the prospect of never being in the same building as your devices.
Fleetsmith makes deploying apps and scripts to every device in your fleet easy and automatic. For the more than 90 items already in the Fleetsmith Catalog, the current version is available pre-packaged, which means deployment just takes a couple clicks in the admin console. Devices will automatically install the app or run the script on their next check-in. This happens in the background and without causing any disruption to employees unless it’s something that requires a device reset. In that case, you can enforce the update by entering a deadline you’d like it completed by, and Fleetsmith will proactively remind employees to run it.
3. Remote software updates
One of the most important aspects of device security is ensuring that the OS and all of the applications running on the device are up to date. New vulnerabilities appear constantly, and the patches that close these holes are rarely ported back to previous versions.
Unfortunately, this is another thing that is made extremely complicated by a 100 percent remote workforce. For items in the Fleetsmith Catalog, new security patches are available the same day, and can be enforced by setting an upgrade deadline. Fleetsmith will then ensure that these patches are applied to the entire device fleet before that date -- performing the update automatically if the app is not running, or reminding employees to close it to complete the update if it is running. Fleetsmith will remind them every day until the last day of the deadline, then every hour until the last hour, and then finally gives them a few minutes to save work and force the update manually. All without you needing to do anything except set the enforcement date.
4. New device provisioning
If your company is continuing to bring on new hires or provision new devices during a work from home period, this can be a major challenge for an IT department because there’s no longer a secure central location to ship devices to for setup. Often it means having to pay for two shipments instead of just one — once to the IT admin to set up and enter into inventory, and once to the employee to use.
In theory, the answer to this is a device management solution that integrates with Apple’s Device Enrollment Program (DEP) through Apple Business Manager (ABM). This allows devices to come pre-enrolled with an MDM profile so that you can send them commands right out of the box. However, MDM on its own isn’t enough to set up and manage all things on a device, which means even with this step, you often end up having to physically take possession of the device to do some manual setup before handing it off to a new employee.
Fleetsmith goes beyond this to enable what we call True Zero Touch Deployment, which makes it possible to dropship equipment directly to remote employees and have them set themselves up outside of the box, without you ever having to be in the same room. In addition to DEP, we integrate seamlessly with an Identity Provider to automatically set up local user accounts and passwords on a new device. One of the first things the device does after powering on and enrolling itself in Fleetsmith is download our local agent, which then handles a more robust app install and configuration than is possible with MDM alone. This lets you do a simple computer setup from start to finish without any need for manual work or direct human interaction: local account, OS configuration, encryption, app installation, and app configuration.
5. Fast, painless MDM rollout
Sure, you might say, that’s all well and good and I would like to have a device management solution in place, but if I don’t already have one, wouldn’t now be too late? It’s true that device management implementation is normally a big project, even before you consider the additional logistics challenge of doing it for an entirely remote workforce. You might think you won’t have enough bandwidth to do that at a time when your capacity is already stretched.
Yet Fleetsmith is designed to be easy to implement whether you’re in the office or not, and once it’s in place, a lot of other things will become easier. We connect with G Suite or Office 365 as an identity provider to pull in your entire workforce, then help you to send a pre-drafted email with a custom enrollment link to every employee, all with a few clicks. Once that’s done, you can monitor who has enrolled their device and who still needs to from your admin console, and continue reminding stragglers until you reach full deployment. From there, you simply need to assign users to an appropriate profile (based on their team or role, for example) and their devices will configure themselves to your specifications. It’s such a light implementation process that we’ve had customers go from zero management to full deployment for hundreds of devices in as little as two weeks, even with fully remote teams.
There’s a ton of benefits for IT departments in adopting a mobile device management solution to maintain their device fleet during a prolonged remote work situation, and there’s a lot of ways Fleetsmith specifically can help you out. If you’d like to hear more about how Fleetsmith could help your department adjust to WFH, contact us at firstname.lastname@example.org to schedule a time to discuss your needs with our team.