Where Apple falls short for enterprise IT

Apple now slots well into corporate life because it made a conscious and concerted effort years ago to ensure its products were enterprise friendly. By and large, the effort has been extremely successful. But that doesn’t mean the company always hits the mark — and sometimes it doesn’t even seem to be aiming at the mark. 

In its annual enterprise report card on Apple, Six Colors found that Apple actually slid backwards in IT leader satisfaction for two-thirds of categories surveyed. The worst areas involved software reliability and innovation followed closely by macOS identity management. Opinions about enterprise programs in general — and the future of Apple in the enterprise — were also lower than in 2024, as was service and support, which has emerged as a real pain point. 

It wasn’t entirely bad news. In the report card, Apple saw modest gains in hardware reliability and innovation, deployments, and its MDM protocol and infrastructure. The latter underlines the fact that Apple sees at least the core needs of enterprise IT and, with the help of third-party vendors, can meet those needs. 

Documentation doesn’t cut it

Documentation is an across-the-board failure. Apple does provide a broad range of documentation for enterprise use, but much of it isn’t particularly detailed. Apple also doesn’t provide much in the way of  videos, webinars and other media beyond written guides. 

Finding documentation can also be a challenge. There is no single stop where you can find everything neatly organized. Information might be included with developer documentation, on Apple’s training site or designated for enterprise support. In many cases, finding where needed details live (if they exist in a document at all) usually comes from other Apple IT admins or from calls to AppleCare for enterprise. Thankfully, there is a large and welcoming Apple IT/Mac Admin community online, along with additional resources to consult. 

Software reliability is a victim of the annual release cycle

A problem that affects more than just enterprise users is Apple’s relentless annual release cadence, something that plagues software far more than hardware. Apple Intelligence is one shining example of Apple overreaching and not being able to deliver, as is the climb to make Stage Manager truly useful. 

While Apple’s seeming rush to release dazzling new features every year impacts software design and reliability for all users, it hits enterprise IT especially hard for a couple of reasons. 

First, enterprise tools in many ways could be considered a niche area of software. As a result, enterprise functionality doesn’t get the same attention as more mainstream features. This can be especially obvious when Apple tries to bring consumer features into enterprise use cases — like managed Apple Accounts and their intended integration with things like Continuity and iCloud, for example — and things like MDM controls for new features such a Apple Intelligence and low-level enterprise-specific functions like Declarative Device Management.

The second reason is obvious: any piece of software that isn’t ready for prime time — and still makes it into a general release — is a potential support ticket when a business user encounters problems.  

Security and privacy — banner advantages that lead to banner fatigue

Apple tends to score well when it comes to security and privacy protection. But sometimes it goes overboard. Anyone who’s set up a new Mac will see alert after alert asking for permissions and warning about potential pitfalls. Yes, that demonstrates Apple is trying to keep everything locked down and secure. But when there’s a pile-up of security messages, IT admins’ eyes glaze and they stop registering what they’re seeing — and what they’re allowing. 

In a work environment, users who don’t have the right permissions set could find themselves without access to some part of macOS or its file system. (Given Apple’s identity management on iOS, this tends to be a bigger challenge on Mac.) Permissions issues mean…another support call for IT.

Some of this can be mitigated with proper deployment planning and using management tools like MDM profiles, but there’s a limit to what those approaches can achieve. 

Deployment is good, but needs more work

Deployment features were one area where Apple generally got high marks— and deservedly so, given how smooth Automated Device Enrollment (ADE), Device Enrollment Program (DEP) and MDM can make things. But there’s room for improvement, Six Colors found in its report. 

Among the issues: ADE and patch management reliability dropped for some organizations; documentation of deployment workflows didn’t provide enough information; tools like Apple Configurator still require one device at a time registration (for devices that aren’t able to utilize ADE and DEP); and there aren’t APIs available for automation of Apple Business Manager and related deployment processes. 

Automation limitations

Deployment might be where the lack of automation is clearest, but the issue runs through most aspects of Apple device and user onboarding and management. Apple Business Manager doesn’t offer any APIs that vendors or IT departments can tap into to automate routine tasks. This can be anything from redeploying older devices, onboarding new employees, assigning app licenses or managing user groups and privileges. 

Although Apple Business Manager is a great tool and it functions as a nexus for device management and identity management, it still requires more manual lifting than it should.

Identity management has never been Apple’s strong suit – and it still isn’t

The battle to marry network user accounts to managed Apple devices is a long and bloody one that goes back decades with a lot of it centering on the need to bind (join) devices to Active Directory and, now, Microsoft Entra. 

Apple has made some strides in recent years by replacing outdated mechanisms with its Platform SSO framework (and with it support for additional identity management providers beyond Microsoft). But the functionality tends to be fragmented and requires a patchwork approach for many IT teams. Apple also relies heavily on identity management providers to integrate its platform SSO, which can limit its usefulness. 

Managed Apple Accounts can also fall victim to identity management issues. While Apple has pushed for their adoption, getting them to function with network identities is not a sure thing.

There are tools for managing identity — they’re just not from Apple. Jamf and TwoCanoes both having offerings but they aren’t native tools built into Apple’s OSes. 

Some MDM controls remain MIA

Apple’s MDM controls and commands are quite robust, but the company often releases new features without releasing MDM controls for them. It often (but not always) addresses this issue after release, but that still leaves enterprise customers unable to restrict or manage those features for an undefined length of time. 

There’s also the problem of granularity. Many MDM controls allow the disabling of feature sets as a whole, but don’t allow IT to configure or manage specific features. 

In recent years, as part of its efforts to move to Declarative Device Management(DDM), Apple has deprecated, removed or altered a number of MDM controls and payloads — and not always in a consistent way (or with adequate preparation/documentation). Over the last year, changes in MDM controls for network-related features were one particular pain point for Mac IT admins. 

There’s also the challenge of dealing with Apple’s public beta releases and how MDM controls and commands can be applied to them. I’m all for allowing workers to try the preview software each year — it helps IT prepare for the coming final release — but they pose an ongoing challenge. 

Declarative Device Management needs more adoption

Apple unveiled DDM as a modernization of the aging MDM protocol in 2021; it allows devices to manage themselves based on set conditions rather than constantly polling an MDM server. That’s good and Apple has made serious investments in DDM over the past four years. But some of those advances are too infrequently trickling down to many organizations. The biggest stumbling block is getting MDM vendors to fully embrace DDM and enable it effectively for their customers. 

You can argue that the fault here is less with Apple and more with specific vendors, but Apple is the ultimate authority and could be doing more to prod vendors to embrace its vision in a coherent way. 

The lack of Apple Intelligence management tools

The rollout of Apple Intelligence has felt like anything but intelligent. While some features have trickled out, the ability to manage them in enterprise environments is lagging. Any new MDM controls released for  Apple Intelligence have not been particularly granular, especially when you consider where Apple Intelligence is going (or supposed to be going). 

It’s clear that Apple is going to rely on additional generative AI providers beyond OpenAI’s ChatGPT. It remains to be seen whether  Apple will offer granular controls for each potential AI’s features (or even allow pre-setting or requiring a specific LLM). Apple has invested in privacy with its Private Cloud Computeservers that act as an intermediary between device and LLM. And the company is expected to move more and more AI tasks to its devices. But there’s been no indication yet about whether IT will be able to control how business data is used (allowing only on-device AI or mandating tools run on  Apple’s privacy servers). 

Does Apple even want feedback?

One of the biggest criticisms Apple gets from IT pros is that it doesn’t seem interested in their needs or concerns. The Feedback Assistant app is a particular sore point: it functions like a black hole — problems, concerns, requests all go into it, never to be seen again. The problem isn’t just with that one feedback channel. Even Apple’s enterprise support teams have limited ability to address issues or shepherd feedback to the company. 

It’s easy to think, “Well this is Apple, a company that always thinks it knows what’s best despite what customers think ought to happen.” And that’s true. This is par for the course in Apple’s customer relationship. But while that might fly with consumers, businesses with thousands of Macs, iPhones, iPads and other Apple devices should be a bit of a different story. 

Apple needs to be clear about its enterprise commitment

One theme that surprised me in the Six Colors report card was that IT leaders continue to question Apple’s commitment to enterprise customers. 

I’ve been following Apple’s approach to enterprise and education since the turn of the century. The investments it’s made since 2000 show Apple is serious about this market segment. The launch of MDM in 2010 was the point where Apple really proved it wanted to be a serious enterprise player and could even be a leader in some cases. 

But that commitment hasn’t been consistent. Apple has pulled the rug out from under enterprise IT pros by making dramatic changes without warning, deprecating or eliminating features that many large customers depended on and radically changing direction when it comes to specific technologies. The fate of the Xserve and macOS Server, while logical in hindsight due to the explosion of cloud computing, shows how Apple can spend years building enterprise demand for a solution — and then almost casually throw everything out the window. 

Consistency is probably the biggest thing Apple needs to work on when it comes to its enterprise customers. It’s made serious strides in the past couple of decades, but often with a step back, or to the side, or even off into a different direction. The path deeper into the heart of the enterprise needs to be straightforward for Apple to succeed.