(no title)
chrnola | 2 years ago
Also - I’m not super well versed in MDMs, but they seem to come in two general flavors/deployment strategies: bring-your-own-device (BYOD) and manage a fleet of employer-owned hardware.
In my experience, I’ve only ever seen BYOD policies for employee-owned _smartphones_ (e.g. for access to an intranet mail server). I’ve never worked anywhere that permitted employees to use their own _workstations_.
turquoisevar|2 years ago
Apple Connect, SSO authentication service, is used by all Apple employees, both corporate and retail.
The actual MDM itself (what is allowed, how much is controlled, what can be accessed, etc. etc.) does vary from corporate to retail and between employee roles and departments and from device to device (BYOD v. Apple owned devices).
To facilitate this they use a bit of a patchwork of mainly in-house developed solutions and Jamf MDM services.
A lot of it is pretty well documented in public, The Apple Wiki page[0] on Apple’s internal apps would be a good entry point to go down the rabbit hole, should you be so inclined.
Just keep in mind that a lot of the information on the inner workings of Apple will be perpetually outdated, due to the nature of that information and its reliance on employees leaking information. You’ll find that most publicly available information is about stuff on the retail side, because corporate employees usually are more risk averse when it comes to jeopardizing their job.
0: https://theapplewiki.com/wiki/Apple_Internal_Apps