Ntiva Live: Apple for Business

Cost Effective App Distribution

Episode Overview

Join Ben and Ross for a chat about cost effective methods to distribute apps in your organization. We'll also cover recent Apple news (including those new MacBook Pros!)

Sign Up Today

Complete the form to register for the Ntiva Apple for Business Livestream series. You’ll get an email reminder before each livestream, plus an email with a link to the recording in case you miss any of the live events.

Episode Transcript - Cost Effective App Distribution

Hi everyone. Today is Tuesday, October 19th, live streaming from Lombard. I'm not in Chicago, I'm in Lombard today. I'm Ben Greiner, director of Apple Technology. And with me is Ross Matsuda, our systems administrator focused on Apple Technology, and today we're going to talk about how to cost effectively distribute apps to your team, but first we have quite a bit of Apple news.

 

Apple News

So I want to jump right into Apple news. I'm going to share my screen. Oh, wait, I forgot. Before we talk about Apple news, I want to do a little bit of a shout-out to ourselves and Microsoft. Earlier in the year, Ross I don't know if you were on this live stream, but you probably saw it. We had Paul Bowden from Microsoft. He's the director of Office for Mac at Microsoft. That includes PowerPoint, Excel, Word.

Ben Greiner:

I feel like there's one more app I'm forgetting. But anyway, during the live stream I had presented to him that one of the frustrations I have, and I've heard from clients, is that when you copy and paste an email address, you get the email address, as I put here "service requests," and you get the email with these little carets. And I feel like I spend half my life deleting carets and deleting the name just so I can get the email address. Because sometimes that's all I need and all I want. I'm filling out forms or, I don't know, it just seems to be something that I need to do. That was earlier in the year. He emailed me last month and said, "it's coming." My feature request is coming to the new version of Outlook for Mac.

Ben Greiner:

And it is now here. It was released last week. Now when you right-click, you can copy as always, that has not changed. But you can also copy address. And when you paste, you just get a nice, simple email address, and I just shared this with the team here at Ntiva, who was mostly Windows, and they said they want that on the Windows side as well. So we'll see what we can do, but I love that new feature.

Ben Greiner:

Okay, let's get right into it. Apple had a big day yesterday where they talked about a lot of things, but we're just going to focus for time's sake on their new Silicon, their M1 Pro and M1 Max, and their MacBook Pros that they announced. And Apple talked about how they are now one year into their two-year move from Intel chips to Apple Silicon. And Ross, I thought they were more than a year in, I would've guessed a year and a half, but they did say they're a year in.

Ross Matsuda:

I feel like we just spent so much time since the announcement that Apple was shifting to their own processors, I'm sure happened ages before the first Mac actually released. So this has been on our radar for a good long time.

Ben Greiner:

Yeah. And when I look at the Apple Store now, I do not see anything but M1's for notebooks.

Ross Matsuda:

Correct. Yes. If you're in a situation where an organization needs to procure Intel devices, you're probably going to have to go with the third party reseller.

Ben Greiner:

Yeah. Whatever's left on the shelf. Whatever's left in stock or you're going to have to turn to an iMac. They still have iMac's with Intel, I believe. Even though they offer an M1, I think they still sell an Intel iMac. We should verify. Maybe you can verify that while I continue to talk.

Ross Matsuda:

Yeah.

Ben Greiner:

But basically what Apple's done is they've gone with their entry-level machines, converted those from Intel to M1 and then they've worked their way up. And just to give you... Another prompt reminder, October 25th, they didn't mention this, but they announced it after. And Ross, do you want to share what October 25th is? That's Monday.

 

MacOS Monterey

Ross Matsuda:

Yes. Sorry. Multiple windows up. And yes, the 27-inch Intel iMac is still available for purchase. And yeah on the 25th, we've gotten Monterey, macOS Monterey is dropping. If your office is being supported by Ntiva and in Addigy, if we've got you in that system, we're going to have that operating system blocked day one, just to prevent accidental upgrades, or if anyone gets a little trigger happy when they see the available software upgrade out. But if you normally, we recommend waiting at least until the 0.1 update. So they'll Apple launch 12.0 0.1, I believe is the current GM candidate. And we're expecting once 12.1 drops that'll take care of any lingering bugs or concerns. And then we'll start really wanting to vet offices to make sure that you're ready to go to be safely upgraded.

Ben Greiner:

Right, and you've been testing this, as soon as it's released on Monday, we're going to as aggressively as we can test it internally. And then really our goal is to make this available to clients much sooner than any operating system previously, because there's so much pressure on everyone today for security reasons to have the most up-to-date operating system. The most up-to-date is the most secure. And really, I think you and I have talked about this Ross, this operating system that Apple's releasing on Monday, it's not as big of a game-changer as some of the past operating systems. It's more of a tweak of Big Sur. Is that fair to say?

Ross Matsuda:

Absolutely. So the jump from Catalina to Big Sur was really large. There were a lot of big architectural changes. There were a lot of things that software developers had to sort of scramble to resolve, especially if they weren't beta testing or they weren't engaged in... If they said, "no we're not going to update our software until the final version is released." And thankfully over the last year, you know, companies have been stepping up their game and finishing getting their things compatible.

Ross Matsuda:

It looks like the jump to Monterey is not going to be nearly as disruptive. In my beta testing as I've been going, things have been remarkably stable. A lot of software is working right off the bat and a lot of developers are currently in their own beta programs and releasing patches that will take advantage of it, and a lot of things to keep running. There are of course always some stragglers, and so if you have questions about compatibility, please reach out.

Ross Matsuda:

But the others, there's enough exciting things about Monterey that are under the hood that don't drastically change how your third-party software needs to be written. That's really encouraging to us, so we're hoping that we'll see some really positive things out of that, and as Ben mentioned, I'm definitely hoping for a much more rapid adoption then for Big Sur.

Ben Greiner:

And as much as you maybe have had great luck in the past upgrading, I always caution don't rush into this on day one, not on Monday. I mean, if you have a spare machine, a machine that you don't need to work on, then certainly go take that machine and upgrade it. But if you need to get work done, let other people test it out. Let other people like us find out what's working and not working, and even in large offices or offices of any sides really, let's have a test machine in your environment with your apps, making sure everything's working before you expand that out to everyone else. So October 25th Monday, that's coming. We're going to do our... We're going to have a blocker in place so that if anyone tries to run it, it will not allow them to, but if you need a machine or have a machine that you plan to test with and you need that blocker released, contact us.

 

M1 Pro vs M1 Max

Ben Greiner:

Okay. One of the things getting back to a presentation here, I went too far. Let me go back. Okay. So Apple had one of the... Had this slide up during their presentation where they talked about CPU performance versus power. They had a few of the few others up as well, and of course I don't know exactly how they built this chart, it's kind of a high level view of power consumption and raw performance of the machine. And what I wanted to find out is how does that relate to me in the world that I live in. So I do know the benchmark score for my computer, which is an Intel Macbook pro from 2019. So it's less than three years old, it's under warranty. And then, I know the benchmark scores for Apple's M1 Notebooks. And Ross has an M1 notebook that he uses for testing, not for day-to-day use, but for testing.

Ben Greiner:

And when I calculated the benchmark score of the M1 notebook to my Intel machine, I got...get back. Okay. I got once again, you got to be patient with the clicks. Okay, I got this line here. So my Intel is about the raw power of performance, sorry. Raw performance is about 57% of an M1. Now it doesn't mean every single app is going to be, half as fast on mine or twice as fast on an M1. But in running these benchmark scores, which kind of give us an idea of the raw power of an app or of a computer, if the app is optimized for that computer, then it gives you something as a guide. And so this is... The reason I wanted to show this and share this, and if I could stop switching slides is, when Apple shows us M1 pro and M1 max, of course my natural reaction is, oh my God, this is what I want.

Ben Greiner:

This M1 is not good enough for me. I can't... I will not tolerate that, but really this is what I'm working on today. And power, speed. It's all relative. So my view and Ross, chime in here, but my view is for most day-to-day use, office use business use, an M1 of any kind is going to be perfectly fine for most people. But if you are a creative, you should definitely consider the M1 pro as a starting point. And if you're doing video or high end graphics work, development work, you want to go with the M1 Max and what's one last comment, and I'll let you chime in Ross. It's funny, the M1 we're like, "oh, it can only support one external display." That sounds very limiting. And then with the pro, I don't know if it was the pro or the max or both, but Apple showed like three displays and an HDTV connected to one of these things.

Ross Matsuda:

Yeah, there's... It's a lot. In the past we've always been really hesitant. Apple has had a history, especially later into the Intel line of releasing devices that were, I would consider very much on the lower end of performance, just to be able to say, "Hey, you can jump into the platform with a Mac mini it's only 499, and if you're picking up one of those machines, you were probably going to have a really bad time with it. It's technically a Mac, it can technically run. But back in the day, that meant four gigs of rams, spinning disc hard drive, it was rough.

Ben Greiner:

Yeah. Do you remember the original Macbook Air? It was like, it was so cool and so light and thin, but it was like hamster wheel slow.

Ross Matsuda:

Fun fact. It used the same hard drive brackets as the iPod classics. So disassembling those was a joy, but all that to say, with the jump to Apple Silicon, the relative performance of machines, even what we would now consider like the base level machines, right? The lower end ones. It's really impressive. It's really solid. So you can get a lot of work done on those less expensive Macs and for quality of life purposes, depending on your workflow and what your team does, having the availability of these 14 and 16 inch MacBook pros, definitely something to take a look at. But just like Ben said, if you've got users who are using the office suite, web browsing, that's pretty much all their job requires be aware of the possibility that, that a 13 inch MacBook pro or the MacBook Air lines may meet your needs.

Ben Greiner:

Yeah. I mean, the M1 definitely meets my needs. You know, I need one external display and I do mostly web and email, maybe some keynote presentations, but yeah, if I were in the graphics world, I would certainly start at the M1 pro and then if you're power hungry and definitely if you're a video editor, then some of the examples they showed with video editing in real time with the M1 max was very impressive. Okay.

 

Cost Effective App Distribution

Ben Greiner:

So let's move on to today's topic, which is how to actively, cost-effectively sorry I'm blocking my own slides. Cost-effectively distribute apps to your team, and the reason I wanted to talk about this is, it's more complex than a lot of people think about. I mean, and that's why they have problems. So I wanted to just really high-level talk through how we recommend doing it, because we see this across many organizations, big and small enterprise, small business, small teams, large teams, and it all comes down to, yes, you got to have a plan.

Ben Greiner:

You know, I was thinking more about this Ross and back in the day before Apple really took off, we didn't have a lot of app options. Windows had all the fun, we just had whatever was left. Like we didn't have any options, and Apple really took off. They built the app store. People got interested and invested in the Mac and we... It became overwhelming to be honest with you, there's so many options now, especially on the M1 max, you can now run all the iOS and iPad apps on your M1 Mac. So, so many options, almost too many options. And now I feel like because of security, we're starting to reevaluate those options and say, "You know what, maybe we should just start over. So clean slate, build it back up. What do we need to run our business?"

Ben Greiner:

So you got to have a plan and you definitely want to test. And Ross, how many times have we had clients? They call us, they have problems, and it's because they just installed an app. They don't know... There's no thought given to it. There was no planning, there's no testing. They just install an app and the app is not playing well and it's in their environment or in their workflow, and it's causing problems and downtime and frustrations.

Ben Greiner:

Periodic audits. I can't stress this enough. A lot of teams I see, maybe they have a plan, maybe they do testing, maybe they implement and they think they're done. The problem is things in the technology are constantly changing. The apps are changing, the hardware is changing, the operating systems changing, your workflow might be changing based on the needs of your organization. The pandemic changed a lot of how we work. So sometimes you have to reevaluate the software that you're distributing and using in order to make changes.

Ben Greiner:

And I added a fourth option. I was hesitant to add the fourth option or the fourth line item, but basically limit options. Like don't give your team the ability to just do whatever they want with apps. I know that sounds a little controlling, and that's why I didn't really want to put it on here, but I think it's a good idea to stress that this is how we distribute apps. This is how we buy them, distribute them, delete them, lock them down, secure them, and if you don't have that plan, then it's pretty much what they call shadow IT, or the wild west. There are things going on in your environment that you don't know about, if you don't take control of it.

Ben Greiner:

So really when we say limit options, in a perfect world, and this world is achievable, there are really three ways to acquire and distribute apps. Well distribute apps. Acquiring is a little more complex, but let's go through these three options at a high level, then we'll dig a little deeper into them. So three options, there we go. Silent installs, self-service and Apps and Books. So let's start with silent installs. What do I mean by that Ross, when I say silent installs?

Ross Matsuda:

Oh, this is probably one of the most common things that we get requests for from our clients, and that's they say, "all right, every computer that we manage, everyone needs a copy of Google Chrome." Great. Then what we'll do is we'll source the installer package, and this is an important distinction. We're not talking about Apps and Books yet. This would be go to a website, download an installer for Chrome.

Ross Matsuda:

We'll get a piece of automation built that we can then apply to these computers, and it'll take a look, it'll see if the app is installed yet, it'll see what version the app is, and if it is an older version or the app's not there, Addigy will just sort of push that on, it doesn't interrupt the user, and then the next time the user hops into their applications folder, there it is ready to go for them, no interaction required. This is a great way to make sure that your team has access to a certain group of applications, or even maybe just one app if that's all you need, without having to go out and seek it, it's just there, as soon as it's enrolled, it'll be put on the machine and now don't need to worry about it.

Ben Greiner:

Yeah. So if we determine that your team needs an app that nobody has, or only a few people have, then there are advantages to doing the silent install where you basically communicate to them that there's an app that's coming, it'll be delivered, let's just say by the end of the week, something like that and give them a timeframe. It gets installed. It's accessible to them. And because we planned it, because we've tested it, it will work. Otherwise you're going to rely on your team to install apps. They may or may not have admin credentials to do so. They may get the wrong version. You may have people running different versions, and then a lot of times that's not a problem, but often times it can be, especially in collaborative work environments where you have to be on the same version of an app.

Ben Greiner:

Okay so silent installs, it'll overlap a little bit with the next slide, but the next slide is about self-service and self-service is an app that, that is called Mac manage by the MDM that we use. Addigy is the MDM we use. We mentioned the previous slide that they have a self-service app. And self-services is as the name implies, is an app that allows your team to self-serve and get the apps that are already tested and approved for your environment.

Ben Greiner:

Sometimes we get the question, well why can't we just silently install all things and not rely on self service? And in my experience; one, because the internet is different everywhere, we can't just silently install every single app. Like you can imagine Adobe creative suite is an example, and I don't know if you have a better example, Ross, but Adobe creative suite is as big as it gets, or one of the biggest as a suite of apps. And rather than try to install that silently, especially immediately upon enrollment or out of the box, you might want to do that later, and so here's a place where you can do that later. Also in our understanding and research, it gives people some of ownership and empowerment when they are actually able to do some of these things, even if you've locked down the computer for security reasons. And that's another reason why self-service is so powerful. You can run as a standard user, but install, you don't have to be an admin to use self-service to install an app. Anything else you want to add to that? Ross

Ross Matsuda:

Pretty much wraps it up. The most common use case we see for this is either yes, your users are all set to standard accounts. So they won't have the permissions they needed to just install anything from the web, which is usually a pretty great thing. Having our users get more familiar with the Mac manage application is also really great because there's sometimes we'll have remediation scripts, right? We'll have some first aid kind of things that you can run in there as well, and if the user's already aware that it exists, they're familiar with it, they jumped in there because, in this example, oh, I needed to get Skype for business. Great. One click it's installed the next time a need comes up and they say, oh, I need to, you know, change the default mail application that I use.

Ross Matsuda:

Well, wonderful, we've got some scripts in there that'll automatically set it to you for Outlook or Apple mail, and it's just one click and in Mac manage. The other big use case we see is of course, if you've got an app that, maybe only three or four people in your organization need, you don't want it on every machine, but there are some people who are, you know, it's really important to be there while we can build a script to just have it sit, and then for those users that really do need access, communicate with them, just those users get that app. And we don't have to worry about it showing up on 30, 40, 50 Macs that aren't ever going to touch it.

Ben Greiner:

Yeah. That's a good point. And, and is Skype for business still thing, Ross. What, why?

Ross Matsuda:

Weirdly enough yes, but I don't think for very much longer, don't quote me. I was under the impression that was going to be deprecated.

Ben Greiner:

Well, and that's one of those things where we're constantly cleaning out our catalog, updating and cleaning. And I know Skype for business is still hanging on in some aspects, but yeah, I think it's going away. It's being replaced by teams. That's my understanding. So yes, we use self-service for a lot of different things, but app installs is one of them and you can think of it as your curated catalog. So if you see something in your self service that either shouldn't be there or you'd like to see it there, let us know so we can work with you to update your self-service. It is customized based on location.

Ben Greiner:

And let's see the last, too many clicks. I don't know why I'm having trouble with clicks today. Okay so Apps and Books. So Apps and Books is the last of the three options that we would recommend if you really want to take control of your, not just what's on your computer for security reasons on your fleet of computers, but also for a licensing like you don't want to be paying for apps that you don't need to be paying for and this is a diagram from Apple and I'm not going to go into all the details of it because it you can get pretty much into the weeds, but this requires Apple business manager, which we recommend for all of our clients, that's a free Apple account within Apple business manager is a feature called Apps and Books and that connects to a mobile device management system and MDM.

Ben Greiner:

We use Addigy. You'll notice there's also a redemption code option. If you don't have an MDM, we are not going to talk about that because we don't recommend it. We have an MDM let's take full advantage of it. The MDM can assign, basically can purchase Apps and Books, the same Apps and Books that you would see in the app store, we'll get the books in a minute. It's a little different, let's just focus on apps, but it's called Apps and Books. We can take any app in the app store, whether it's paid or free and assign it to a device and that device will get that app and no Apple ID required, right Ross? This is where without Apps and Books, a lot of people get... They stumble.

Ross Matsuda:

Yeah, this is a powerful feature. I feel like at every office I've been to you're always going to find someone's trying to run, oh, now I've got an update to keynote. Whose idea is this? And you try it on the update. It pops up with some email address that you've never seen before. That's because anything downloaded from the apps, from the app store on the Mac, it's going to be tagged with a receipt and that's going to be the id that originally purchased it. In order to update that app, you need to do it with that Apple ID, and the nice thing about being able to work through Apps and Books is just like Ben said, this is user agnostic. This is a device specific asset nation, and so once that app is installed, you can update it from the app store, no extra authentication required, because all of that, the MDM cares about all that Addigy cares about in our situation here is the serial number.

Ross Matsuda:

It makes sure, yep. That's that device, it's allowed to have this, it allows you to push the update through no problem, and so it's a much cleaner method, and in my opinion, its a bit more future-proofed. If you're in a situation where you know that you've got a lot of apps that were downloaded by individual users over the years onto their machines, using their own Apple IDs, definitely reach out. If we don't have you on Apple business manager yet, we can work with you on getting in there and then starting to wrangle this stuff and get it under control.

Ben Greiner:

Yeah, for sure, and what happens is when people don't use a system like this and they rely on essentially personal Apple id's, then even if the app is free, it can cause confusion because that app is tied to that personal Apple ID and if that employee leaves the company, they basically take ownership with them, and now you've got to start over. You got to delete the app, download it again, probably assign it to another personal Apple ID and the cycle continues. Or we've seen clients use the same Apple ID to the point where they get blocked by Apple, because they've used it so many times. Apple's like, what is going on here? I don't understand, and so a red flag, it gets blocked. I've also seen people use an Apple ID, they share it. They don't realize that even though they're using it for free apps, anyone who has the Apple ID and password can go in to the app store and attach a credit card, and now they're buying apps with a credit card that some people... Someone's printing to the printer next to me, just startled me.

Ben Greiner:

So I've even seen in situations where they think, "oh, this is my Apple ID. So I'll put my credit card in," and then somebody else buys something, accidentally using the other person's credit card. So all sorts of confusion happens when you let personal Apple IDs take control of your apps. With this method, that's no longer an issue. You also have the option to assign to a user, and I believe that uses a managed Apple IDs. So once again, you're taking control of the situation. I say, I believe because I haven't finished writing my paper on this, my blog post, which will be coming out next week, and I'll definitely have that nailed down by then, but I'd say we tend to assign to a device.

Ben Greiner:

I don't know that we've done a lot of assigning to a user, but we may see more of that as we take more advantage of managed Apple IDs. I do know with books, it's a little different and also it's a bit of a misnomer because a book, although I think it could be from the Apple's bookstore, is that right?

Ross Matsuda:

I believe this is, this is all hooked into the book store,

Ben Greiner:

Okay, but it can also be a PDF. It can also be like a PDF that you as an organization want to distribute as a book and books are a little different. The... I don't think I shouldn't even go down this road until I understand that more, but I'm pretty sure people would... They own the book. Like you get you, you distributed a book it's kind of theirs. They take it with them.

Ben Greiner:

Which kind of makes sense, if you're distributing PDFs. I haven't tried to distribute a paid book but apps, we've got that under control, and the basic concept is if you don't have a plan for how you purchase and distribute your apps, talk to us so we can help you, and even though Apple and our culture here, it's very much like let's work together and not be controlling, you do kind of have to take control of the situation because there's so many apps out there, there's so many security threats. You don't want people running apps that are not authorized for your organization and that's the whole reason why this was a great topic, and it's 12:30 right on the dot Ross.

Ross Matsuda:

Beautiful.

Ben Greiner:

I don't know if we had any questions or not. I know we had some people join us, or if I missed any questions?

Ross Matsuda:

Final thought on this. One last thing on Apps and Books. This also... One of the nicest things about Apps and Books is that it also allows you to use Apple's app store frameworks for updates. And so we're deploying something like Microsoft remote desktop to your fleet via the app store, via Apps and Books. We can just hit a single toggle that says, there's a new version, just get it, just download and update and it'll take care of itself, and so it does also simplify for some apps, your update strategy. We don't do that for all apps, for example, Keynote which is of course been interesting as they regularly patch and sometimes lock out old operating systems. But for certain applications, it can be really helpful to them.

Ben Greiner:

Yeah. I mean, that's a good point. That's where those personal Apple IDs are causing a real pain because people don't know what the password is or everyone knows what the password is. I mean, that's a problem. So in this situation, they don't need to do anything, it just gets updated and we have more control over that update. So, okay.

Ben Greiner:

Thanks for joining us. We will have more information on Monterrey in two weeks, cause we'll have a week now that it's been released, if all goes as planned and then I should know this, but our next topic, other than talking about Monterey will be going to Apple for business livestream, and it will be an introduction and review of Mac security. So we'll be talking more about security in two weeks. Thanks everyone. Enjoy the rest of your week. Have a good day. Bye.

 

About the Ntiva Apple for Business Livestream

Ntiva’s Ben Greiner hosts the Ntiva Apple for Business livestream every other Tuesday from 12:00 to 12:30pm CT. These live events, presented by the Ntiva team of Apple experts, are sharply focused, easily digestible, and cover topics including the latest Apple/macOS/iOS technology updates, cybersecurity, data privacy, MDM and BYOD policies, and more! We take questions from the audience and share what's working—and not working—for us and others in the industry.

VIEW MORE LIVESTREAMS