Ntiva Live: Apple for Business

With Tom Bridge, Apple Principal Product Manager at JumpCloud

Episode Overview

In this episode, we're joined by special guest Tom Bridge, Apple Principal Product Manager at JumpCloud.

Sign Up Today

Complete the form to register for the Ntiva Apple for Business Livestream series. You’ll get an email reminder before each livestream, plus an email with a link to the recording in case you miss any of the live events.

Episode Transcript

Ben Greiner:

Okay. Hi, everyone. Today is Tuesday, June 15th, 2021 live streaming from Chicago. I'm Ben Greiner, Director of Apple Technology at Ntiva. And today our guest is Tom Bridge. Tom is founding producer of the Mac Admins Podcast, which is an excellent podcast, by the way. How long have you done that?

Tom Bridge:

I've worked five years now-

Ben Greiner:

Five years now.

Tom Bridge:

I can't even believe it, but it's been going on for five years and there's plenty of archives. We just released episode 220 just yesterday.

Ben Greiner:

Oh, awesome. Congratulations.

Tom Bridge:

Thank you.

Ben Greiner:

Tom is also the Principal Product Manager focused on the Apple platform at JumpCloud. And we've known each other for years. And most recently spent some time together at Apple X world in Sydney, Australia, which was awesome. I say, recently-

Tom Bridge:

That was incredible.

Ben Greiner:

Yeah. That was 2019, but that was really the last conference I went to.

Tom Bridge:

I think that was the last big Apple one that I went to. I went to a couple of smaller retreats after that, but that was my last big conference. And I miss getting out on the road. I feel like we're taking one of our first tourist road trips this weekend and I'm really looking forward to it. So it better be great.

Ben Greiner:

Yeah. Awesome. Well, today we're going to talk about a directory services, which is a big part of JumpCloud and you're a relatively new role at JumpCloud. Right?

Tom Bridge:

Mm-hmm (affirmative).

Ben Greiner:

I want to find out what is it? Who needs it? What are the benefits? And we're also going to discuss the announcements that came out of WWDC Apple's Worldwide Developers Conference last week. We'll save that till the end.

Tom Bridge:

Oh, sure.

Ben Greiner:

And before we jump into directory services, I wanted to set the stage of where I see directory services and I like, you have been an Apple focused on Apple for many, many years. And first of all, I think it's great that JumpCloud brought you in to speak for the Apple side of the house, if I look at directory services on a scale of you absolutely positively need it. That's where I see windows devices living and on the exact opposite end, you absolutely positively could ignore it. That's where I see traditionally Apple devices living, right?

Tom Bridge:

Sure.

Ben Greiner:

So whenever I go into an organization that's mixed, it's typically more windows leaning. So they're trying to get the apple devices into Active Directory for all the wrong reasons, I feel like. And then I'm trying to introduce what I consider to be a modern directory, which is cloud hosted. And it seems like there's still a lot of trepidation from the windows world around that. So my experience is cloud directory is the future, but I want to hear it from you.

Tom Bridge:

For sure. And here at JumpCloud, we've been directory advocates for almost a decade now. And so if you look at some of the early products that became JumpCloud, they were all focused on, I have this set of data in my Active Directory environment. How do I expose that to other useful things? And of course this is before the advent of ADFS and before the advent of SAML and other things like that. And so we start to see a more modern cloud-based directory come out of JumpCloud based around those things. I want the ability to have one identity everywhere, and I want to have that identity come with a bunch of useful features associated with it.

Tom Bridge:

So whether that's a whole bunch of detail about me, the user or ending up in third-party applications like Google Workspace or Office 365 or connecting to tools like Slack, which use modern federated authentication standards like SAML and SCAMP to do provisioning of users in real time out beyond just my central directory and give that time back to the admin so that you don't have to spend your entire life doing account management tasks and creating yet another username and password for the end user to manage. How about if that was just one identity for everything you do and that's JumpCloud.

Ben Greiner:

And I would imagine that's where Active Directory grew out of the idea that we have this directory everyone's going to tie into it, that's our truth. We're going to connect everything to it. We're going to block things. We're going to allow things. And I think where it breaks down from an Apple perspective, and this is where I want to get your opinion is the windows admins typically assume that because they have all this control within Active Directory on a windows device, that they will also have all of that control on an Apple device. That is simply not the case. Is it?

Tom Bridge:

GPO is that group policy orchestration isn't something that Apple has ever spoken. There was a time where you could do, like, in the back battle, 10, 6, 8 days, you could do some things with like an Active Directory, open directory, magic triangle, I think is what we called it. Or the cylinder of destiny, I think is Joel Renick's term. But the idea that you could translate some settings from GPO into MCX settings from backlash. And that's how organizations started to think about it, but obviously that's not how Apple went. And Apple basically said, yes, cool. We'll let you identify the device. We'll give you a fingerprint of some information about the device, but that's about as far as it goes in modern situation. And obviously Kerberos authentication is part of that environment.

Tom Bridge:

And so you can do domain joins in order to just get Kerberos. But the thing about domains has always been that they're meant for computers that sits still. Do we have computers that sit still anymore? Well, I mean, aside from the pandemic where they've all sat at home but those machines have been far away from the Active Directory primary machines and the domain controllers that really assert themselves over all of that environment. And so at that point, we have these laptops that go everywhere. And of course these iOS devices that don't understand any of this, on the Apple side of things, that mean we need a new way to start thinking about these.

Ben Greiner:

Yeah. And even Microsoft seems to clearly understand that with Azure AD that's a different beast, even though it has similar name tag and AD, Active Directory but it's in the cloud. And yeah, maybe so from a directory standpoint, and this is where I think a lot of smaller businesses, typically Apple focus, they stumble is because they do tend to have a lot of different directories. They may have one at Microsoft. They may have one in their HR software. Traditionally, they would have one even on their Apple server if they had an in-house Apple server. So can you walk us through how a hosted directory the intention is really to have that central directory. Is that right?

Tom Bridge:

That's correct. Yeah. It's intended to be that center object. Now granted, it can take a primary source of trust from like HR systems, which are natural single point of truths for organizations where the employee has a full life cycle within the given resources environment from candidate status, through onboarding, through a long and elegant career building things and then retirement and departure, or termination, unfortunately, and those kinds of situations.

Tom Bridge:

And so essentially allowing a directory to take its cues from an HR IS like Bamboo or Workday, is something that most modern cloud directory services support as well, so that you can do your user provisioning directly from services like JumpCloud, which act as the almost like the cloud Brooke for your identity to other applications and to other environments like Google Workspace or Office 365 through directory sync. And so the idea would be at that point that you've got a way to manage life cycle of your user from onboarding through offboard.

Ben Greiner:

And we got involved in directory services early on because of the appeal of the SAML or SSO integration with different cloud providers, where I think we were frustrated both from our own use and introducing it to clients is at least several years ago, not everyone had that integration or it was like there was a paywall and we weren't large enough to afford the paywall. Has any of that changed? Is it getting better? Will it continue to get better?

Tom Bridge:

I hope it will continue to get better. And I hope that, that kind of user provisioning model will be core to everyone's product and not an additional add-on. And JumpCloud, I mean, as part of our platform, that's something that we include as part of our platform, because we think it's really important for our customers. And our customers tell us that it's important to them. So we're doing our job by listening at that point and making sure that it's part of our core offer.

Ben Greiner:

And could you explain to those listening just exactly what that means when I say, we use JumpCloud, so when we go to JumpCloud and we integrate actually BambooHR is a good example, we also use BambooHR. So if that's integrated with SSO, what does that really mean in your world?

Tom Bridge:

Sure. And so that means at that point that your login for it's a single sign on. That's what SSO stands for. And that, so essentially at that point, it's a federated authentication. And so then at that point, users can exist in one place as the authentication source, and then JumpCloud, it serves as the authentication point for those identities. And so then at that point, when a user goes to login, and if you've ever seen that button that says, "Sign in with Google or sign in with Twitter or sign in with Facebook." They always have-

Ben Greiner:

Or now Apple. Sign in with Apple, it's new.

Tom Bridge:

Or now Apple. Yes. Sign in with Apple. That's a big part of the federated authentication so that we want a way to allow the user to pick their authentication source at that point, but we really want them to pick JumpCloud as that source. And so essentially when I go to Slack and want to log in it will route me back through JumpCloud. And so that I can also make sure that depending on where I'm logging in from whether that's a work device or my personal phone, that I get the authentication experience that my admin wants me to get, which is, when I'm off the corporate network and MFA is always required, or when I'm on a trusted device on a trusted network maybe the authentication requirements are a little bit more relaxed and we can just go with a user and a password in those moments. But the ability for one identity to exist everywhere across an organization is incredibly powerful tool.

Ben Greiner:

Yeah. From an onboarding and offboarding standpoint, if you have to let someone go friendly or unfriendly, they're having the ability to go into in this case JumpCloud and kill that account. So essentially every account it's linked to, is now inaccessible for that individual. Correct?

Tom Bridge:

Correct. And to have that ability to spend a user. And so, essentially saying, all right, four o'clock on your last day, you know what, it's been a pleasure working with you. Thanks. It's been fun. We're going to hit the suspend button on all of your accounts. Everybody's logged out from that account at that time. And future login attempts will fail, even if you have a valid password and a valid MFA, because the directory knows at that point that you are no longer to log in. And so essentially whether you're using our directory connectors to Office 365 or our Google Workspace or our SSO connections to those same services the user will be locked out of their account at that time.

Tom Bridge:

The account will not be destroyed. The account will stay behind because sometimes you need people's accounts to stay behind either legal hold purposes, document retention purposes, any number of good reasons for that information, not to just vanish from the face of the earth, but the user just goes into suspended status at that time until such time, as you've finally gone through all of their data, all of their items. And at that point you can remove the user permanently.

Ben Greiner:

And the flip side the onboarding. Could you walk through how that works in a JumpCloud world?

Tom Bridge:

For sure. So, when we have an onboarding cycle, we know some things about those people when they come to work for us, whether that's, hey, I'm going to have an engineer and that engineer is going to need Slack and GitHub, and they're going to need BS code, and they're going to need Office 365. You can scope applications to user groups. So that at that point, any user in that group gets access to GitHub enterprise or any user in that group gets access to Slack, Google Workspace, all sorts of things. So that essentially when you assign a user group, they get all of the applications that are associated with that. So in the event that the connector supports what's called just-in-time provisioning-

Ben Greiner:

Yeah. I was going to ask you about that just in time. That's another level of this application.

Tom Bridge:

That's another level of it. And so, if the service provider supports the concept of just-in-time provisioning and here, I think a great example is like Zoom. And so you want somebody to have a professional Zoom account when they joined the company based on their group membership, they could be assigned to Zoom. And the first time they go to login, it will create their account for them because they know that you're coming from an account with your domain. And so you've claimed that domain at the service provider and all of the locations will flow directly from the single sign-on provider in this case, JumpCloud. And when they go to complete that sign in on the first time, they'll say I'm a new user.

Tom Bridge:

And then draw data directly from your directory, including their first name, their last name, their title, their department, more information like their workspace. So that essentially, if they're getting a phone number for, if they're using Zoom for phones, they can get a local phone number based on their work location. Those are all the kinds of things that single sign-on applications can do by providing metadata, along with a username, which is what SAML provides that all of that data is then present for the other side to use and focus on.

Ben Greiner:

And I remember the early days of SSO, it was a little nerve wracking because once you found that your domain to that application, if it wasn't done correctly, you could get locked out. I think it's gotten a lot easier-

Tom Bridge:

It has. And service providers have also gotten smart about this. And so I think two examples that I love are Google and Slack. Google basically says you can't SAML authenticate your super admins. And super admins will always use a user, a password, and a multifactor, and Slack is the same way your workspace owners will only ever authenticate using usernames and passwords. And it's another good reason for those usernames and passwords to be long and difficult. And then certain password managers where people can access them if they need to in an audited way. At that point, they don't have to access them on the regular.

Ben Greiner:

And I think there are also some providers that allow you to turn on SSO, and once you're confident with it, then you can disable username and passwords. You don't have to it right away.

Tom Bridge:

Yeah. That's right. Dropbox is a great example of that. They have their three flags are off, optional and on. And so essentially you can provide an SSO experience so that users can log in from a user portal and just do a click a button and be logged in, or they can still log in with their username and their password.

Ben Greiner:

Now, the other thing that just in time provisioning, I think this goes back maybe before, once again, the rough edges were smoothed out, but I remember there were some situations where a client did not want, say everyone to have a Zoom account. Not everyone needs a Zoom account. And Zoom is not the example here, but I seem to recall it was all or nothing at one point that's no longer the case, right? You can-

Tom Bridge:

Yeah. That's no longer the case. And so there are some things that you can do, and you can say, cool, I want to SSO on for this account, but I don't want to use the just-in-time provisioning feature and it also comes down to all of the different relationships that you have with different vendors. Because yeah, I know with Zoom, you buy a fixed number of licenses. And so when you run out of licenses, you can't create workouts until you have some more licenses. But whereas Slack, we'll just keep adding users until the cows come home. Because they see that as the clear revenue stream at that point that, that being sticky and requires them to be frictionless at that time.

Ben Greiner:

And JumpCloud has a feature, which I hope maybe I was a part of getting through, I pushed for years for it, and then they finally introduced it. And that's Bookmarks. So don't know if you're familiar with Bookmarks, but it sounds like you are. So I was frustrated that because not every application supports SSO, but I wanted, especially a new hire to be able to go to that single pane of glass, so to speak and say, well, here are all the apps we use.

Tom Bridge:

That's right. And so, if you have an application that's not single sign-on, but you still want to Bookmark the login page for people to go to. They can get that link directly in their JumpCloud portal and click through, and then either to use the forget password tool to get a new credential or have that login page always available to them at their JumpCloud portal. So that there's one, like you said, single pane of glass for all of the applications or companies who uses today.

Ben Greiner:

And we use a lot today. Right?

Tom Bridge:

Indeed.

Ben Greiner:

We just growing. So I use it as a nice clean Bookmark interface to just know even if there's no SSO integration, it's like, oh, yeah, that's the website. I've even used it for websites in some cases that don't require a login just because I can never remember them and I keep losing them. So I just put them into JumpCloud and I can go in and get them. So maybe you can talk about, I know you're not the sales guy at JumpCloud, but maybe you can help distinguish how does JumpCloud really differentiate itself from the likes of Okta, OneLogin, even Azure AD, those are competitors in a way. Right?

Tom Bridge:

They are. They're competitors, and they're also customers that we use both. And so, you might have a workflow that, our radius plod radius product is very well thought of. And so we may run into customers where they use Okta, but Okta really does not have a good cloud radius implementation. And so if your network really requires good 802.1x radius authentication, you can do that directly in JumpCloud today. The other thing that JumpCloud does that Okta and OneLogin and Azure ID definitely do not do today is that they're not mobile devices [directors 00:19:49].

Tom Bridge:

They're also not workstation based tools. So at that point, JumpCloud can also have a presence on your device. And today we support devices for MacOS, Windows, Linux, across a number of distributions, both within the windows world in it Linux. You get the ability to have some presence and get some device insights information directly from a route agent running on a Mac, a Windows device, or a Linux device. And that will be staple information around what applications are installed. What's the network status of this devices at the time being? Pulled me a whole bunch of useful information off of this device and present it to me. And that's a great way thing that JumpCloud can do that Okta can't touch, which is essentially have a presence on the device.

Ben Greiner:

Yeah. And I will say for those clients listening in, if you already work with Ntiva, we have you covered on the MDM side with a much more robust MDM. This is more, I think it's fair to say a light touch MDM, what would you say? Yeah.

Tom Bridge:

Correct. I would say, we're really only in MDM because Apple Munis be an MDM for certain things. And so, if you have need of a full featured MDM, Ntiva has definitely got you covered today. And the JumpCloud option is there because we had to do it for some things. And we felt that we couldn't let go of that feature.

Ben Greiner:

Yeah. And if you don't have an MDM, then it's certainly better than nothing. And-

Tom Bridge:

Definitely, better than nothing. Way better than nothing.

Ben Greiner:

It's a good place to start. And in fact, speaking of getting started, JumpCloud still offers, I think the first 10 accounts free.

Tom Bridge:

10 accounts and 10 devices free forever. So it's not just the time game to trial. It's just go and check us out. You can hook us up to as many applications as you want to hook us up to, if you're a small business of five or 10 people and you don't have growth plan right away, jump in today and really dive in, take a look around, connect a few applications. Connected device or two, and see what you can see. Because at that point, JumpCloud offers you the ability to grow your business by taking some of that IT load off of the owner, because really, generally speaking, in my experience, if you've got a business of 10 or less, the owner's probably still billing out computers and they're probably still setting them up for you. And they're probably still doing some of those tasks.

Tom Bridge:

Let's take that off your plate and help you put together accounts. So that Google, you've got OneLogin, that's your JumpCloud login next to Google. And it connects to Office 365 and then it connects to whatever SAML applications you're using today, Slack, Zoom, all of those great workspace, enabling tools that allow small teams to really operate effective. And today you can do that free with JumpCloud and connect those things together for free.

Ben Greiner:

Yeah. And we I want to share a quick story because, well, we used to use a OneLogin and this is going back, I think before JumpCloud, at least before I was aware of JumpCloud, we use OneLogin, and we also tried to use Azure AD. Now this is before we joined Ntiva, we did not have the deep bench of Office 365 experts that Ntiva has, and frankly, Azure AD was overwhelming. It's like, I cannot figure this out. It works, doesn't work. I don't know why, forget it. We went to OneLogin but then we were struggling with OneLogin because I think they had grown to the point where we couldn't get... It didn't feel like they were serving our needs. And then we discovered JumpCloud and a quick story, we ran into clients.

Ben Greiner:

They were a prospect at the time, who had a very strong mix of Mac and PCs. And their PCs were heavily tied into Active Directory, not just an Active Directory on-prem, but it was like Active Directory on-prem, tied to the cloud, tied to multiple clouds. It was complex. And I wanted them to feel comfortable and I wanted the windows texts to feel comfortable moving to a platform. And I was surprised some of the people we talked to at the time the other not JumpCloud, the other companies they really were focused on, oh, yes, we can tie into your Active Directory. We can tie into your Active Directory. And I said, well, I want to replace Active Directory. And at least the salespeople at the time were not really thinking that way.

Ben Greiner:

JumpCloud was the only one that said with confidence. Yes, we can replace Active Directory-

Tom Bridge:

And we absolutely can.

Ben Greiner:

Yeah. And I'm not saying those other companies can't, they just weren't thinking that way and they weren't approaching it that way. And that's what I liked about JumpCloud. So JumpCloud did help us very easily replace this complex Active Directory with JumpCloud. And it works on Mac and Windows and it's got a great interface. And it's even better now that you're part of the team. So even more Apple friendly, but not to say they were Apple friendly to begin with. So yeah, I love the JumpCloud, I think if anyone has questions, if you haven't yet adopted a cloud directory service talk to us, talk to JumpCloud if you already using Ntiva, definitely talk to us.

Ben Greiner:

Or if you're frustrated by whatever product you're currently using, let's see if we can fix that, or if it makes sense to evaluate JumpCloud. I would say today from what I'm seeing, we've narrowed it down to Azure AD and JumpCloud. And I think JumpCloud is a nicer interface and gives us more flexibility, but we know Azure AD is, is deeply entrenched in some of these organizations. So it's not going away.

Tom Bridge:

For sure. And that has been one of the focuses for us is to build a better experience for people managing the problem. There's no question that Azure AD does everything. The only problem is that yes, in the interface they have to account for everything. And sometimes that just means yet another item, get another button, yet another menu, get another-

Ben Greiner:

Yeah.

Tom Bridge:

We're trying to build a more holistic framework for all of those things. And I think we deliver on that process pretty well.

Ben Greiner:

Well, we're almost at the end of our time, but I did want to get to WWDC and we can go over a little bit and if you guys want to stick around and if I haven't answered or if I've missed any questions, ping me again. Let me check my questions, chat and make sure I haven't missed any. So WWDC there's so much information that Apple threw at us dumped on us video after video. I haven't even gotten through it all. And I'm sure with your podcast, you're maybe a little more motivated to get up to speed. So I wanted to hear from you, if you have to narrow it down to one, maybe two, maybe three of your top.

Tom Bridge:

Well, I was going to say I got three and I'm going to talk about them in order-

Ben Greiner:

Okay. Great. I'm going to write them down.

Tom Bridge:

And first one's super easy. Erase all contents and settings. So the ability of a macOS device to act like an iOS device, essentially at the completion of a user's term, right now they're restoring that device to feel ready again, like it's a process that's longer than it should be.

Ben Greiner:

Yeah. With special key commands and yeah-

Tom Bridge:

Of course. And network access and all sorts of things, it's painful. But if I just want to return the machine, take out the user, take out any apps that they left behind and just return it to the setup assistant. Now that's a five minute process with erase all contents and settings and macOS Monterey, really excited for that. And it can-

Ben Greiner:

I didn't even know about that. I did not know.

Tom Bridge:

I am so excited for this one. This was the, one of the things where I was like, eating the popcorn and like clapping and hooting and hollering as I watched the keynote. And I was like, yes, this good. The other thing that we get is for the very first time we're going to get what's called declarative management for iOS. iOS user enrollments are going to be able to benefit from declarative management where all of the management actions on the device will be taken on device. And you'll be able to describe, or one could even say declare a managed condition for the device. So the device must be running this version of iOS.

Tom Bridge:

It must have these profiles installed, and here's where you get them dropped, and then, and only then can you deliver these five applications. So declarative management, it seems to be a more staple management technique that we're going to get first for one very narrow user enrollment, which has BYOD, for mobile device management. So I'm excited about that and I'm excited to see that spread. And to get more information on that-

Ben Greiner:

So just to confirm, I think I understand this. It means that if I bring my own device into an organization and I put this profile on, it's going to say, "You can have access to company data only if you meet this criteria." And by the way, I noticed you're missing one of those things. So you have to fix it before this is going to work.

Tom Bridge:

That's correct. And so essentially, that's the challenge with mobile device management commands and profiles is that if the device misses one, it might not be as secure as you'd want it to be in order to enable a specific application. And so at that point until the device meets that criteria it will not act on the other application information. So there's some exciting things coming down here. It's not going to be a very widespread part of iOS 15 or even a widespread of the macOS platform at all, at this time. So-

Ben Greiner:

I thought there was another name for that. Maybe it was a Microsoft term for requiring certain aspects. Maybe it was an intune-

Tom Bridge:

Conditional management. It's [inaudible 00:29:52] part of-

Ben Greiner:

Conditional access. Yes. That's what I was thinking.

Tom Bridge:

That's right. Conditional access is part of the intune framework for all of this. And this is a way to do this on device instead of via MDM [inaudible 00:30:05]. So I'm really excited to get a look at what that's going to mean in the long run. This will also require managed Apple IDs and a bunch of other things. This is going to be a very narrow part of iOS 15, but it shows good thinking and will allow them to bring that management technique to systems in the future. And I'm really excited about that. So I would say those are my two big tent poles. I would say the other one that's really interesting are changes to user enrollments. That's more IdP focused.

Tom Bridge:

So as an IdP, I'm really excited about a new IdP focus for user enrollment. So that periodically, users laugh to reauthenticate with the mobile device manager in order to keep their settings and applications. So that at that point, you can make sure that the people who had that BYOD profile on their device still work for you, which is really important for seasonal workers or organizations where turnover is high.

Ben Greiner:

And just to clarify, IdP, identity provider? That's the term?

Tom Bridge:

Correct. Yes.

Ben Greiner:

Okay. And so today, if I log in with identity provider, that's tied to my device, it's pretty much when I restart and log in. So you'll say now-

Tom Bridge:

[inaudible 00:31:18] not even then. So like with an iOS device, your passcode has never disclosed. So this is really the only time that you would ever do this would be during enrollment cycles. And if you forgot to deactivate somebody they would stay on there forever, but if you just suspended their user, it might not remove the management profile from a device that was coming down. And so at that point, you can essentially make a check every 90 days to make sure they still have a viable sign into your identity system before they grant further access to the devices, private business responses.

Ben Greiner:

Okay. I see. Well, yeah, that sounds awesome. And I was intrigued by the driver's license on your iPhone. I mean, I have wanted for years to not have to carry my wallet around and we're getting closer and closer to that point. I think immediately after Apple announced that they were privacy people filing lawsuits or something to stop it, but I just wonder, do they understand that this is encrypted on device? Like, I don't-

Tom Bridge:

Well, I think my concern is, do I have to unlock the device before I hand it over, or is this a place where the device is locked, but I'm just locked into this ID screen. And that's my hope is from all of this that, because that's the last thing I to do even as a law abiding standard American citizen. I don't want to hand over my unlocked iOS device to the authorities if I don't have to. And especially if I'm just trying to prove who I am. I mean, my wallet is small. You can see it's very thin these days because they're really all I need to carry in there is my driver's license and a credit card.

Tom Bridge:

I would love to just be able to carry this and stuff. And so, at that point, be able to have a digital representation of my identity that can then be presented in that state, but then I don't have to unlock my phone entirely to pass that along. So I will be very interested to see where that develops and goes. If I don't have to fully unlock my phone just to unlock a driver's license, I'm really excited about that.

Ben Greiner:

Yeah. It's there it's early days for that and we'll learn more-

Tom Bridge:

Agreed.

Ben Greiner:

But the other thing that I have been wanting for awhile is legacy contacts this idea that if something happens to me, I could allow my wife to take over ownership of my accounts. I think we're going to see a lot more of that in the future.

Tom Bridge:

Yeah. And as someone who has had to help in those circumstances it's always tough and it would be easier for the families involved here, if there was a way to do this. And so I'm very excited about legacy context coming out. Recovery contacts can also be done as part of this as well, so that you can set a recovery context so that if my phone sank to the bottom of the Potomac on a river cruise and I no longer had a way to authenticate, then I had my recovery phone number, for example, I would want to be able to pass that information off to my partner and have them handle that kind of thing.

Tom Bridge:

So that's an exciting development there. I think one of the other really cool features that I thought was awesome was universal control, which is for those of us who have an iPad sitting right here next to our laptop, to be able to open that up and be able to essentially use one keyboard and mouse to control, not just the Mac in front of me, but the iPad next to me, and just treat it as one seamless desktop without having to set up sidecar for example. I thought that, that demonstration with magic and I am ready to see it in action. I don't think it's in the first phase, but I'm looking forward to seeing it later in the cycle. And the ability to drag and drop files that way, the ability to move your cursor and a keyboard and control things that way is just exciting. And-

Ben Greiner:

It is like magic. Someone said is it witchcraft? Or it is witchcraft. I don't know. But yeah, it to see that demo, it's like, I mean, I'm pretty sure it uses your iCloud account. Like you have to have an iCloud account-

Tom Bridge:

Yeah. It's handoff feature.

Ben Greiner:

Yeah. But it does look like magic. It looks really amazing and I'm sure it'll be fantastic until it doesn't work. And there'll be super frustrating to figure out why, which is today when handoff doesn't work and normally it does, but when it doesn't work, I get a little frustrated.

Tom Bridge:

I will say it has gotten a lot better handoff used to be a lot flakier than it is now. So I'm excited to see that if there's extra improvements that come along with that. I'm excited to see what they are and the ability to do control surface information as well as file transfer as well as... And it also works with Macs as well. So you can have your Mac and an iMac next to you and an iPad next to you. You can be connected on both sides of your screen at that point.

Ben Greiner:

I wonder what the limit is? Could I have a wall of old iPhones?

Tom Bridge:

Three.

Ben Greiner:

Okay. Now I can't.

Tom Bridge:

It's three right now. And so maybe at some point that would be neat. And to be able to like, have a set of test suite of iOS devices. Yeah. That'd be cool.

Ben Greiner:

Yeah. There's so many things. I know a lot of this doesn't apply to business, but they're just, I think interesting things that pushes forward and it's Apple's always trying to innovate and they always get both propped up and slapped down for it. But that's what happens when you try to innovate some people get it. Some people don't, some things work, some things don't, but super exciting times. I mean, I feel like in all the years, this seems like so much, there's so many things with iOS 15 and macOS Monterey that are coming out. I don't know if this... Maybe it's just because we've been sitting in a pandemic for the past year and now we're like, oh, my God, this is so cool because they always put out a lot of information WWDC-

Tom Bridge:

For sure.

Ben Greiner:

I'm super excited. And now it's just a matter of getting, when will we see this stuff, but it won't be until the Fall.

Tom Bridge:

It's the fall. So, I mean, Apple generally releases iOS first and macOS to follow up. Late September, early October is generally the timeframe we start to look at for this. Obviously Apple doesn't comment on their launch days or [inaudible 00:37:39].

Ben Greiner:

No. They don't.

Tom Bridge:

So we hope to see that in those timeframes and obviously we're working hard on testing every part of our products to make sure that they're ready. And so like, I have a detailed test plan for Monterrey, but I'm working through now for JumpCloud products and that the login window and elsewhere within the environment so that you can extend your JumpCloud ID straight down to a macOS Monterey device on launch day. That's what we're excited about. So we're working hard on that and I'm a really excited to see these features in the field. I think this is going to be a great release year. And there's a lot to like.

Ben Greiner:

Yeah. I mean, whenever I see an application and I just one the other day and it was VPN related, I installed it and it said, "Warning, this app may break in future versions of macOS 10. That's just a clear sign that, that developer does not really prioritize macOS and that's what you're doing. And so be wary of any app that does that, or fails to embrace it because Apple does put out betas now. It's not like the old days of Steve Jobs, but we didn't know what was coming down the pipe until it just showed up on our doorstep. They put out betas, they allowed the developers to get early access. And if someone wants to embrace the Apple platform, the tools are there, I mean.

Tom Bridge:

For sure. And everybody out there, Ben's part of this great program called Appleseed, so am I, where corporations get access to this kind of stuff for special feedback channels around enterprise issues. So, anybody worth their salt is doing that work today providing feedback during the beta cycle and ready for releases as it happens.

Ben Greiner:

Yeah. And that's also given us more confidence to be more aggressive in our upgrading of the operating system. Historically, when Apple had dumped out on the door with absolutely no warning or access, it was a scary time, especially when they made it free, because it was so disruptive. We had people downloading iOS upgrades and breaking workflows, and then calling us and saying, can you fix it? And they're like no, we have to wait for Adobe, or we have to wait for Apple or somebody to fix it. But now it's getting much easier. And the developers like Adobe who are more serious about this, get things working.

Ben Greiner:

And that's why I like working with partners, like JumpCloud who understand the Apple platform, Apple is different and needs to be treated slightly differently, than Windows don't try to shoehorn an Apple device into a Windows workflow. So-

Tom Bridge:

That's exactly it.

Ben Greiner:

Yeah. And with that, I know we went over, but I think it was worth it to get your thoughts. Thank you, Tom. When's your next, well, not when's your next podcast, but anyone can go to Apple podcast and-

Tom Bridge:

That's right. We're available wherever you find your podcasts today. You can search for the Mac Admins Podcast. It's three words. You can find us @podcastonmacadmins.org as well. And of course for JumpCloud come check us out. You can go to jumpcloud.com. We have a big button on the home page that says, try it free. And we really, really mean it. It's free up to 10 users and 10 devices.

Ben Greiner:

Yeah. Well, thank you very much, Tom. I really appreciate your time and I'm sure we'll talk soon. Hopefully one day [inaudible 00:40:54].

Tom Bridge:

Absolutely.

Ben Greiner:

Face-to-face.

Tom Bridge:

I am looking forward to it. Thank you so much, Ben.

About the Ntiva Apple for Business Livestream

Ntiva’s Ben Greiner hosts the Ntiva Apple for Business livestream every other Tuesday from 12:00 to 12:30pm CT. These live events, presented by the Ntiva team of Apple experts, are sharply focused, easily digestible, and cover topics including the latest Apple/macOS/iOS technology updates, cybersecurity, data privacy, MDM and BYOD policies, and more! We take questions from the audience and share what's working—and not working—for us and others in the industry.

VIEW MORE LIVESTREAMS