Hacker News new | ask | show | jobs
by chrnola 846 days ago
> I bet Apple’s own employee issued macs are managed

I thought so too. The Apple retail employee that gave me the demo of the Vision Pro confirmed this. He said the manager at his store had a Vision Pro and wanted to use it with his Apple-issued Mac, which was managed via MDM.
1 comments
turquoisevar 845 days ago
Apple’s MDM is a bit different. It runs through a SSO service called Apple Connect and Apple encourages employees to use their personal Apple ID to link to it instead of creating a separate Apple ID.

It essentially adds a special entitlement to someone’s Apple ID, similar to how a dev gets App Store Connect access added to their Apple ID when they enroll into the developer program.

This makes it so that every MDM device is logged into the personal Apple ID.

link
chrnola 845 days ago
Oh interesting. Might explain why Apple employees aren’t feeling this same pressure. Do you know if Apple’s MDM is the same for their retail and corporate employees?

Also - I’m not super well versed in MDMs, but they seem to come in two general flavors/deployment strategies: bring-your-own-device (BYOD) and manage a fleet of employer-owned hardware.

In my experience, I’ve only ever seen BYOD policies for employee-owned _smartphones_ (e.g. for access to an intranet mail server). I’ve never worked anywhere that permitted employees to use their own _workstations_.

link
turquoisevar 845 days ago
> Do you know if Apple’s MDM is the same for their retail and corporate employees?

Apple Connect, SSO authentication service, is used by all Apple employees, both corporate and retail.

The actual MDM itself (what is allowed, how much is controlled, what can be accessed, etc. etc.) does vary from corporate to retail and between employee roles and departments and from device to device (BYOD v. Apple owned devices).

To facilitate this they use a bit of a patchwork of mainly in-house developed solutions and Jamf MDM services.

A lot of it is pretty well documented in public, The Apple Wiki page[0] on Apple’s internal apps would be a good entry point to go down the rabbit hole, should you be so inclined.

Just keep in mind that a lot of the information on the inner workings of Apple will be perpetually outdated, due to the nature of that information and its reliance on employees leaking information. You’ll find that most publicly available information is about stuff on the retail side, because corporate employees usually are more risk averse when it comes to jeopardizing their job.

0: https://theapplewiki.com/wiki/Apple_Internal_Apps

link