[thewebguyd]

> The thing about Apple is that as the "IT" guy for my family, its ecosystem is the one which needs the least attention from me.

This is true in business/enterprise IT also. Any big company that's done a switch, or at least offered an employee choice, almost immediately saw a huge drop in help desk workload from mac users.

Legacy win32 apps aside, it's baffling to me that Windows is still the dominant share of computers issued to employees at nearly every non-tech company.

[Drunk_Engineer]

Enterprise Mac still has occasional problems -- mainly due to Microsoft crapware IT departments insist on installing.

[kristianp]

Microsoft or giant piles of poo like crowdstrike?

[mikestorrent]

Crowdstrike is not what is slowing down my Mac. Web pages in Firefox that somehow take up 1GB of RAM are.

[mywittyname]

Por qué no los dos?

[baq]

Ask serious security folks at serious orgs if they can afford to not run crowdstrike regardless of OS.

[michaelt]

Can any serious security folks at serious orgs confirm they can't afford not to run crowdstrike?

[HDBaseT]

We don't deploy Crowdstrike to our Macs. (Small org, 500~ Macs).

[UltraSane]

The alternative it a strict zero trust network design with very internet access only via RDP or similar protocols. Not many companies are willing to do this.

[Suppafly]

Enterprise Mac is a bit of a contradiction because Apple doesn't really make enterprise tools, you still end up joining them to a windows network and using windows file sharing and printing.

[duckmysick]

What's the proper way of managing Mac endpoints?

[thewebguyd]

Any modern MDM like Jamf, Kandji, Mosyle, etc. + the identity/IAM of your choice (most commonly Entra or Okta)

[oneplane]

Since SIP, it's MDM with DDM and you can basically leave engineers be local admins as it has no impact on the system state anymore.

[robterrell]

JAMF is popular. I've heard of Kandji too.

[prmoustache]

A company CTO told me once that he was a linux user at home but windows was the only option from a soc2 auditing point of view as MacOs faired barely better than linux in the fleet device management area.

[jonathaneunice]

Not true. Macs easily pass SOC 2 audits.

You'll need MDM, installed anti-virus/anti-malware, and reasonable update policies, as with any endpoint. But have passed multiple years' audits with mostly-macOS fleet.

[vablings]

RHEL has support for SOC2 requirements. RHEL is also very nice in general

[infecto]

Part of that reason is Microsoft office is a third class citizen on macOS.

Edit: Not sure why this would get downvoted. Weird. It absolutely lags behind windows version of the products by years. Excel did not get ribbon key shortcuts until 6 months ago. It’s a pretty terrible experience for most power users.

[prmoustache]

Many companies nowadays only provide the most basic office license with only web access to office apps for most of their employees. So for those that puts all OS at the same level.

Having said that software lagging in versions/features doesn't mean users are less efficient using the older tool. Are todays office users more efficient in word and excel with the ribbon than they were using office97 a few decades ago? Has it been measured? I know I am still lost whenever I need to find something on the ribbon.

[infecto]

Sure if you are a basic user it’s no issue. Basic being someone using 1% of the feature set. The moment you start developing any skills in office there is an actual difference in the product. Like I already said, MacOS did not have ribbon shortcuts until a few months ago. That’s simply insulting that such a core function for users would be missing.

[prmoustache]

The ribbon is a UI providing a way to access functions, not a core function in itself.

[infecto]

Are we arguing if ribbon shortcuts are not a core function?? I don’t know why we are even going down this road but… for any user that has moderate level of use in excel, the keyboard shortcuts are used so heavily that they absolutely become a core function to the use of the platform. Power users in finance may even go to the extreme of popping out certain key caps on their keyboard to reduce mistakes and maximize their efficiency.

[bdamm]

How? My experience with Excel, Word, Powerpoint, event Teams, is that they generally work fine. This is unlike the situation from e.g. 20 years ago, when you could barely get work done due to all the crashes, but that is a very distant memory now. There was a brief time during 2019 when Teams on Mac was kind of awful, but that's long ago in the past as well.

My biggest complaint these days is that Teams uses far too much CPU when I'm sharing my screen. But other than that, everything seems to be ok.

[mountain_peak]

People might not remember, but Word, Excel, and PowerPoint were all released for the Macintosh before Windows. Back then, the Macintosh versions were 1st-class citizens and (and you mention), Windows versions were a buggy mess.

Having used versions on both for years, I'd say there was a "dark" time around 2011 when the macOS versions were lagging badly feature-wise, but they're pretty much on-par today.

My biggest complaint is that you can't turn off the ridiculous animations in macOS versions (e.g. moving between cells in Excel). That makes the entire suite "feel" slower when in reality, the macOS version could easily be just as responsive as the Windows suite.

[storus]

They still aren't on-par today, in MacOS Excel you can't do some charts you can do on Windows.

[pseudosavant]

I can't speak for Teams (that is just an Electron app), but all of the legacy Mac Office apps are still a subset of the capabilities of their Windows counterparts.

If you can't tell the difference between Google Sheets and Excel, you probably won't notice the difference between Mac and Windows Excel. But if you are in some role like finance where you spend a ton of time in Excel, the gaps become obnoxiously noticeable. Especially because VBA is completely non-existent on Mac.

[havaloc]

What's sad is that in my experience supporting 80 users, Word et al work with fewer issues on Mac. The stack integration on Windows is fine, until it isn't.

[infecto]

Lack of parity. It’s getting better but my classic example is ribbon shortcuts for Excel. They did not exist until something like 6 months ago.

[ramgine]

Anecdotal but I’m a sysadmin in the IT dept in my rather larger company and have zero issues with office on my daily driver m2 Mac Pro. On my Dell precision running win 11 I constantly have issues with outlook, teams, etc.

[infecto]

Cannot speak to bugs but purely functionality. Historically speaking the macOS products lag by years.

[a1o]

I don’t know why you are getting downvoted, agree with you, Microsoft Office is awful on macOS, it just doesn’t work the same, has awful integration with Sharepoint (and Sharepoint in MS Teams and OneDrive), and continuously forgets its properly licensed and complains with a big message that it isn’t licensed - sometimes downgrading to read only. It’s just a terrible thing to use.

[trimethylpurine]

Mac users are consistently the highest needs users in my environment. Ymmv. Samba is still broken. Microsoft apps don't work.

You can use them for Adobe. But even then, performance per dollar is poor. Adobe flies on much cheaper Windows hardware in the side by side testing we've done.

I'm the Director of IT for a 160M revenue company.

We allow Macs, and we support them. But I don't share your take on the benefits. I can't think of a single benefit frankly. It's a loss for the business.

Oh well, it's not my money.

[thewebguyd]

This reads like the last time you've evaluated is 2018. The entire office suite works great on Apple silicon with the exception of, obviously Win32 VBA macros and some PowerQuery features in Excel.

As for Adobe, I'm assuming you're issuing desktops then? Because for an equivalently performant laptop with heavy Adobe workloads you are going to spend the same as a MBP on the higher end Thinkpads, or dell precisions. There's no cost savings there, really (again, unless you have everyone on desktops).

If you're still domain joining macs, trying to use SCCM & GPOs, and treating them like any other windows endpoint, of course you are running into problems. Kind of a square peg/round hole situation.

Not doubting your experience, but to have relatively problem free mac endpoints you have to do things differently. Maybe not worth it for every company, especially any that are super deep into Microsoft. But I can say, they've worked great for mine and we are phasing out Windows entirely, and IBM, Cisco, and SAP all had similar lower total cost of ownership & less help desk workload after introducing macs. Then again, we no longer use smb/samba, we eliminated on-prem file shares a long time ago.

[trimethylpurine]

We use 10G fiber to a local file store. Not domain joined. Cloud is way too slow for media production (the users that Apple targets).

We use basic AV and monitoring, as required for carrying insurance.

We don't have any desktops.

Our comparisons are done regularly to show the difference to new employees and to ensure that we aren't biased in what we report for budgeting.

[kalleboo]

I have a friend who runs a video production company. He was a big PC guy, they used desktop tower PCs with power-hungry GPUs for editing. He recently switched them over to Macs after testing Premiere on the base-model Mac mini they got for the receptionist and finding it was on par with their expensive PCs. His M3 Max MacBook Pro runs their chroma key at twice the speed of the GPU in the previous editing PC, AI upscaling is the same speed despite being a laptop. Premiere is also far more stable on the Mac, he's spent days troubleshooting driver versions on the PC.

[grosswait]

Was that side by side comparison with all the security cruft running, because this is totally contrary to my experience with both sets of hardware managed by IT.

[trimethylpurine]

You have to have security software on both Mac and Windows machines in an enterprise. It's required to carry insurance.

[frollogaston]

Not surprising. I've used Macs since 2005, and 3P software and GPU support have always been weak points. People blame the lack of popularity, but macOS is inherently a moving target to support. You're talking about corp machines running Adobe software with GPU acceleration, so yeah. Only reason I might do that on a Mac is if it's my personal machine and I want it to be nice for other stuff, but it wouldn't be cheap.

[ksec]

>Adobe flies on much cheaper Windows hardware in the side by side testing we've done.

This is the first time I have ever heard Adobe files on Windows.

There were a period of time between 2015 - 2020 that might have been the case. Especially due to poor Intel GPU acceleration on Mac.

Since Apple Silicon, Adobe Apps on Mac has been constantly faster than Windows counterparts. With plenty of examples on Youtube and Reddit when people disocver it. I mean Adobe work best on Mac I thought was given, given the historic ties between the two.

[trimethylpurine]

These are new. The Macs are faster if you use regular Windows out of the box with all the bloat. But that's not what businesses do.

Put any kind of security software on the Mac and remove the bloat from Windows (normal for enterprises), and the Windows machines are faster.

You can blame the security software if you like, but you have to have it to carry insurance. And you have to have it to make a fair comparison anyway.

It's obvious that they will be faster. They come with a free video card at the same price point as the Macs that don't.

[thewebguyd]

Which security software matters greatly. If its poorly optimized, and doesn't use Apple's framework it's going to perform terribly (SentinelOne is notorious for this) , and by default with smb on mac it will scan every single file modification over the network. If you're working with huge files over smb you have to disable packet signing, make sure the mac isn't writing and looking for .DS_Store, and make sure directory caching is turned on (its off by default).

Your experience is valid, I don't doubt that, but you can't just toss a mac into a windows optimized environment and expect it to work, you have to take that extra bit of time to do things differently.

Either way, sounds like you made the right choice then for your own org, but for the vast majority of companies introducing macs generally aren't a loss and tend to have a higher ROI.

[trimethylpurine]

Which security software do you recommend?

I'm going to run your recommendations through some research tomorrow. It would be so cool if we can get local file sharing to work, even Mac to Mac would be amazing.

We have directories with 30k+ large images and video content that we need to share. Macs can't open them.

[trimethylpurine]

Also, thanks in advance for any advice, if it works.

[bigstrat2003]

It's much harder to manage Macs than Windows machines, especially if you are a Windows shop already (which most are). Microsoft is working on eroding the quality of their software, but for now the management tools they offer for Windows clients are simply unparalleled in the Mac world.

[thewebguyd]

Sure, if you're still on-prem AD or hybrid. For orgs that have already moved to full Intune/EntraID, managing windows via Intune is still years behind a good macOS MDM. InTune still feels half baked.

[vondur]

Not really the case any longer. JAMF is pretty easy to use and it's way better to work with compared to Intune, which to me feels half baked compared to something like on Prem AD/GP/SCCM.

[elorant]

There’s nothing baffling to it. Windows PCs are upgradable. Apple won’t even give you a PCie slot on its $10k mac studio ultra to install a better network card or whatever.

[cortesoft]

I haven't worked with TOO many different companies, but I have worked at a few of various sizes (from small startup to huge Fortune 100), and none of them ever provided upgrades for machines. It was always full replacements. Sometimes you would get a used machine, but they were from someone else who left, not an upgraded machine.

Are other IT shops really doing a lot of piece by piece upgrades for employee machines?

[themadturk]

As a recent retiree from a Fortune 500 company...no, there's no such thing as an upgrade. We were virtually exclusively laptops on the desktop. It was full replacement every time.

[thewebguyd]

> Are other IT shops really doing a lot of piece by piece upgrades for employee machines?

I doubt it. I'm certainly not, and none of my peers at other companies locally are either. Even less so now that plenty of business class laptops are coming with soldered ram anyway. The MO is to just replace the machine once its out of warranty.

[michaelt]

It's not common, but it's not unusual either.

If your standard developer laptop has a 256 GB SSD, but a certain team needs more disk space due to the work they're doing, you can just add a second nvme for a fraction of the cost and inconvenience of replacing the whole laptop.

[spankibalt]

> "Are other IT shops really doing a lot of piece by piece upgrades for employee machines?"

My experiences cover only Europe, mostly in sasec (safety and security, not infosec) shops, including sasec-related engineering and product development. The only Macs I see in any pro capacity are those of clients and rent-a-lecturer/instructor-types, the latter seldomly part of the industry. In my neck of the woods we run mostly on machines from Panasonic and Lenovo; in-house repair labs are a thing (some of them with expertise and equipment that makes the Rechenzentren at the local universities bow their heads in shame).

What a lot Apple people don't seem to get into their heads is that there's user segments to whom the virtues of Apple's "silicon" is utterly irrelevant; the small benefits you'd get out of it are completely negated by a litany of cons that makes their products completely undesirable.

[fragmede]

It's for specialist users. Eg video editors or CAD systems. They need a 10-Gig connectivity to the SAN and want a Mac and not a Dell.

[reaperducer]

There’s nothing baffling to it. Windows PCs are upgradable.

We're talking about enterprises here, not home tinkerers.

Enterprises buy whole computers and replace them every x years. They don't waste expensive IT employee time running around upgrading machines all the time.

The last time I worked for a company that did any repair of its computers was around 2005, when all ~500 Dells in the office had to have their defective motherboards replaced.

[ioblomov]

There’s an accounting factor too. Businesses depreciate equipment as SOP. The laptops have already been written off by the time they need upgrading.

[Kirby64]

What company upgrades their windows PCs? They give them exactly as shipped. IT department is not wasting time swapping out RAM or SSDs. And they certainly are not upgrading them over time. You just replace the entire PC if you go to 'swap' it.

[msisk6]

I work for a little company called Boeing and all our PCs (desktops and laptops) are Dell and our IT center will upgrade SSD, memory, and even do repairs like swapping out motherboards.

Probably helps the IT center folks are actually employees of Dell and this service is part of the deal Boeing has with Dell. Lots of big companies have similar deals with their hardware vendors.

[Kirby64]

Interesting. I’ve worked for company’s that were all Dell shops as well and were similarly large and they had no such deal. You got whatever PC was available (like two options, one large and one small) and no choice beyond that. If you were special and could adequately plead your case, you maybe got a desktop for the extra RAM which was special order.

Why would you even want a SSD or memory upgrade? By the time you’re out of memory, the cpu upgrade is typically worth it.

[msisk6]

A month or so back I was hanging out at the IT center waiting for my laptop to be re-imaged (my Windows bootloader went "missing or invalid") when an engineer brought his laptop in to be upgraded from 16GB to 32GB. The IT tech took it in the back, did the job, and brought it back out in about 10 minutes.

I think part of the problem is all our laptops have smart card slots on them, and that limits the available options.

[prmoustache]

> Why would you even want a SSD or memory upgrade? By the time you’re out of memory, the cpu upgrade is typically worth it.

Not necessarily. Sometimes the default laptop sizing comes with a standard usage in mind but more space and ram is justified for other roles. Sure you could have different laptop models but if you are fine with just more ram and disk space why not?

[prmoustache]

I have had an upgrade maxing out the memory of my works thinkpad. It was a number of years ago, 2020 or 2021. Might be less common these days for obvious technical reasons (solderd ram on many models) but if the hardware allows it why not?

[kyawzazaw]

my school IT department does this but it's a small university

[0x1d7]

IME edu operates much differently than [US] corporations which use a 3 - 5 year deprecation schedule. Edu is more 'run it until it doesn't'.

[kasey_junk]

I have never, in 30 years, working across big companies and small, had a computer hardware upgrade. It’s _always_ just a new box.

[Modified3019]

I work I Ag retail (agronomic services, chemical sales) and while we have an IT department, a decade ago I’d occasionally act as “local” tech support and double a coworker’s RAM when their combination of browser/office/database front ends stopped gracefully fitting in 4GB (and later 8GB). I would also migrate them from HDD’s to SSD’s, and set them up with backups.

But even I haven’t done that in several years now, once IT moved to providing 16GB memory and SSD’s as a baseline, there’s really nothing left in a box to upgrade. I’m quite happy enough to not have to care.

[zdragnar]

Something as simple as adding a stick of RAM might be worthwhile, but some upgrades will take more money in salary (you and the person whose computer you're working on) than the upgrade is actually worth. This is especially true if you replace several components one at a time in a what would otherwise be a single replace cycle.

This is especially true if the business is writing down the replaced hardware as depreciated capital, compared to say simply adding a stick of RAM.

[tom_]

I've generally been given additional decent-performance storage every year or two when working in video games, fairly reliably the case since 2000, seemingly regardless of company size. Somehow each new project would always require yet more working space (again), and projects would often overlap to some extent.

Aside from that, almost always a new PC - almost! When times haven't been so good, I've had spot upgrades.

All of the above is just a question of running the numbers and minimising for cost, I'm sure.

[havaloc]

Agreed, the only time I did upgrades on boxes is swapping out spinning disks for SSD, that saved me a whole upgrade cycle it was such an improvement.

[j2j8]

They are often leased and have to be returned in the same condition at the end of the term.

[robertlagrant]

Most people have laptops now, in my experience of large corporations.

[recursive]

I got the RAM upgraded in my work laptop.

[airstrike]

Last time I requested that, they just swapped my laptop for a newer one with more RAM

[Hugsbox]

On very rare occasions I may do that for a user, if I happen to have extra RAM on hand from - for example - a broken machine. But by and large it's just going to be a whole machine upgrade.

[recursive]

I mean, I had to install it myself.

[Hugsbox]

My users would somehow manage to start a fire if they attempted that.

[GeekyBear]

I actually have seen a business upgrade PCs that were fairly recently purchased once, back during the transition from Windows 3.1 to Windows 95.