The complete move to configuration profiles, which consist of XML data, gave systems administrators the option for managing the OS X user experience without needing any complex relationship to an enterprise directory service. In effect, it separated Mac management from identity management and authentication. Just configure a basic connection to Active Directory using Apple's AD plug-in to support authentication of Active Directory users and then deploy configuration profiles as a separate step and you're done.
Apple extended the Profile Manager service in Mountain Lion Server to support this new management model. The result was an easy-to-use GUI for creating configuration profiles and using them to manage enrolled Macs.
Apple made one more significant change in its shift to configuration profiles as a Mac management solution: it added the the MDM framework introduced in iOS 4. That made it possible for every mobile management vendor that supports iOS management to also support Macs in the same way. As a result, IT pros can now manage Macs using the same tools they use for mobile devices and they can manage a user's enterprise identity with standard Active Directory tools.
Over the past 15 years, Apple has worked, and at times struggled, to figure out the best way to integrate its products into enterprise environments. Perhaps the biggest stumbling block has been how to approach a user's enterprise identity -- how to authenticate users and deliver single sign-on; offer enterprise-grade Mac and iOS management solutions; and deliver a system that avoids placing a burden on enterprise IT. The current model is a good one, but there are improvements needed for both iOS and OS X. Soon, I'll offer a look at how Apple is further integrating enterprise identity support in both iOS 7 and OS X Mavericks and why it will appeal to enterprise and Apple IT professionals.
Sign up for Computerworld eNewsletters.