MacOS Device Management with Fleetsmith | Nittygritty
man with screens - fleetsmith

15th Apr 2018

MacOS Device Management with Fleetsmith

Nittygritty's team of NGneers® and BIMgineers® spend most of their time working at client sites, which means their laptops are rarely on our home network. We embrace a cloud first approach to all our systems, so started to look at solutions that would allow us to manage our laptops through a cloud based solution. Certifications such as Cyber Essentials Plus sensibly require devices to have OS and application updates applied within 14 days of release. Device Management is the name given to solutions that allow you to keep track of your device inventory, make sure policies about things like firewalls, data encryption and updates are applied, and also let you push out applications and settings to devices.

We evaluated several solutions, but were excited to find a new player that had an approach that really matched what we were looking for.

photo of a man

By Marcus Roberts, CTO

Fleetsmith is a cloud based Mac device management solution that has a clean, simple to use interface that’s easy to set up and manage

Setup was easy. Currently Fleetsmith only supports Gsuite for authentication and user management, and we would like to see O365 Active Directory support, but we just authenticated using our Gsuite user and we were logged in and able to import our user list. Multiple administrators are supported and there’s an easy to follow guide no how to configure an admin role in Gsuite to support this.

Once our users were registered, we send out a link to download and install the Fleetsmith agent. Again we encountered no problems, and the application installed without issue on our Sierra and High Sierra machines. A cute icon appears in the top tool bar where status information and alerts appear for the user.

Ensuring Security Policies

The point of installing a device management solution like Fleetsmith is to allow us to ensure our laptops are following security policies on things like hard drive encryption, firewall settings and updates. Configuring this is easy. All user and devices belong to a global profile. All of the options you can configure are presented graphically, and once an option is added to the profile, you can configure if it simply warns the user, or is enforced. To take a couple of examples, with firewall settings added to the profile, you can choose if the user is alerted to ask them to switch the firewall on, and if the rules they apply block incoming traffic. By setting the option to be enforced, the user is alerted, but the changes are also applied automatically. Another example is software installation, where you can set the Gatekeeper application protected. We chose to only allow apps from the App store or that were signed by the developer, and made this mandatory. Finally, we configured OS and App store applications to download and install automatically, and to force the application or OS to restart and update if the laptop user hasn’t applied the update within 14 days.

Fleetsmith Supports Many Well Known Applications

Fleetsmith also supports application deployment from a pool of well known applications. We all use Slack, so I added the Slack application to the global profile. Within 5 minutes a number of our NGneers® and BIMgineers® received an alert prompting them to update their application, so we could already see the benefit of making sure our users are keeping their apps up to date.

You can define additional profiles, so for example we made a profile for our development staff and added some developer specific applications to that profile. We then set those users to inherit that profile, and so those users (and their devices) were sent the additional applications. Once an application is added to a profile, it’s silently installed in the background into the Applications folder.

Easy and Transparent Reporting Makes Compliance a Breeze

The next great feature of Fleetsmith is their reporting. When you view the devices in the cloud portal, it highlights non-complying machines. After we had all our devices register, it was easy to see which machines didn’t have FileVault enabled, which had firewalls disabled, etc. Our policies were able to enforce this anyway, but it also meant sending a gentle reminder to staff about policies a breeze.

We’ve only just started on using Fleetsmith ourselves, but we have found the feature set it provides and the easy to use cloud portal are exactly what we needed, and we’re going to be rolling it out for our customers next.