Windows vs Mac. What's good for a business?

I’m working on an article about Windows vs Mac from a business’s perspective. I’d like to know what real IT admin folks think. All suggestions are welcome.

Managing Macs is just fundamentally different than Windows, it’s difficult to make comparisons between the two. It’s an apple and orange situation.

Generally, I’ll hear negativity around managing Mac for enterprise but it’s my personal experience that when I ask “why the negativity” it’s often because admins are trying to manage Macs the way they manage Windows. In those cases, yes admins are going to have problems.

I manage Macs at my organization and my official stance is that if someone can do 100% of their work on a Mac and prefer Mac over Windows, then let’s get them a Mac. Same goes the other way around.

Not all employees can do 100% of their work on a Mac, and not everyone can do 100% of their work on Windows. What’s good for a business depends on the business and the employees.

@Keir
> it’s often because admins are trying to manage Macs the way they manage Windows

I agree. I’ve been doing IT support for decades, and have had to train people to manage Macs. Often they get frustrated because authentication to Windows domains doesn’t work as well, you can’t configure things with group policies, or other missing Windows-native functionality. Because the Windows functionality isn’t all there, and the Windows tools aren’t all available, they throw up their hands and declare that managing Macintoshes is impossible.

But then the really good Mac administrators that I’ve met are just using different tools, approaching problems differently, and just thinking about the whole thing with a different mindset than Windows administrators. If you’re a Mac admin, then managing Macs is way easier than managing Windows.

@Devin
I think there are some additional factors to consider here:

From my personal, anecdotal experience, it seems to me, that part of the problem is the fact, that many endpoint admins get the budgets for their windows endpoint management tools (and AD) very early in the maturity path.

It then takes them years, sometimes decades to convince management to spend additional money on good tooling for Apple endpoint management.

Sometimes there will be even a middle step, when endpoint management for mobile devices is improved, and the tooling for Mac is pushed back to third place.

From my perspective, that is a big part for the general gripes with MacOS and its management.

Now if Endpoint Managers could become more cross-platform and more mature. That would be something.

@Kiran
Yeah, I think that also ties into the idea that there are different approaches. If you’re managing a bunch of Macs, you should go straight to getting an EMM/MDM/whatever-the-latest-initialism is. That’s how you’re going to configure them, not using GPOs.

So if you already have a Windows domain and you’re managing a bunch of Windows machine, then that might seem like a problem. “You want us to pay for MDM licenses and train our whole IT staff on how it works, and then everyone has to learn the ins-and-outs of Managing MacOS with an MDM product? Why can’t we just use Group Policies?! Macs are stupid and difficult.”

But on the other hand, if you start with Macs and have an MDM, and then someone is like, “We have a couple Windows machines so we want to set up a bunch of Windows AD servers, configure Group Policies, etc.” then that can equally seem like an expensive and wasteful endeavor.

However, if you’re using MDM for both from the start, it’s a bit less difficult to understand. The only problem is, as far as I’m aware, there’s not a great MDM product that does both Windows and Mac configurations very well. For Windows, you want to use Intune, which supports Macs somewhat, but not very well. For Apple products, you might want to use JAMF or Addigy or Mosyle, which to my knowledge don’t support Windows at all.

@Devin
Starting with Macs and introducing Windows machines is far more manageable. The majority of enterprises uses 365 for mail and licensing for office. So, in this case, it’d be as simple as a P1 and an Intune license. The bulk of your license fee covers your office subscription, so the barrier to entry is far less.

I suppose if you’re Mac and in GWS it’d be a different story, but with what GWS charges + the cost of JAMF or Addigy, you’re still talking a lot cheaper for the Windows devices.

@Devin
Addigy is one of Microsoft’s Supported device compliance partners. This means an organization can manage Windows with Intune and Apple devices with Addigy — and tie it all together with Microsoft Conditional Access.

@Devin
We use Filewave as our MDM solution. Our environment is about 50/50 Mac/Windows devices and it works pretty well. In typical fashion, I received practically zero real training but with some general knowledge and good researching skills, I’ve been able to manage just fine.

@Kiran
Luckily, N-Central is developing hard into integrating Apple Business Manager into its RMM and hopes to be a replacement solution for JAMF in the future. It’s still in the early stages but is promising. The benefit would be managing Mac and Windows with a single tool/license.

@Gale
Man. That’s so crazy. I just stumbled onto their website today for the first time.
Thats wild.

But yeah. They are certainly trying to convince you, that they want to corner this submarket.

I am personally still hoping, that Microsoft and IBM are willing/able to improve on their management capabilities for Apple OSes.

@Devin
It’s far easier overall to manage a homogenous environment. My issue has been and always will need multiple solutions to accomplish the same result due to the mixed environment. It introduces added costs and complexity to manage the two platforms properly in the same environment. Doing and executing well is possible, but what is the net gain? If 90% of the network is using Windows, yet we pay hundreds a month to manage the 10% of Macs via JAMF licensing or adding, and now the labor has increased as policies need to be managed twice, once for Windows via Group Policy, and the other via policies in JAMF. Internal resources, policies, and procedures need to be updated for both. You’ll run into the issues departments running all Windows machines except for one user complaining that this app or office feature doesn’t work the same on the Mac user’s device.

Having a mixed environment wastes money and resources; the only real gain is that an end user gets their preference for an OS. This argument goes the other way as well; I’m perfectly fine with a 100% Mac environment, but Macs have limitations in enterprise when working B2B, and there may be situations where parallels are needed to be compatible with customers’ apps and tools.

I’ve had a lot of luck converting Mac users to Surface Laptops over the years, and they’re generally okay with using them as a replacement for a Mac.

@Gale
> It’s far easier overall to manage a homogenous environment.

I agree, but IT doesn’t always have the luxury of a homogenous environment, and there is some value in the flexibility of being able to support a variety of solutions.

@Keir
>Generally, I’ll hear negativity around managing Mac for enterprise but it’s my personal experience that when I ask “why the negativity” it’s often because admins are trying to manage Macs the way they manage Windows. In those cases, yes admins are going to have problems.

In the A&Ms I’ve done 99% of the fault comes from the business in one of two ways:

  • Refuses to buy a good MDM or tries to do a one size fits all for both windows and Apple devices
  • Believes they can have proper MDM with apple without an ABM account and the cherry on top is they insist on going global where they are not LLC’d and assume we can ship systems anywhere with proper MDM setup that can’t be removed by a quick wipe.

@Keir
This, +💯
I actively manage both and have done so for decades. Can’t expect to manage macOS exactly like Windows, no more so than the other way around.

@Keir
Plus a billion. We do both and it depends on what the right OS is for the client and their daily workflow and existing organizational structure. Well stated!

@Keir
This is the best answer, and is my experience too. more and more companies are starting to use the choose your device scenario, different people have different preferences. For me as an admin I would prefer managing just mac or just windows, but I currently manage both, although the vast majority are macs.

@Keir
So if a user has no preference and can use both, what do you do?

Drake said:
@Keir
So if a user has no preference and can use both, what do you do?

You give them what they prefer - they’ll be happier, more productive employees.

Alix said:

Drake said:
@Keir
So if a user has no preference and can use both, what do you do?

You give them what they prefer - they’ll be happier, more productive employees.

And if they have no preference… then what. What is your default.

@Drake
Depends. Some orgs just handout what’s top of the stack.