Migration from PC to Apple Environment

I’m contemplating moving our mixed PC/Apple environment on a Windows Server LAN ecosystem to a cloud based (G Suite or Microsoft 365) system using all Apple hardware for end users. Has anyone ever made this jump? Is one management system better than another with Apple products?

I will have help with the migration from our contracted network support service but was hoping to get some feedback from those who live in the land before we pack up all our data and move there. We would be looking at nearly 100 Mac devices spread across several campuses. My concerns are device management and end user access to data.

Ben, it has been almost ten years, but we made the jump from a Windows Server ecosystem to G-Suite and have never looked back. Shortly after the jump we began adding Macs for end users and continue to do that even now. We are 65/35 PC/Mac environment with AD being core for connecting our users/servers together. I can’t compare G Suite to 365 fairly because we don’t use 365, but the decision to go G-Suite was clearly the best move for us 10 years ago. Today, I think MS has upped their game and would be a viable alternative. We are very happy with G-Suite right now.
The other thing I would recommend is that you invest in MDM through Mosyle’s business side. There Mac MDM is dirt cheap but incredibly effective, easy to use and when you get stuck, their support is amazing. We are using for both Macs and for the few iOS devices that we use for ministry events.

Same for us. Paul - do you use an MDM for your PCs? If so, which one? We were considering Mosyle but then wondering if we should implement something we could use to manage all devices.

I’ve used Mosyle MDM with iPads when I worked at the school so I’m familiar with it. So is there not an MDM feature built inside G Quite? It looks Like Microsoft Intune works with both iOS and PC so that would be a cost savings. Since admin prefers Apple products, I can get more buy in for the move from Office to G Suite if we bundle the hardware migration at the same time.

We’re still a mixed shop with AD as our back-end, but we’ve found Office 365 + Apple hardware + Mosyle Business to be a great combination. We can even log in to Macs using our O365 email + password, which for us still syncs with on-prem AD (but the staff don’t need to know that).

I don’t belive G Suite auth is finished in Mosyle but it is coming soon.

Our organization doesn’t qualify for G Suite and we didn’t sign up back when we did so we’d have to pay full price, which makes Microsoft’s offering a no-brainer for us. We get E1 for nonprofits for free (1TB storage per user, 50GB mailboxes, Office Online, Teams, etc) then we just add $3/user/mo for those that need to download office.

With all of that said, if you are using Mosyle and chose to use O365, be aware that when you enable O365 authentication on your macs you have to pay for it for all of the macs on your account whether they take advantage of the new single sign on or not. So far, it has been more than worth it for us, and I wish I had the budget to make the jump and move us all to Apple hardware.

We are running a small network of 10 Macs with an internal Synology File Server and Active Directory. We need to be able to manage the machines more effectively, but have been struggling with Network Logins since Sierra was introduced due to MacOS security restrictions, so our hot-desking doesn’t work currently. Also not sure how Mosyle works in comparison to Munki/AutoPkg, which we have been using up to now. Would appreciate any feedback and recommendations.

BTW, we use Office Mac 2019 without 365 functionality due to broadband issues in our set-up and security concerns over the use of MS cloud services outside the US.

I usually refer out Apple heavy environments, but most of the guys I know that do a lot of Apple product management are using Jamf because nothing else could check all their boxes. In fact, they almost all share the same story about lamenting not budgeting or charging more money to manage Apple products when they first started doing it precisely because they had to ultimately drop money on Jamf. That being said, Intune also has some Apple management capability and you should be sitting on no less than 60 donated Intune user licenses.

In the middle of that process as we move our 100+ Macs away from onsite file server, Rackspace imap and a mix of Google and Dropbox to O365.

Definitely take advantage of Microsoft non-profit pricing. It is a great deal.We went with Microsoft 365 to take advantage of the 10 free licenses and other features not with Office 365 alone.

Going to with Barracuda Essentials for protection and backup of all things O365/Sharepoint etc.

Also just started with Addigy for device management. Seems good so far and less of a learning curve than Jamf.

We are a 90% Mac environment on O365 and a similar size church as you @bbiddle. We have 4 physical campuses plus online currently. I added Jamf Pro this summer and am just now starting to get into because as someone else says it was the system that checked all of our boxes as we manage a lot of iPads for various things as well. I highly recommend looking at Jamf and bringing them onsite for the jumpstart.

Addendum to the above - just had a demo of Mosyle Business (Mosyle Manager is only for K12 Education) and are seriously considering it as the cost is in the right ballpark for us. It does everything that Munki/AutoPkg and Apple’s Profile Manager do, plus quite a bit more. Will be running their 30-day demo initially, alongside evaluating Cisco Meraki’s System Manager to see which one stacks up best for us. Will post our results when we have reviewed them both.

Can’t wait to hear about your experience Russ. Do you have a mixed environment? If so, what are you doing for device management of PCs?

Also, we are considering a package like NinjaRMM so that we can multiple things in one place (and with a single agent, etc) - MDM, network management, security, remote access, etc. Does anyone have any experience with NinjaRMM or something similar?

I have experience with NinjaRMM, it’s not a great RMM platform, particularly now that the cost is more than better RMMs. If you are looking for a mature and full-featured RMM, you can get the industry leading Kaseya VSA with Bitdefender Gravity Zone from Techs Together for half of what Ninja would charge per endpoint. Kaseya can be a lot to have to wrap your head around in the beginning, but the limitations, lack of features, and business practices with Ninja eventually drive most organizations away from the platform to something more mature and feature complete.

Russ, I’ve used both Meraki’s System Manager and Mosyle and I was pleased with both products. My feedback would be that Meraki did really well on the iOS side, but was limited on the MacOS side, where with Mosyle the MacOS side was really robust and the IOS side worked well for us with limited experience. We are going to let our Meraki licenses expire and move fully to Mosyle. I say this as someone who loves Meraki products with almost 40 of their APs in our facility and a desire to move to their switches in the near future.

Thanks for all the great feedback! It looks like we might have at least a three year transition period mixed with Windows, MacOS and iOS devices. There is a possibility we may never move away from PC completely because of our HVAC, Door Access and other such systems.

Are there any device management options that can handle BOTH Apple and Windows devices (I’m looking at you Microsoft InTune)? Does G-Suite even have device management capability? Guess I’m looking for a “one ring to rule them all” kind of solution.

Ben, GSuite does have some MDM/MAM, but the last time I dealt with it a few months ago, it was pretty limited. I don’t think you can manage Windows with it at this point, but it does have some ability to manage Android, iOS, and Chromebooks.