Our customer spotlight series shares the unique strategies our customers use for their Mac deployments. It also offers insight into the different ways Macadmins are solving common problems.
What is XING SE?
Name: XING SE (now known as NEW WORK SE)
XING SE is a premier social network company that focuses on business networking, career search, and other business- and career-related services. XING was founded in 2003 in Hamburg, Germany, and currently has over 1,500 employees and serves upwards of 15 million members, primarily in Europe.
Who are David Schöfberger & Christopher Maack?
David Schöfberger and Christopher Maack are both IT System Administrators at XING, located in Vienna and Hamburg respectively. Together they are responsible for the management of in-house Macs and many more iOS devices. David was nice enough to share XING’s internal processes and configurations currently being used.
Migrate from an older system that required many manual processes to a more scalable, automated solution
Unify the deployment system across all company locations
Reduce the time necessary to deploy/configure a new Mac
Nagios & Icinga
Microsoft Active Directory
David and Christopher were in search of a future-proof solution that they could deploy across multiple locations. When they came across SimpleMDM, they were confident that it could effectively manage a large number of Mac and iOS devices in a unified manner.
Though working towards a touchless deployment, XING currently involves an on-site IT technician in the setup process to handle a few quick tasks for reasons relating to macOS reliability, such as ensuring FileVault encryption was successful. XING plans to move toward a zero-touch deployment in time.
From purchase to user delivery
XING purchases Macs from their vendor, who is responsible for adding the devices to their DEP account. Once the Macs are received, they are unboxed, connected to the internet, and activated using DEP. The technician proceeds through the DEP-customized Setup Assistant screens, and the device is enrolled into a default device group. This group only applies a few basic profiles and certificates.
After the initial enrollment is complete, the technician renames the device and reassigns it to the destination group via the SimpleMDM interface. The destination group applies additional configuration profiles, some of which are based on the office location and employee’s role. The native profiles include:
Firmware Password profile
Privacy Preferences profile to automatically configure permissions for certain software
Kernel Extensions profile to automatically permit certain kernel extensions
Several custom configuration profiles are also applied via the destination group:
Region-specific Active Directory profiles for binding accounts. This allows users to log in with known credentials.
One or more profiles for each required Munki catalog.
A profile to configure the Dock on macOS.
A Google Chrome profile that enables integrated authentication with a web proxy.
A Login Window profile that hides the “Guest” login option and displays the full name of user accounts.
When the login window is displayed, the technician logs in to the admin account that was auto created during enrollment with DEP. They confirm that Munki – Managed Software Center is installed and showing in the Dock. The technician then logs out of the admin account, enables FileVault following a prompt, and then reboots the device. The reboot kicks off a script that runs to ensure the Managed Software Center automatically installs all required software. After logging out of the admin account, the option to log in with an Active Directory user is shown. They log in to Active Director with new user credentials and set the secure token for FileVault. The device is then passed off to the user. After logging in, the user can reset their own password for the account.
Prior to using SimpleMDM, David states that the deployment process took more than 30 minutes. With SimpleMDM, the time has been cut down to less than 10.
API & Webhook integrations
David and Christopher have created a handful of custom integrations. To help with their migration process onto SimpleMDM, they used a script deployed via Munki to check if the SimpleMDM management profile was installed on their Macs, and if one was not present, Munki would install the enrollment profile which added the device to their default group.
Additionally, David and Christopher use the SimpleMDM API to send information to Nagios and Icinga, the internal systems they use for reporting. These integrations allow them to check for certificate expiration dates and send notifications, monitor their usage of device licenses in MDM, and ensure their users’ Macs are assigned to the appropriate device groups.
David and Christopher are also writing integrations that utilize SimpleMDM’s webhooks to send custom notifications based on events, such as new device enrollments. These integrations help their device administrators keep a closer eye on their deployment and stay on top of any potential issues before they arise.