Today we announced a very major release to our Mac solution. Known as the Centrify User Suite, Mac Edition, or “Centrify for Mac,” our solution for Mac OS X lets organizations easily implement Active Directory-based management for both connected and remote Mac OS X systems, as well as end-user’s Apple iOS and Android mobile devices. New major features announced today include cloud-based remote Mac management; integrated Mac and mobile management; enhanced Mac security policies; and enhanced mobile capabilities. In this blog post I will try down in each one in detail.
But before I drill down, let me first provide some context to this product announcement. In many organizations, Macs are becoming more prevalent and disconnected from the corporate network, requiring a hybrid on-premise and cloud-based approach to comprehensively manage authentication, configure security policies, and enable user self-service features regardless of device location. At the same time, Apple is increasingly enabling Bring Your Own Mac with remote management and policy configuration for Macs based on technology similar to how Apple iPhones and iPads are managed today.
One of the results of this “Bring Your Own” trend involving Macs, mobile devices and new mobile applications is that IT organizations increasingly don’t own the endpoint devices or back-end application resources on their networks. At the same time, end users are increasingly challenged to deal with the password sprawl associated with the on-premise and cloud-based services they need to access in order to perform their jobs.
So what Centrify is trying to do is provide a unified approach to managing an employee’s digital identity that spans their applications, Macs and mobile devices, providing the visibility and control required for IT organizations to achieve compliance, reduce costs and mitigate risks, while also increasing productivity and securing access for their user centric, mobile workforce. It is this vision that resulted in the following major new features for Centrify for Mac:
#1 Cloud-based Remote Mac Management
As a complement to our historic agent-based approach for providing Active Directory-based authentication and Group Policy management, we have now added a cloud-based option for managing Macs. By extending the Centrify Cloud Service to manage remote Macs and providing administrators and users with self-service capabilities such as remote lock and remote wipe of a Mac, IT staff for the first time have the flexibility to use a single solution to manage Macs using a combination of both on-premise software and/or a cloud-based offering.
This new remote Mac management capability also implements support for new OS X specific Profiles being introduced by Apple. This allows IT administrators to extend self-service features to remote users, such as data protection via remote wipe or lock of stolen or misplaced Macs, and enables IT to apply new MDM profiles for Macs and mobile devices for auto configuration of VPN and Wi-Fi, including automated PKI certificate management for strong authentication.
This screenshots shows the user self-service we now offer (e.g. remote lock, wipe, etc.) for Mac users via the MyCentrify portal.
While this screenshot below shows some of the new Group Policies we offer that are implemented on the Mac as Profiles.
The end result of this new set of capabilities is that Centrify is only vendor to provide robust AD-based authentication, policy management and user self-service for connected and disconnected Macs. You don’t have to use a cloud-based approach to manage your Macs, but we give you that option, and having options is a good thing.
#2 Integrated Mac and BYOD Management
Centrify is also announcing that it is combining its Mac management with its Centrify for Mobile offering as part of the Centrify for Mac solution to deliver a new combined solution offering to deliver a new combined solution based on a more economical per-user subscription pricing. Centrify’s pricing has changed from a per-device, perpetual license to a per-user subscription model, with support for up to five devices, in order to support users’ increasing use of Macs, smartphones and tablets as a natural extension of their work environment. Ideal for “Bring Your Own Mac” and BYOD environments, organizations get more functionality with support for a greater number of devices at a more economical price.
The end result of this is users get more functionality, with support for greater # of devices given the move to user centric pricing, at a more economical price.
#3 Enhanced Mac Security Management
We have also added enhanced Mac security management features as part of this release. For example, Centrify has added File Vault 2 full-disk encryption security policies. Our centralized management of Filevault 2 full disk encryption for data at rest protection has the following capabilities:
- Filevault 2 configuration policies centrally managed through Group Policies with support for Enterprise managed Institution keys
- Disk unlock access rights are granted to AD Users configured as the assigned manager of the computer, tightly controlling access to these portable systems
We have also added Wi-Fi Profiles with PKI certificates to enable strong network access controls. These 802.1x Profiles are created by Group Policies and Computer Certificates are auto-issued/renewedfrom Microsoft CA.
And as part of its smart card support for the Mac platform, Centrify has also added smart card name mapping, also known as the Alternate Identity Smart. Centrify for Mac ensures trusted security functions with JITC and FIPS-certified cryptographic services to meet the highest levels of security requirements, and supports Mac smart cards including Common Access Card (CAC) and (Personal Identity Verification) PIV.
#4 Enhanced Mobile Management
Last but not least, given that mobile device support is now included as part of our Mac support, I wanted to highlight some of the new mobile management features we have added. New Apple iOS features include support for volume purchase programs and MyCentrify app optimized for iPads. New Android features include support for more than one hundred plus security policies for Samsung SAFE devices for controlling passwords, Exchange email, Wi-Fi, Bluetooth, firewall settings, roaming policies and much more.
Below is a screenshot of a Samsung KNOX device being self-serviced managed by an end user:
And here are some of the Group Policies we offer for Samsung devices running SAFE:
So in summary, what we are offering Mac customers is pretty amazing with this new release of Centrify for Mac. Specifically this is what we are now offering that goes well beyond doing robust AD authentication or Group Policy management of Macs that we always known for:
- Get additional management functionality for Macs that are disconnected / not on network via Centrify Cloud Service
- Take advantage of user self-service management of Macs (wipe, lock)
- Get to manage additional devices (iOS and Android) in conjunction with Macs
- Move to per user pricing (up to 5 devices — Mac or Mobile — per user) gives additional devices to be managed without paying additional $ per device
Overall I say pretty cool stuff!!!!