Managing Apple Devices in a Windows World

October 06, 2016

As Windows support requirements continue to dominate the focus of enterprise endpoint management efforts, an increasing number of Apple device users are becoming frustrated with being treated as second-class citizens. At the heart of the problem are Windows-centric practices and solutions that do not comprehensively translate to supporting Mac and iOS platforms. However, adoption of Apple management point solutions that operate independent of existing Windows administration platforms only add to management complexity and fail to achieve service reliability and cost-effectiveness. Join Steve Brasen, EMA Research Director from analyst firm, Enterprise Management Associates, and Tim Williams, Director Product Marketing at HEAT Software for a one-hour presentation identifying the optimal practices and solutions that will enable comprehensive management of Apple devices side-by-side with Windows endpoints.

Transcript:

Melissa: Welcome everyone to today's webinar, Managing Apple Devices in a Windows World. My name is Melissa Russell, I'm with HEAT Software and I'll be helping moderate today's webinar. Before we get started, I want to cover a few of the housekeeping items, the first is to let you know this is being recorded and the recording will be made after the presentation today. We will also be sending out a follow-up email that has a link to the slide. So you will also get a copy of the slide. For questions, you can enter questions into the Q&A box, we'll address the questions at the end of the presentation. If you're not familiar with the BrightTALK format it's a little different than some other platforms where if you ask a question we cannot directly chat back to you so we will have to address it towards the end.
 
If for some reason you're running into a technical issue there is a "Get Live Support" phone number to get help from BrightTALK, but we will take the questions at the end. At this time, I'd like to introduce our speakers. Today we are joined by Steve Brasen who has been Managing Research Director with analyst firm Enterprise Management Associates, and we are also joined today by Tim Williams the Director of Product Marketing for HEAT Software. Thank you again for both joining us, and I'll turn over to Steve. 
 
Steve: Thank you and thank you all for joining us today, we review the key management practices and solutions for supporting Apple devices in a predominantly Windows world. Now, if you are Mac and IOS users who are frustrated with being treated like second class citizens I assure you, you are absolutely in the right place.
 
First, just a quick look at our agenda, we're gonna start with a brief overview of the current adoption and use of Apple devices in the enterprise environment. And that will set the stage for us to discuss the primary challenges IT administrators face in supporting Windows devices today, and how the continued dominance of Windows devices has diminished most organization's ability to address Mac and IOS specific issues. Next, we'll look at effective strategies that will help IT managers carefully navigate Apple management challenges, and we'll reveal best practices and solutions that will enable unified Input Management providing comprehensive support for all the devices in our support staff from a single management interface. And finally, we'll just sum it all up with a few conclusions and insights.
 
People love choices, and more than that I think we humans love to have our own preferences. It's an expression of our personalities and our lifecycle. Lifestyles, freedom of choice, and subjective opinions permeate our politics religion entertainment and sporting events. Dog lovers versus cat lovers, Coke versus Pepsi, McDonald's versus Burger King, Kirk versus Picard, Batman versus Superman, people have many biases and they're often not shy about sharing them with your peers. Now in technology, few rivalries have been more contentious than that of Apple users versus Microsoft users. And over the last 4 years, the 2 companies have been engaged in a tug of war for control of the end-user computing market. And both have amassed extensive communities of very loyal customers.
 
In the home consumer market, dominance has radically waxed and waned between Apple and Windows based devices. However, same cannot be said for the business environment. Since the early days of computing, Windows has dominated the enterprise market. Businesses that purchased PCs for their workers needed lower cost platforms that employed a common application code base to standardize business tasks. It also didn't help that Apple in its marketing and its inter-program roles entirely focused on the home and education markets rather than the business market. 
 
But this all changed about a decade ago with the introduction of the iPhone and later the iPad ushered in an era passionately referred to as the consumerization of IT. As workers began purchasing mobile devices and bringing them into the office to perform job tasks the focus of adoption shifted from business needs to user preferences. Flag waivers for both Apple and Microsoft now suddenly have a say in the type of devices they will be using to achieve business goals, and users are often quite vocal about the platforms they prefer to use.
 
Thanks to increased user choice, the enterprise adoption of Macs has actually increased 27% in just the past 3 years according to EMA primary research. Now that represents a significant growth in a relatively short period of time. Nonetheless, we should still put this in perspective. The long history of Windows in the enterprise and legacy investments in Windows still translates into a Microsoft dominant market, accounting for roughly 90% of actively used PCs in business environments. But trends in increasing Mac adoption rates are steadily rising, and we project business Mac deployments to accelerate as businesses increasingly bow to user preferences. Especially with the more Apple savvy millennials now entering the workforce. 
 
It's a contrast, the smartphone and tablet market for mobile device market which evolved along with the consumerization of IT changes, shows a much more balanced adoption rate. Apple iPhones are second only to Android smartphones' adoption, and only by a little bit in the business market which are numbers much closer to the home consumer market that we saw with PCs. The lion's share of the business tablet market however clearly goes to Apple with iPads outselling Windows tablets 2 to 1, and that's taking into consideration all Windows tablets, not just the Surface. But also devices sold by 3rd party vendors like Dell, HP. Acer and Lenovo. It's also very telling that 71% of IOS devices used to perform business tasks are actually employee-owned, they're not being purchased by the business.
 
In the mobile device business market, Microsoft is the one playing catch up as its platform really only became viable with the release of Windows 10 last year which unified the code base across all endpoint devices. And this means businesses that rely on custom Windows applications built for use on PC can now use the software on tablets without any porting or recompiling. And that, along with the price tag will make them more attractive devices for organizations that are directly purchasing tablets for their employees granted the smaller percentage of those that actually use them.
 
Not to be outdone, Apple has in recent years begun actively courting the business community. This is really an unprecedented move for the company. And those of us who have been watching the company since its inception, don't take this radical change in direction very lightly. Personally, I think this is something they should have done about 30 years ago rather than yielding the enterprise market space to Microsoft. I bet that's actually a debate best reserved for a beer call, catch me up for a conference sometime I'll give you an earful. Among the business focused initiatives, Apple has introduced in just the past few years is the Volume Purchase Program which reduces the cost of bulk purchases to Apple Software licenses. And also the AppleCare for Enterprise program which provides 24/7 helpdesk support and a dedicated account manager to personalize the support experience and ensure Apple products are scalable to large deployment staff.
 
The Apple Device Enrolment Program also allows organizations to set up configuration profiles before provisioning IOS and Mac devices, so essentially workers get their devices directly from Apple and all the settings and software necessary to their job along with it. It is actually a pretty clever idea when you think about it because it encourages organizations to purchase devices directly through Apple or authorized Apple resellers. With the Apple Developer Enterprise Program, App development tools for coding, testing, and distribution are offered for a bundled discount price to business adopters. This encourages the creation of IOS and MAC OS business applications. So while enterprise IT organizations have to date been principally focused on supporting Windows-based PCs, they must also be prepared to support a growing number of MAC and IOS devices that are being introduced through Apple's push into the business market. 
 
Unfortunately for many businesses, this is something of a challenge. Management tools and practices designed principally to support Windows PCS will not be able to address unique Apple device requirements. The majority of endpoint management solution sets which are also called client lifecycle management solutions which were built specifically to support the vast number of Windows PCs. As Mac started entering the workplace, these solution sets began expanding Windows monitoring and management tools to also support some MAC platform capabilities. But this approach only works with support elements that are common to both platforms and doesn't address Apple specific requirements. 
 
For instance, Apple is very restrictive with their operating system environments and only allows approved agents to run on them. This is particularly true with IOS, and only Apple agents can be used on IOS devices. These management solutions must integrate directly with existing Apple services to perform administrative tasks on those endpoints. Additionally, Windows management platforms traditionally use an imaging system for initial system deployments and a patching service to distribute software updates. Both approaches essentially overlay software over the existing software architecture, and can actually badly break critical Apple services if they're not installed in the proper way. To ensure application system installations are performed correctly, all software deployments should be performed through Apple's software update service, which again requires direct points of integration.
 
In addition, the broad use of IOS mobile devices means organizations must adopt enterprise mobile management practices to fully support Apple endpoints. Increased workforce mobility means that these devices are commonly taken beyond the control of the business, and will encounter a much broader range of security and performance challenges. Also, businesses must deal with the reality that a large percentage of these devices are employee owned, and must adopt 'Bring Your Own Devices' or BYOD management practices. In fact, I'll argue that actually any device that is used to perform both business and non-business tasks, regardless of who the owner is, should be considered a BYOD device.
 
Think about it, even organizations that buy mobile devices for their employees rarely restrict the use of just performing business tasks on these devices. And really, only in cases subject to high security or regulatory compliance. When the device contains a mix of business and personal software and data, it doesn't matter who owns the device if there's an equally elevated risk to the business. Mobility also brings with it increased requirements for providing self-service functionality, today's more tech oriented mobile users are used to having on-demand access to applications and are actually more comfortable maintaining their own devices. These user experiences must be maintained when accessing business apps, data, and services. When a mobile user has to connect to a help desk to receive support, they predictably become frustrated and very unproductive.
 
All of this would be manageable in companies that will employ devices to just Apple products, you could create a set of standardized practices just for Apple. But really there should be no surprise, that's actually a staggeringly small use case. In fact, 50% of organizations today rely on a mix of both Apple and non-Apple devices to perform business tasks in their environment. The remainder are mostly windows dedicated environments.
 
With the consumerization of IT, users are increasingly adopting a broader range of device platforms that they expect businesses to support. And managing heterogeneous environments is inherently complex. Administrative requirements increase exponentially with each device platform added to the support stack. IT operations teams are challenged to standardize support practices when each management platform has its own unique requirements, and each architecture requires its own software installation and maintenance practices. Also, patching and updating must be performed rapidly on all supported platforms to prevent what are called 'Zero Day' attacks which occur when hackers take advantage of the time between the announcement of a vulnerability and when devices are actually secured. 
 
Centralized reporting on the state of endpoint devices, or to support regulatory compliance attainment is also exceptionally difficult in a multi-device environment as data is stored in different locations and structured in completely different ways making it difficult to correlate events into a useable report.
 
Multi-device management challenges actually flow all the way down to the individual user level. 69% of workers regularly use both a PC and at least one mobile device to perform job tasks. The average number of devices per user is dramatically increasing each year and the average device can have a completely different operating system to manage. Nowhere is this more evident than in the fact that 85% of business iPhone users also regularly use a Windows PC, and obviously the dominance of Windows in the business PC market is to blame for that. But there's only about 15% who use a Mac and an iPhone to perform business tasks. The challenge for IT administrators then is to deliver consistent experiences to their users in accessing the same applications and data in the same ways and with the same access privileges.
 
The problem with that particular scenario is that it often requires multiple management platforms that all have to be coordinated to deliver consistent user profiles. And that's nearly impossible to implement reliably and in real-time. We like to call this approach swivel chair management as it applies to organizations that have adopted completely separate solutions for supporting Apple devices, Windows devices, and mobile devices in addition to those Apple devices. Administrators in these environments essentially have to duplicate work as they perform the same tasks on multiple interfaces, it's even more inefficient since each platform is managed in different ways and requires a different set of practices for which administrators will need to be trained. It is not uncommon to see excessive cases of human error in environments that employ swivel chair management as well as a lack of consistency in policy enforcement and an inability to provide consolidated visibility across all supported endpoints. 
 
To effectively manage Apple devices in the heterogeneous environment dominated by Windows management practices, you have to start by adopting a "best of breed" Apple management platform that specifically targets the unique requirements of Apple devices. An Apple focused management solution to provide full lifecycle management support for Mac and IOS devices from an initial device deployment through final retirement. Administration practices should be automated as much as possible to minimize support efforts and management interfaces to be centralized so that operating systems and application configurations can be standardized. The platform should enable the creation and management of profiles that will define environment configurations, access rights and authorizations for either individual users or groups of users. 
 
User groups can be segmented by user roles, departments or device types. Really, you can have any type of device segmenter [SP] between these two groups. But the idea that enables multiple endpoints to be managed simultaneously, you make a change from one user and it applies to every other user in a particular group greatly simplifying management practices. It is essential to work with a solution provider that has developed a strong partnership with Apple so it can establish appropriate points of integration with Mac and IOS system services, and also to ensure the solutions will continuously evolve to meet emerging requirements specifically in Apple management. 
 
A strong partnership with Apple will also ensure integration with the vendor's broader management ecosystem. For instance, integration with Apple's Device Enrollment Program will allow newly purchased IOS or Mac devices to be pre-configured to meet predetermined profile settings identified in the centralized platform, completely eliminating the administrator and user onboarding activities. So when a user receives and initially activates their new device, their account settings, email applications, remote access and other business services are going to be automatically installed and configured on the device without anybody having to perform any activities.
 
Similarly, Asset Management with the centralized solution should be able to track any software licenses that were acquired through the Apple Volume Purchase Program. Apple Software Update Service should be leveraged for all software deployment processes to ensure the proper application patch and update installations. The software platform should also integrate directly with Apple's Global Service Exchange to provide an entry point for delivering service information directly to AppleCare. It's important also to adopt the solution that addresses the unique installation and update practices of common 3rd party applications like Adobe Acrobat and Java which do updates on a regular basis and are essential to most device deployment use.
 
It is important to remember though that a management platform dedicated to supporting only Apple devices is only really effective if it is needed to support Apple devices. Organizations with multi-device support requirements should adopt a solution that enables comprehensive support for all devices on their support stack from a common centralized interface. We call this approach "Unified Endpoint Management" as it consolidates all PC and mobile device administrative tasks into a single solution set with a common asset database, a common set of user and group profiles, and a consolidated data analysis and reporting engine. Optimally, a unified endpoint platform will provide self-service capabilities that are consistent, allowing end users to provision applications and perform tasks in the same way regardless of the device they choose to use and greatly enhancing user experiences.
 
Security is also an essential component of unified endpoint management platforms, particularly when supporting a mobile workforce that will be utilizing their devices in locations that are outside the control of the business. Data loss prevention practices can limit access to business content with the use of multi-factor authentication and encryption, to prevent unauthorized access and distribution on all devices employed by end users. These security procedures should be consistently managed from the unified console, and the status of authentication and encryption services should be continuously monitored to rapidly identify any breaches and potential problems.
 
Security monitoring is also essential for achieving compliance objectives. All supported endpoints must meet the same stringent compliance requirements regardless what operating system the platform happens to be running on. A unified management solution can provide the centralized reporting necessary to deliver both the proof of compliance and to rapidly identify out of compliance elements so that they can actually be remediated before discovered in an official audit. 
 
Mobile devices that are permitted to perform both non-business tasks with business tasks must be consistently supported with BYOD management practices on all the endpoints. Typically, this requires business apps and data to be completely isolated from the user's personal apps and data. Containerization is the common method employed for achieving resource isolation, but whatever method you use should be the same for all supported mobile devices so that users are able to access business services consistently regardless of the device they choose to use. Some users are not comfortable with their businesses performing any management or security activities on their personal devices, so users must have the ability to opt into any BYOD services the business provides. Of course, users who decide not to opt in will simply not be able to access business resources on their devices so it's a tradeoff for them and a choice they'll have to make.
 
To recap, Windows PCs continue to dominate the end-user computing business market. But adoption of Apple backs, iPads and iPhones continues to increase. Businesses are struggling to adapt to rapidly evolving Windows device support requirements, but are challenged to establish consistent device provisioning, maintenance, and problem management practices across all mobile and PC devices in their support stack. And finally, only a unified endpoint management platform that delivers comprehensive support for Apple devices will enable organizations to fully support Mac and IOS users while still delivering extensible support for Windows and other non-Apple devices. On that note, I'd like to invite Tim Williams to join us to tell a little bit about how HEAT Software helps its customers support Apple devices in a primarily Windows world, Tim?
 
Tim: Thanks, Steve. And just a reminder for the audience, if you have any questions that come to mind go ahead and please enter them into the questions box. We won't be able to respond by text, but we'll save a few minutes at the end to address your questions if there are any. And another reminder, if you have technical issues there is a BrightTALK live support option as well. So let's take just a few minutes to talk you through HEAT LANrev and what it brings to you for managing Apple devices in your company. One of the important points that you heard Steve emphasize over and over again and right beginning with the title of this Webinar is that Apple doesn't exist in isolation in your companies or in the broader market.
 
They've got a lot of technology that historically has been very focused in certain industries, you know, advertising, communications, and of course intake wells. But one of the big changes that came about when the iPhone was first introduced is that Apple's huge consumer culture has started walking in the door and demanding to be included in the work networks as well. LANrev has been around for about 12 years now and it was originally developed purely as client management for Mac and Windows computers and that makes it a really unique technology because our patented cross-platform framework makes it actually native Mac application and a native Windows application.
 
It's always been our philosophy that it really shouldn't matter if you have a Mac infrastructure, a Windows infrastructure...it shouldn't matter what your IT techs are using, if they're using primarily Mac or Windows, and it certainly shouldn't matter what the end-user has got. You should be able to manage all of those devices from a single tool for all of the reasons that Steve mentioned. We have felt that way for a very long time, but it's become less and less practical over the years to use that swivel chair management that Steve mentioned.
 
We used to have to just swivel between Mac and Windows, right now you'd have to swivel between Mac, Windows, IOS, Android, the other Windows, other mobile devices and it just really isn't practical. And so, it's important to understand then that the term "Best of breed" that we all use is not a sensitive pro point solution. LANrev has been developed since day 1 12 years ago as a native integrated Apple management tool.
 
We were really first to market our support for Apple's mobile device management APIs that came out I think it was with IOS 4. And again at that time, we felt it did not make sense to make a separate point solution to manage mobile devices for the exact same reason we manage Mac and Windows together. We enable you to manage those mobile devices as well from a single application. LANrev then is not just client management, it's not just mobile device management, it is unified endpoint management. It is well ahead of the market, but for anyone who has been looking at how Microsoft and Google and Apple have all been involved in their ecosystems, we are rapidly moving to a technical environment where unified endpoint management is going to be the only approach that really works. You should understand that LANrev is ahead of that curve in offering that kind of support right now.
 
So again, it's full lifecycle management for all Mac and Windows computers as well as a broad spectrum of enterprise mobility management for your IOS devices and as well for Android. So I wanna, without digging too far into technical ways, in a minute I'm gonna take you through a couple of sample workflows so you can see how LANrev integrates with this very deep level of support for the entire Apple ecosystem as well as the endpoint technologies. But I wanna emphasize another point because, in addition to this great growth we have seen of Apple technology in the enterprise, there's another trend going on at the same time.
 
And I'm sure all of you are seeing it at your companies, we're certainly seeing it. That is that the user is more and more in control. One of the reasons for that is again mobility, people come in with devices that in many cases they own themselves and they simply develop habits that they expect to be able to provision the devices with what they need when they need it right now, and they don't have to wait for policies and procedures at the company.
 
Now, this can pose some risk to your company because all the users have the device in their hand and they're certainly in control of it to a large extent. It's the company that risks exposure of your content, your documents...it's the company that has the risk for security infractions. The reality is that when users go outside the boundaries it's usually not malicious because they wanna have their stuff. They wanna have their configurations, they wanna have all their content documents and apps that they need to be productive. So our goal in designing LANrev is a user-centric solution, we wanna make IT the path of least resistance. If the user knows that by going to the system and enrolling even a device that he may own himself is gonna be the fastest way to save his stuff, that's also gonna mean that you're gonna have a much higher level of compliance with policies. 
 
Let's take a look at what this looks like in action, and this is just a sample workflow to give you an idea on how this automation work together very intelligently and integrated with Apple's ecosystem and technologies. This begins before you even get the devices through that device enrollment program that Steve had mentioned, you're actually gonna be able to put these devices into LANrev's management console before you even receive them. And we have a very close relationship with Apple which means that LANrev is going to be integrated into the out of box experience for those devices. If you know anything about the way Apple operates you understand that that's a very significant partnership. Because what that means is as soon as I turn this device on for the first time and it walks me through the device setup wizard, that's gonna include LANrev. 
 
So, when the user does turn the device on, if it's a company owned one through DEP they'll be forced to enroll in LANrev there's no way around it. If later on, they do a factory reset of the device it's gonna walk them right back in there again. If it's a user owned device, then they'll come in and enroll also. That part of the process works the same way, but with a user owned or BYOD device you'll have the option to insert your own BYOD policies for the users to accept as part of the enrollment. That's pretty important because we want everybody to be at the same page, it's important for it to be a written page.
 
So the user enrolls just using your regular Active Directory authentication username and password, and once they do that everything else happens automatically. It happens a lot faster than I am going to illustrate for you here but just slow it down so you can see the level of automation. Once the users enroll, now we have not just all of the device and app information that LANrev collects, we also now can associate all of the user information from Active Directory or Open Directory if you're a Mac. All of the policies that we've built to apply to devices can be based on any piece of information about the hardware, about the apps, or about the user end combinations of those things.
 
The first thing LANrev does is push down a couple of apps that are native to the tool, one is called LANrev Apps and it's essentially an on-device user self-service portal where users can get their own configurations and apps that you've published out to them. The other one is called LANrev safe, and that is a container for the mobile content management tool and I'll come back to that. Next, LANrev can configure on the fly, personalized for that user, things like email, VPN configurations, Wi-Fi configurations for their particular location. Because of a built-in certificate based authentification, since we've already authenticated the user through Active Directory, the email will be authenticated with a certificate.
 
Down the road that has a lot of benefits for the user to make it easier for them to deal with things like required password changes in Active Directory, but at the same time, it also enables you to control and prevent people from just self-provisioning emails outside of the management system. But again, this way it's really, really easy for the user. They're gonna like it because it's the path of least resistance. Now the device has been added to policies, any given device can be in multiple policies. There may be one that is specific to the department they're in, there may be one...usually, there's one that's more of a general one so let's take for example BYOD policy.
 
We know from the enrollment that this is a user owned device, and so LANrev can automatically send an email copy of that policy agreement that the user accepted so that they have one on file. If you want, it can automatically be sent to the company network. Again, LANrev customizes data to include the username and the specific device that that agreement applies to as well. The device may also be added to a global security policy, or you may have separate policies in different regions and so forth. Just as an example of what the security example can do, you may set it to detect if a device has been jailbroken, and in that case it puts a user owned device...we're not gonna wipe the device.
 
But we will remove access to company networks and data until that non-compliance has been remediated by the user. If it's a company owned device, of course, we can just go and reset it. Again, that's all automated. You don't have to take any actions, you just set up the policies and let LANrev do all the stuff automatically. Next, Devices are typically added to a department-specific policy. That's gonna do things like install apps, Stephen mentioned things like VPP and the Developer Enterprise Program. The user doesn't care where the app is coming from, and they shouldn't have to worry about it. LANrev handles that on the backend server.
 
If you've developed apps in-house with the Developer Enterprise Program those will be pushed out to devices. If you purchased apps using VPP, LANrev will under the covers be pulling those apps from the iTunes store to the device and will be managing and inventorying your VPP license compliance. I mentioned this as part of user onboarding, but I should note that because we're directly integrating with your Active Directory or Open Directory...but since this is Apple in a Windows world, I guess we'll stick with Active Directory. If the user moves for example from sales to marketing, or product management or something, as soon as that change is reflected in Active Directory LANrev will then pull back the apps that were assigned to the previous role, recover those VPP licenses so they can be re-provisioned to new users, and will then push out whatever's appropriate for the user's new role.
 
Again, all of that is automated. What you do is set up the policies and LANrev does all of the management and actions along the way to enforce those policies. The animation already flew through it, but we do assign content out the same way we do apps so that includes any kind of documents or media files in the case of a sales rep that may be sales literature or contracts. And all of those documents can have separate rules for how locked down they may be, so for example if it's company confidential documents it can be marked so that the employee can't actually save it or share it outside of the container.
 
If it's something like sales literature, you'd want to enable them to share it. But the advantage of managing it through the content system is that you save your sales rep the step of going to get the most updated literature, it's just automatically gonna be provisioned out to them. Again, everything I talk through took a few minutes here, but for the user, they're gonna turn that device on if it's company owned or they'll simply log in if it's their own device and all of the stuff I just talked to happens in less than a minute. So when we talk about making IT the path of least resistance, that's an example of it right there. Users aren't gonna be looking for a way to provision the stuff themselves because it's gonna take a lot longer than a minute for them to figure it out.
 
That's focusing on mobile, you should understand that because of these changes in the way that the management frameworks are being offered by both Microsoft and by Apple we built in support for a lot of the same things for computer management. Including support for BYOD which we introduced in LANrev more than 2 years ago now so that users can actually enroll their personally owned device. I had mentioned on the mobile side that we have these automated actions that we have variables that customize configurations for users, we support all that same stuff on computers.
 
A lot of differences between Mac and Windows and I'll get to that in a second, but again this is important because it makes IT the path of least resistance for your end users and it's only through this very deep integration with all of Apple's technology. There are some differences between client and mobile, but those differences are getting less and less over time and that comes back to that idea of a unified endpoint management. Finally, let's look at some of the differences between Mac and Windows. Although Windows is moving in some of the same directions as well, right now today on Mac, what LANrev supports and what you need to be able to support to effectively manage the Apple technology, the macOS computers and for those who aren't aware iOS10 has been renamed to macOS.
 
So VPP also applies to computers, you can buy volume licenses through that Apple App Store and distribute and manage those licenses on your Mac computers through the smart policies targeted by user roles or any other criteria that you may setup and LANrev will track all of those licenses and enforce them for you. I should mention that if you have older Macs that don't support that LANrev still supports traditional app management and distribution as well. DEP is also supported by macOS, so you'll be able to provision your computers using this rather than that traditional imaging that we've used up to now. 
 
The last thing that's important to understand is configuration profiles if you do mobile device management you know that mobile devices are generally managed using this lightweight XML configuration profile framework that's true in iOS, it's true across other mobile platforms as well. Configuration profiles are also supported in macOS, what's great about that is that it gives you a much greater ability now to send out these configurations that are customized on the fly. So things like the email setup or VPNs that might be specific to a department or location. Those can be customized on the fly using those variables, so you just tell LANrev, "put the username in here." And it'll do that on the fly when the configuration profile is provisioned.
 
By using configuration profiles, either self-service for the user or if you're pushing it out it also gives you the advantage that you never have to give end users a Wi-Fi password for example, they just tap on the configuration and they've got it. But you're always in control, the network is a lot more secure and at the same time, it's easier and faster for the end user. Just to sum up about LANrev and we'll get to your questions if you have any. LANrev is leading the market in unified endpoint management, it's a business we've been in for 10 years already since the introduction of the earliest mobile management API's. And we have been for 12 years in the cross-platform Mac and Windows management arena as well.
 
There's no other solution on the market that offers you a truly unified integrated solution for all of those devices and supports the newest management frameworks across client computers and mobile devices. Our user-centric approach is set up to make IT the path of least resistance so that your users are not gonna be looking outside the fence for their own ways to provision their devices. All of us have jobs in IT security, desktop support, but that's not our business. Our business is transportation, it's insurance, it's communication, it's advertising. Our business is business, and everything that we do has to be about empowering users to be productive for the business.
 
The one way to do that is make it easy for the end-user, and by doing that through LANrev's automated intelligent policy-based management keeps the company in control as well. Finally, as I've mentioned a couple of times, we have an extremely Apple partnership. If I can tell you, I'm personally on twice a month calls with the technical teams from Apple. We have a great collaboration in development of our own solutions and a very strong feedback loop to Apple in order to let them know what our customers need and what we'd like to see from their technologies as well. It's a partnership that we have had and have cultivated, for many years, our engineering team has been working on Apple solutions at other companies for about 25 years now.
 
So it's a great depth of experience and a very strong relationship with Apple. I would encourage you to ask your Apple SEs or sales people about LANrev as well, I think you will find they know quite a bit about it. That's all we've got for our formal presentation this morning, I don't see any questions in the queue, but we can take just a minute if you wanna type one in. Otherwise, we'll go ahead and give a few minutes back in your day. I do wanna especially thank Steve Brasen for joining us this morning. He does some really great work in analyzing the market and I'll encourage you to take a look at some of his other research. So seeing no questions, we will give you a little bit of time back, thank you very much for joining this morning and we hope to hear from you soon at HEAT Software.