Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Holistic Mac Management: MDM + Agent in SuperOps

SuperOps
07/09/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


a really crazy time across the world. And I know some of you folks are from the UK, Europe, which is pretty late in the evening. I know some of you are in the PST and EST. So it's just mixed time zones everywhere. Firstly, thank you so much for taking the time to come talk to us today. I think, you know, the name says it all. We have launched something very exciting for our customers and for all of our followers and for so many of IT and MSP teams that are trying to transform IT for themselves. We did have Mac that was agent-based monitoring for about five years now. But with the introduction of MDM into our fleet, we have also now made Mac management completely holistic by also introducing MDM with it. I'll start with a quick round of introduction and I'll lay the grounds for what we have planned for the webinar as well. I'm Shree, and I have been a product marketing manager and I've worked with super ops and IT and MSP teams and have been in the field for over a decade now. So much of use cases, so many pain points and problems that we have encountered having spoken to customers. And we realized that this is definitely one piece of the puzzle that we want to solve for. Along with me, I have Anirudh, who's the brain behind the Mac MDM, which we'll get into very shortly, but I'll quickly let him say hi before we get started. Hey folks, thanks for joining. Really excited to share what we have built here and what our vision is and how we're going to roll out going forward. Looking forward to this conversation. Perfect. Okay, so let's quickly get into what we have today. I know some of you folks might just have an MDM, some of you might be from the world of an RMM, or some of you might just be managing things manually today, but this session is for all. So we're going to cover a bit more on why we think the hybrid approach is needed as IT teams and MSP teams evolve in the era of AI, in the era of technological change. And what we've done to close that gap, and I'll probably take about five to six minutes to cover these two. We'll quickly get into a live demo, which I think is what everyone's here for, super excited about. We'll do that. And what that really means for an IT and MSP, right? So it's not just about these features coming together, but it's about the value that you can drive to your clients as an MSP and to your organization and your employees as an IT team. And this is just the start, folks. I think the world is moving towards a unified endpoint stack, which is where Super Ops is also headed, where Ani is going to chip in and talk a bit more about how that landscape is changing, and how Super Ops is sort of evolving with that landscape. And of course, as it always goes, please feel free to put in your chat conversations and your Q&A in the chat here. We'll go ahead and answer them if and when needed. But we'll make sure to get to all of these by the end of the session. All right. Okay. So before we started this entire journey, Ani and I went into a journey of actually speaking to so many MSP and IT teams who are handling MAP today. And I think one thing stood out for us, right? Which is if you're managing an MDM, it tells you the state and the security enforcement really well, of course, if it's well implemented. Or you have an RMM that tells you real-time monitoring, but it doesn't really give you the complete picture in either of the cases. So there are cases where the IT team does everything, they've enforced the devices, the right security policies are in place. But when an employee repeatedly tells you that your MAC system is slow, they don't have a real-time way to see it, or they'll have to depend on a third-party tool to manage it, which seems like a small cost if you think about it, but added time and time again over years and over months, it takes a huge toll on the employee productivity and it costs for the IT team as well. You end up replacing the laptop and you go through so many rounds of troubleshooting, right? And when this lies outside of a service desk where the service desk that gets all the inquiries from your employees and customers does not have the context that the MDM or the real-time agent provides, things just become a lot more complex. They end up sort of serving a situation that they don't have full context to, and that just becomes a point of chaos for IT teams, right? So the situation that I described, I'm sure a lot of you across the flow might resonate with it, and this ladders up to so many IT risks that we see in the end of the day. Interestingly, no one's spoken about real-time visibility, so this session is going to be very exciting. I hope all of you take away what real-time visibility really means with an MDM. All right, so let us come in. I love the responses that I see, but this is what we realized, right? When we did this case study with a lot of our existing customer base and with some market research, we realized that, of course, everyone knows what multiple tools mean. It leads to a lot of tool sprawl, cost, and context lost, which we're all familiar with the impact of it, but some interesting things came up, right? Beyond that, we also noticed that, in general, your troubleshooting becomes 2x longer, even when your compliance is in place, which is not something that we want to see in the AI era when you can be replaced or tools can replace you very quickly, right? So, we want to work with systems and tools that help MSPs and IT teams handle troubleshooting a lot more efficiently, but an interesting point that also came up with this is one of the biggest challenges that IT and MSP teams managing endpoints tell us that the biggest concern for them is blind spots. Blind spots when it comes to security enforcement, when it comes to sort of handling device troubleshooting, and so on, and that shoots up by 47% in cases where they've seen that these are managed in multiple different tools, and especially one in three tickets require you to shift between all of these steps. Now, this is one of the primary reasons why we realized it is a no-brainer to sort of bring these two together. Of course, there are a lot of MDM tools in the market that also offer real-time monitoring. There are a lot of RMM agents, sorry, RMM tools in the market that also does MDM together. We wanted to bring in a new innovation here where it's not 70 or 30. It's going to be a mix of these two systems talking well with each other while giving you also a really good service test that has the context needed to get things done, and this is why I think we are super excited about what we've launched, and we're super excited to see how this is translated as value for our customers. Now, with that, let's quickly go into the demo where I'm going to walk you through the MDM enrollment process and how easy it is for folks who have joined us for the initial MDM that we did back in October last year. This will seem familiar. We have a very zero-touch approach to handle this. The policy configuration is where things get really interesting, right? I've broken this down into two different sections so that I walk you through what the MDM configurations are, what the agent configurations are, and specifically how they work in tandem with each other. It's not like you just have a bunch of MDM configurations and an agent, and then you figure out how to put it together. We've sort of ensured that, especially when it comes to OS and software compliance, these two work well with each other so that all your different use cases are solved for. We'll go deeper into looking at a device. How do you really troubleshoot faster? If you're taking care of enforcement and real-time visibility in one place, what does that really look like? And of course, like I said, the third important piece of the puzzle is not just having a good map management system, but a system that talks to a really good ticketing system that has the context needed to troubleshoot. And of course, for MSPs, a lot of these MDM tools out there require you to log in and log out or shift between profiles. We have a very clean MSP client view, and this also rolls back to billing rate to ensure that for your Mac devices, you're doing right by your customers and managing that. Now, with that, I'm just going to quickly take a second to shift screen, and let's get started with the demo. For some of our existing customers, this will be a very familiar view. For some of the new folks that are seeing us for the first time, we are a unified system that gives you all OSs, not just Mac, but Windows, Android, iOS, Linux, and network devices in one single place. But we are also a system that gives you all your service requests and ticketing in one single place. And that's what this dashboard that you currently see solves for. You can create a very customizable dashboard that brings all of this data together in one single panel. And if you're an IT manager, then you can have dashboard relevant to the top alerts for the week that you need to look at. If you're a technician, you can have a very specific view. And of course, if you're an MSP, you can also add invoice data into this dashboard to ensure that your billing data is also right there for you to view. So coming back to the MDM configuration specifically, one thing that we wanted to ensure is with our entire experience is just like how Mac users love the system for the ease of use, the entire onboarding process for customers also need to be super simple. Now, what you see are a list of clients. So if you're an MSP, then you can create a quick MDM configuration for each of your clients. As you can see, you don't really have to shift between tabs. All of this is in one single place. If you're an IT team, of course, you're going to have an organization level MDM configuration in place, and you can get started from there. Now, we have Android, which I'm not going to get into, but folks who are interested in it, do just comment below. We are also thinking of doing a deep dive into Android MDM and how that sort of, again, plays into the entire IT stack. But going deeper into Apple, as you can see, we support iPhone and iPad. We have been supporting this since last October, and now newly launched, we are also supporting Mac through this. And what you'll also notice is once a device comes in, what I'm showing you is a manual enrollment approach. But through automatic device enrollment, we can sync with your ABM, pull all your devices together, and also sync it to the right site and the requester here. Or in case you're an IT team, that can be your department and the requester being your employee, and then get these devices in. And the moment these devices are in, these can be in the supervised mode, where you can manage all of this very effectively. And for Mac, in case you also have a licensed app that you want to deploy, you can integrate with apps and books here and bring all of these tokens in one single place and start licensing this and deploying this across your policies, which we're going to see. So one thing that we've noticed through this entire enrollment process is the first initial setup is only one part of the puzzle. It's about how well you maintain your tokens, because there's a good chance the way Apple deals with it versus potentially Android is different. So we've ensured that we let you know in case a token is about to expire or has expired, so that you can take the relevant actions needed to ensure that your MDM is continuously running. All right, so once we have the devices onboarded, let's go deeper into the policy structure. Now as you can see, because we are an IT team that sort of handles all the devices in one place, you have policies across your Android, Apple, and of course Mac, which is what we're going to go deeper in. But what's more critical is these policies are not going to be a standard policy that you have to deploy for all Mac devices. Of course, if that's how your clients and your organization structure is built, then great, you can just come in, set these policies up, and you're good to go. But we've seen more often than not, especially with Mac, your CEOs and CTOs might be using it, or your design team might specifically use Mac, because this Mac is a sort of a tool that people with low touch but high experience is what they look for. So you can create these advanced policies where you can create a group of customers or employees potentially that might prefer to use it. This could be across client, across site, across departments, and so on, and manages very effectively. Perfect. So going back to the advanced policy that we spoke about, so this is very specific to the kind of devices that you really want to play with. And as the examples that you see right here, it can be a gold plan, which is if you're sending a gold plan to an MSP customer, then you can go ahead and configure this efficiently. Or if you're an IT team and a specific department needs specific Mac devices that need policies that are catered to them, then this is something that you'd be able to set up. So once you set this up, you can go deeper into any of these sections that you see here. I'm going to go into the Mac workstation policies, which is specific to the Mac workstations. And you'd see two different sort of policies in place. So I'm going to quickly walk you through what this landscape looks like. So as I mentioned earlier, there are these MDM configurations whose primary purpose is compliance and ensuring that the security is maintained, which is where your MDM configurations and your restrictions really play in. So MDM configuration takes care of what and how the device needs to be configured, and restriction takes care of what a user can and cannot do in the device. But along with the configuration, a lot of agent-based configuration has also been brought in for real-time visibility and real-time and proactive healing, really. So things like alert management, scheduled actions through scripts, deploying your antivirus data backup, remoting into your systems, and putting the systems on maintenance mode are things that the agent does really well, given that it's in real-time contact with the system. So let's start with what the MDM configurations look like. So as soon as your Mac is now enrolled, which is the stage that we saw earlier, you can define, of course, what the ADE profile looks like, which means what the user can and cannot do when they're setting up the ADE profile. Set up, of course, password needed to get the system up and running, more often than not, ensuring that the right network proxies are in place. Similarly, from a restriction standpoint, given that a lot of these days people use a lot of their data into AI, a lot of IT teams and MSP teams now are a little bit more concerned about what data is being shared in and out of AI systems, which also includes Apple Intelligence Layer. So apart from managing your camera, Bluetooth, find your device, and so on, we also let you manage anything else that could potentially be sharing data outside of other systems. Similarly, with security, how you want to ensure that passwords are being filled, your touch ID and face ID being in place, and so on. With app restrictions, of course, whether Safari, Apple Music, and so on can and cannot be accessed by Teams. And of course, the iCloud settings where your iCloud storage, your photo library, and how data between these tools really go in. And specifically with Apple Intelligence for teams, again, that are high on compliance, these are things that you can completely control to ensure that this is there. And like I mentioned earlier, this is one policy for one cohort of devices. What that cohort looks like is something that you can configure based on your configurations and your systems. All right. Now let's go deeper into some of these agent-based configurations as well. So with what we saw earlier, we've taken care of the enforcement, we've taken care of security and app restrictions. I will get into OS and app management very shortly, but the basic MDM enforcement is done. Now what we need is real-time monitoring to see whether there are important alerts that we need to look at, and if we need to take any auto-remediation actions immediately. So for that, we have inbuilt agent-based monitoring that takes care of alert management for you, where you can check across your CPU, memory disk, your firewall, and so on, to ensure that you can automatically create a ticket in SuperOps, or you can run a script to automatically heal that specific problem. And creation of a ticket is super critical here, right? And here's where you potentially have to push it to another system, the context is lost, or the teams will have to shift between these two. But the fact that this is baked in is something that we see as an added advantage for IT and MSP teams going forward. Similarly, we also have AI-based alerts, and I would love for Ani to also talk a bit more of our AI direction when he sort of chips in here. But this is our first step forward, where we take care of monitoring your CPU, memory, and disk through AI to let you know that this is a false alert versus this is a pattern that's recognizable, but more in terms of what we're doing with AI, something that I'd let Ani sort of take us forward. And of course, you can also create a lot of scheduled actions. So, in case you want to run a script to potentially enable firewall, you can just run this at a specific time, or run it once at a specific schedule, and the system will sort of take care of that for you. We also have antivirus tools, like Bitdefender, Sentinel, one that we integrate with, which will take care of security enforcement again. And your data backup, again, is taken care of through Acronis and a few other systems that we integrate with. Very importantly, I think remote desktop is a no-brainer. We integrate with two specific tools, one acting as a backup to another, with ISL online and Splashtop. So, with this entire crux, your real-time monitoring is sort of taken care of for you, and real-time visibility is sort of taken care of for you. But what's more important is specifically in terms of the changes that we have done with respect to the OS patch management and the software management. Now, here's where we've taken a dual approach team, where through MDM, we take care of enforcement, which means you as an IT team can decide that, hey, I'm going to enforce a certain version at a specific date. Great. So, the system will sort of identify that there's this update, and it's going to enforce on the 1st of May. And with this, you can also decide how the users can manage RSRs, of course, and whether they can manage their own downloads and installations through this entire journey. And before you actually enforce, you can also ensure that the deferral period is there for you to completely finish the testing before you deploy. But what about situations, and this is real-time, real-world situations that Ani and I experienced when we spoke to customers, where MDM takes care of enforcing it and ensuring that it is going to be compliant in the future, but there are so many real-world examples where you'll have to run a maintenance, and for that, you need the device to be in the latest version possible, and that's when your on-demand patching is also needed, which is why we also let you manage your entire Mac systems through the OS patch management, where you can decide if there are certain sort of configurations that need to be approved and sent as a schedule, you can have that, or in case you need to do an on-demand push, you can also do that from the patch dashboard. Now, since we have both of these doing the same activity, just giving you more flexibility over it, one might wonder if these two might conflict, and that's, again, something that we have ensured that it works in sync with each other. So, in case the MDM enforces it, then the agent can complement it by recognizing that it's been patched because there's a real-time sync that sort of comes in, and similarly, if the agent has enforced it, when the MDM is trying to enforce it, we sort of understand that it's already been synced in. So, this is something that Ani and I are super excited about, and we would love for all of you to also share your thoughts in case you have experienced this before. In case you do OS, we wonder how you manage it today. So, very excited to see what's happening in the chat. Now, the same also applies with software management, right? Again, you have situations where the apps and books brings licensed apps, and of course, you can deploy it, but it doesn't end there. We also extended to Homebrew so that you have a wide variety of apps that you can choose from, and more often than not, IT teams have specific apps that they want to push for which you can build a custom software and then sort of push it. So, the apps and books is managed through the MDM. The Homebrew and the custom software takes care of agent-based management and sort of pushes the apps across, and you can decide when these are going to be pushed. Now, this is just of the policy configuration. Just a quick summary, we wanted to ensure that the security enforcement is taken care of, but real-time monitoring does not stop. So, you have your real-time alerting and scripting that's taking care of figuring out what's wrong, but also enforcing necessary remediation in place to ensure that your Mac systems are healthy. Perfect. So, now that your Mac systems are enforced, what does it really look like when you work with the Mac system, right? So, this system has both agent and MDM configuration actually acting on it. So, the moment a device is enrolled through MDM, we also try to deploy the agent into the system to ensure that all of this is in one place. So, what that means for you is you have your CPU memory in real-time sort of coming in, your net traffic, your path status, firewall, and so on. But at the same time, you can go deeper into the details where you can see the CPU utilization. So, what you see here is through the real-time agent monitoring that's telling you what exactly is happening, memory and so on. But you also have MDM-specific details, your DDM status, and we're going to be adding a lot more parameters to ensure that you have all the information needed and very quick actions, right? So, in case you need to wipe the device, lock the screen, shut down, and so on, all of that is one click away. But at the same time, if you want to make use of real-time monitoring, then you'd be able to run terminal as a system or a logged-in user or remote into the system right away, initiate a chat with the user if you notice that I can just troubleshoot quickly by talking to them, or even run a script on the fly. So, all of these actions previously just used to be agent-based, but with some of these MDM characteristics built in, it just gives you a little bit more control as a technician to get to the problem as soon as possible. Of course, you have all the apps listed, so in case you need to go deeper into File Explorer, you can do that. You have the list of apps, processes in place as well. And more importantly, you also have the alerts, patches, and scripts in place, which tells you what kind of alerts are really in the system, what kind of patches has and has not been triggered. And going back to what we spoke about earlier, if you want to quickly deploy this patch with an MDM, you might have to wait for the end enforcement, but I can just go ahead and approve and push it right away. Similarly, with the script, we also have AI-based scripting, so I can just quickly create a batch script and I can prompt the AI to enable the firewall and write a script off the fly and push this off. So, everything is built very neatly for the technician to handle it. And of course, it's a bit tricky with AI. Some technicians love it, some technicians don't. So, all of our AI systems are built and backed with some amount of testing, so before you deploy anything, you can run a quick test on one of your systems before you go ahead and deploy it and make it available for all your customers. Okay, so what does this really mean in a real-time scenario? And going back to the use cases that we have seen, so many customers that we have spoken to, and it's funny because right before this webinar, my Mac was super slow, right? So, this seems to be such a common scenario that we all see. And imagine a customer reaches out to you or an employee reaches out to you and says that your Mac is slow. First and foremost, we have runbooks built in which can understand that, okay, this is a Mac-related inquiry and you can set it up to kick in for Mac-related inquiries, where it will give you a clear checklist that a technician needs to do to ensure that they get things up and running. So, these are not just instructions, these are actually actionable checklists. So, what that means is if you want to send a reply, you can quickly just view the reply, it's pre-coded with a response, you can go ahead and send it right off the bat. In case you need to get an approval from a senior technician, the approval message sort of just goes with a single click of a button right off the bat. Now, before any of this happens, context on what exactly the ticket is super critical, and that's where the fact that we have an inbuilt ticketing system into one single place largely helps. So, we have the asset information here, as you can see. I can chat with the user remote into any of these systems at any point in time or click on this specific link, which takes me back to the device where I have all the context needed to get started. Now, similarly, even from an MSP standpoint, we've spoken to so many MSPs who talk about how monetizing endpoint management becomes super critical. So, this is again a huge area where you can work. We have a delivery map which tells you how you're delivering services to your clients and what are the charges associated with it, where under assets, I can literally have an asset for Mac and charge probably $10 per device if I'm providing an MDM plus an agent approach versus just an agent approach in case enforcement is not needed and charge your clients according to the services that you offer. And this is interesting because I spoke to a client recently who said it's not about revenue or profitability for MSPs anymore. It's about being there where your customers are and that's a no-brainer. And if this is going to be true for 2026, where you see so many MSPs come up and with AI coming in with so many built-in products, the only way you sort of work with your clients is to tell them, hey, I'm ready to give you the services that you want. But at the same time, we want to ensure that you put the bill in the end of the day for your customers and you leave nothing on the table. And this contract management will help you ensure that systems that also have MDM enabled, especially Macs, you can go ahead and charge your customers extra given the service that you're providing for them. And with that, time to shift back to what Ani has to say. This is a quick overview of what the MDM looks like. I'm going to quickly stop sharing my screen. Perfect. Thank you. Thank you for that, Srinidhi. So a pretty exciting next two quarters lined up at the MDM space in Suplavsk, folks. So over the last two quarters, we have invested a lot into building the breadth and depth on MDM capabilities, not just on the Mac, but iOS, iPadOS, Androids, and all of that. So the next two quarters is going to be a balance between going depth as well as adding a lot more functionalities and depth in what we want to do with Macs, managing Macs, iPads, iPadOS, and Android devices. While I share a high level mind map of how we're going to do the next two quarters, while I share about how we're going to go in depth for the next couple of quarters, on one end, we have looked at different methods for enrollment. But at the same time, we're conscious of all the basic integrations that we might need to get the foundations right. So we are currently integrating with Intra, the Restoil Azure AD. So Intra's integration is currently in the works, and you can expect it sometime next month. Once you have that come up, you would be able to provide the touchless one-click device onboarding for employees right from the get-go, right from Intra. You create an employer in Intra, and from there, the MDM takes over once the asset binding happens at the ID level. So that integration is in the works. We are also looking at a few critical security and safety features such as geo-tagging, geo-location that is being planned over the next quarter. Quick check on a few of the features that are coming up. Intra ID, your geo-locations, your geo-trackings, a lot more security features being built up. Also, we're looking at scripting from a Mac perspective. What native code can we give to run scripts on them? Mind you, you already have a really powerful RMM agent sitting on top of the Mac, right? So we want to give the best of both the worlds on one side, the management and configurations that the MDM world has to offer, and at the same time, the reactive and troubleshooting capabilities that an RMM agent has to offer such as remote troubleshooting, scripting in terminal, and all of that. So between these two, that's the investment that's going to go in. You would also see a quick integration with Office 365 coming up, how you can actually start managing all the softwares within Suprops, and a lot more depth in terms of kiosk management, iPads with respect to kiosks, single app mode, double app modes, pinning wallpapers. So a lot more depth that's lined up over the next couple of quarters, folks. In the previous couple of webinars and our upcoming webinars also, we're going to talk about how AI is going to be a huge value driver for Suprops, for our MSPs and IT teams, right? We are rethinking the entire landscape of how we do ticketing and how we do asset management. It's going to be multifold. On one side, we're going to look at, okay, how can we introduce standalone agents to do specific tasks? A few of them are already in the works. For example, our scripting engine, right? Our script gen is powered by AI where with one prompt, you can actually generate the scripts that you need to write. That is already live. On the other end, we're also picking up this big vision around patching and how we can actually use AI to do patching or pieces of patching, starting with approvals, right? We try to bring all the insights, all the research that a senior admin or a technician has to do prior to approving a particular patch. All of that now is summarized in one particular patch card. All of these are already live that all of our users can already look into. Looking forward, we're looking at agents that do jobs, not in pieces, but end-to-end. For example, starting with, say, ticket deflection and frontline agent. We call it the frontline agent that comes with three functionalities. One is the L1 ticket deflection. If you have knowledge about it in a knowledge base, KB, the KBs of Super Ops, we'd be able to read them and start answering questions across multiple channels, such as emails, teams, and Slack, as well as your service portal, your customer portal, or your employee portal. We would be able to answer that. Then the second part of the frontline agent is going to be triaging. If AI is not able to answer the question because you don't have a particular KB for that issue, we would be able to triage that and then dispatch it also. These are currently in the works. A few of you folks are already part of the early access program. Folks on the call, if any of you are interested to be part of the early access program that me and my colleague Akhilesh run as part of the AI initiatives, please do just drop a yes in the chat so that you would be reached out by us to have these discovery conversations on how you think AI can add value and what we are thinking about, showing you designs, showing you early prototypes of what we have envisioned here. We start our agent journey with the frontline agent. The baseline agent is also something where we are taking a different take to how we want to do ticketing in the future, our vision for how ticketing is going to evolve. I know Ani touched a bit on the UEM aspect and where we want to go, but what you're currently seeing is the landscape of what SuperOps has to offer. You have Android, Windows, iOS, network devices, Linux, and Mac in one single place. We are working towards a vision where SuperOps becomes your IT stack, which has your entire operating system in one place, and then you can start building whatever workflows that you'd want to on top of that. Of course, for the IT teams, what we're trying to achieve is what we heard on calls, what we heard from our customer case studies, which is we want to reduce blind spots. We want to reduce areas where your compliance posture could take a hit. Of course, for the MSPs, you need to be where your customers are because it's a no-brainer with everything that's happening in the world, but also giving you the platform to ensure that you are able to drive value and you don't leave money on the table. So, what we're hoping to do, and I see that some of you are also interested in starting this as soon as possible with some of your test devices, but our end goal is to ensure that with this hybrid combination, you're able to reduce risk, resolve faster because all of this is in one platform, and ensure that your operational efficiency improves in six months. And of course, we have a CSM team that can take you through this journey by journey, ensuring that your onboarding process is super simple. Thank you so much for spending this hour with us, team, and we've absolutely loved talking to all of you. And in case we've missed out on any of these questions, we'll make sure we'll get back to you on that. And we would love to see all of you as a part of not just the AI beta program, but also your take on what you think the Mac MDM is shaping up. So, do reach out in case you want to get started, and I'll see you guys at the next webinar. Take care. Transcribed by https://otter.ai

TL;DR

  • SuperOps has launched Mac MDM that combines MDM compliance enforcement with real-time RMM agent monitoring in a single platform, addressing the blind spots that arise when these tools operate separately.
  • Internal research cited in the webinar shows that managing endpoints across multiple disconnected tools increases security and troubleshooting blind spots by 47%, with one in three tickets requiring cross-tool context switching.
  • The hybrid approach covers the full Mac lifecycle — zero-touch ADE enrollment, cohort-based policy configuration, dual-layer OS patching, AI-assisted alerting, and native service desk integration — without requiring technicians to leave the platform.
  • MSPs can monetize the hybrid approach through per-device contract billing, while the near-term roadmap includes Entra ID integration, geo-location features, Office 365 software management, and an AI frontline agent for L1 ticket deflection and triage.
  • SuperOps is positioning toward a full unified endpoint management (UEM) vision covering Mac, Windows, iOS, Android, Linux, and network devices in one platform, with AI agents designed to handle end-to-end tasks rather than isolated steps.

Why MDM Alone Leaves Critical Gaps

This webinar opens by addressing a fundamental challenge facing IT teams and MSPs managing Mac fleets: neither a standalone MDM nor a standalone RMM agent provides a complete picture. MDM excels at security enforcement and compliance state reporting, while an RMM agent delivers real-time visibility into CPU, memory, disk, and process-level activity. When these tools operate in silos, troubleshooting times double even when compliance policies are fully enforced. The session cites internal research showing that blind spots in security enforcement and device troubleshooting increase by 47% when managed across multiple disconnected tools, and that one in three support tickets requires technicians to context-switch between systems. SuperOps positions its hybrid MDM-plus-agent approach as the direct answer to this fragmentation, arguing that unifying both layers — alongside a native service desk — eliminates the context loss that slows resolution and inflates operational costs.

Live Demo: Enrollment, Policies, and Device Actions

The bulk of the session is a live product walkthrough led by Product Marketing Manager Shreenidhi Shivkumar. The demo covers the full Mac MDM lifecycle inside SuperOps: device enrollment via manual or zero-touch Automated Device Enrollment (ADE) synced with Apple Business Manager, token management with expiry alerts, and a layered policy structure that supports both organization-wide and cohort-specific configurations. MDM configurations handle ADE profile setup, network proxies, password enforcement, and restrictions covering camera, Bluetooth, iCloud, Apple Intelligence data sharing, and app access. Agent-based policy layers add real-time alert management across CPU, memory, disk, and firewall — with auto-remediation via scripts and AI-assisted anomaly detection to distinguish false alerts from genuine patterns. OS patch management takes a dual approach: MDM enforces scheduled compliance deadlines while the agent enables on-demand patching for immediate maintenance needs, with built-in sync logic preventing conflicts between the two. Software deployment extends from Apple Apps and Books for licensed titles to Homebrew and custom packages managed through the agent layer. The device detail view consolidates real-time agent telemetry alongside MDM-specific data points, one-click device actions (wipe, lock, shutdown), remote terminal, in-platform chat, and AI-generated scripting — all accessible without leaving the platform.

MSP Monetization and the UEM Roadmap

The session closes with two forward-looking segments. For MSPs, SuperOps highlights contract management and delivery mapping features that allow per-device billing differentiation — for example, charging a higher rate for Mac devices under full MDM-plus-agent management versus agent-only coverage. Product Manager Anirudh Murthy then outlines the next two quarters of development: Microsoft Entra ID (formerly Azure AD) integration for touchless one-click device onboarding is described as arriving within the following month; geo-location and geo-tagging features, deeper kiosk management for iPadOS (single and double app modes, wallpaper pinning), and Office 365 software management integration are also on the near-term roadmap. On the AI front, SuperOps is building a 'frontline agent' capable of L1 ticket deflection by reading knowledge base articles and answering questions across email, Microsoft Teams, Slack, and customer portals, with triage and dispatch functionality for issues that fall outside existing KB coverage. An early access program for these AI initiatives is open to attendees. The overarching vision is a unified endpoint management (UEM) platform where SuperOps becomes the single IT operating stack — reducing blind spots, improving compliance posture, and enabling MSPs to capture full revenue for the services they deliver.

Chapters

0:00 - Welcome and Introductions
2:01 - Webinar Agenda Overview
3:28 - Why MDM Alone Is Not Enough
6:50 - How SuperOps Closes the Gap
9:15 - Live Demo: Enrollment and Policy Configuration
17:16 - Agent Layer: Alerts, Patching, and Software
23:02 - Device View and Service Desk Integration
29:11 - MSP Billing and Mixed Fleet Advantage
31:59 - UEM Roadmap and AI Agent Vision
36:35 - Closing and Q&A Wrap-Up

Key Quotes

5:49 "Your troubleshooting becomes 2x longer, even when your compliance is in place, which is not something that we want to see in the AI era when you can be replaced or tools can replace you very quickly."
6:22 "The biggest concern for them is blind spots. Blind spots when it comes to security enforcement, when it comes to sort of handling device troubleshooting, and so on, and that shoots up by 47% in cases where they've seen that these are managed in multiple different tools."
7:07 "We wanted to bring in a new innovation here where it's not 70 or 30. It's going to be a mix of these two systems talking well with each other while giving you also a really good service desk that has the context needed to get things done."
28:07 "It's not about revenue or profitability for MSPs anymore. It's about being there where your customers are and that's a no-brainer."
31:09 "We want to give the best of both the worlds — on one side, the management and configurations that the MDM world has to offer, and at the same time, the reactive and troubleshooting capabilities that an RMM agent has to offer such as remote troubleshooting, scripting in terminal, and all of that."
35:08 "We are working towards a vision where SuperOps becomes your IT stack, which has your entire operating system in one place, and then you can start building whatever workflows that you'd want to on top of that."

FAQ

How does SuperOps prevent conflicts when both MDM and the RMM agent are managing OS patching on the same Mac?

SuperOps uses a real-time sync mechanism between the MDM and agent layers. If MDM enforces a patch, the agent recognizes the device has already been updated and does not attempt to re-apply it. Conversely, if the agent pushes an on-demand patch first, the MDM layer detects the current compliance state and skips redundant enforcement. This coordination is built into the platform rather than requiring manual configuration.

Can MSPs charge different rates for Mac devices managed with MDM versus agent-only management?

Yes. SuperOps includes a contract and delivery mapping feature that allows MSPs to create per-device billing line items tied to the specific service tier being delivered. For example, a Mac device under full MDM-plus-agent management can be billed at a higher rate than one covered by agent monitoring alone, and this is managed directly within the SuperOps platform alongside the technical management tools.

What AI capabilities are currently live in SuperOps versus still on the roadmap?

As of this webinar, AI-powered script generation (ScriptGen) and AI-based alert anomaly detection for CPU, memory, and disk are already live. AI-assisted patch approval summaries — which consolidate research a senior admin would typically perform before approving a patch into a single patch card — are also live. The frontline AI agent for L1 ticket deflection, triage, and dispatch across email, Teams, Slack, and service portals is currently in development with an early access program open to interested customers.


Categories:
  • » Data Protection » Backup & Recovery
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Endpoint Management
  • Data Protection
  • AI & Machine Learning
  • Best Practices
  • Webinar
  • Demo
  • Getting Started
  • Mac MDM
  • Unified Endpoint Management
  • RMM and MDM integration
  • Apple Business Manager
  • OS patch management
  • MSP endpoint billing
  • AI-powered IT automation
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Holistic Mac Management: MDM + Agent in SuperOps

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Worthy Security Team for Unmatched Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        22

                        Insights and Strategies for Effective Data Privacy and Protection

                        07/22/202606:30 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version