Ready for business

by Tim Anderson

Integrating the Apple Macintosh into a Windows network need not cause headaches, as Tim Anderson discovers.

HardCopy Issue: 70 | Published: November 4, 2016

The PC remains the computer most commonly used in business. Reasons include the strength of Microsoft’s enterprise management tools, the abundance of business applications on the Windows platform, and the competitive pricing of PC hardware. That said, Apple Macs have a steadily growing market share, and the old assumption that only the design department needs Macs has long gone. Times have changed at Microsoft as well. The company’s focus is now as much on cloud services as on Windows; and that means new efforts to give Macs (as well as iOS and Android) first-class support, so that users can take full advantage of Office 365, Azure and other Microsoft services.

Office for the Mac, for example, improved greatly with the release of Office 2016, which is much closer to its Windows counterpart than earlier versions, while keeping Mac-native features like the OS X menu bar. In August 2016, Microsoft released a 64-bit version of Office 2016, which is now the default. Mac users still miss out on the Access database manager, but Word, Excel, PowerPoint, Outlook and OneNote now work well on Apple’s operating system.

The manageability of Windows networks depends on Active Directory and the ability to join PCs to a domain. Can you join a Mac to a Windows domain? In fact you can, and though it is not quite the same thing, it does come close. You can bind a Mac to Active Directory (AD) and log in using AD accounts. To do this, add a Network Account Server in the Users & Groups section of System Preferences. You can allow all network users to log in to a specific Mac, or select one or more users with that right. Once a network user has logged in, you can also give them local admin rights, by using the Users & Groups options and entering the credentials of an existing local admin when requested. You can also give an AD group admin rights.

One thing to be aware of is that Macs do not allow local users with the same username as AD users, so when you set up a Mac, be careful not to create naming conflicts.

Having Mac users log in with AD credentials has some advantages. They can connect to Windows file shares without having to enter credentials, for example, using ‘Connect to Server …’ in Finder’s Go menu. Another advantage is that if you need to disable the account, you can do so centrally.

PCs in a Windows domain can be managed through Group Policy, with further options like software deployment or system re-imaging available through System Center Configuration Manager. On a Mac, you can control settings centrally using either the older MCX (Managed Client for OS X) or, more commonly today, the more recent system of Configuration Profiles. MCX settings can be set in AD by extending the AD schema, but Configuration Profiles are easier to manage, though with fewer settings available. They are supported on iOS as well as on Macs, and are designed for use with MDM (Mobile Device Management) tools.

Parallels Mac Management screenshot

Tools like Parallels Mac Management for System Center Configuration Manager let you control many aspects of Mac configuration centrally.

The advantage of managing Macs from System Center is that you can use the same tool as for PCs, at no additional cost. However System Center’s out-of-the-box capabilities are limited compared to dedicated third-party tools, and Microsoft typically takes a while to support new versions of OS X such as the recently released OS X Sierra.

One option that gives you the best of both worlds is the Parallels Mac Management plug-in for System Center Configuration Manager, which uses Configuration Profiles and its own agent to extend the management features administrators are used to using with PCs to cover Macs as well, including key features lacking in System Center such as automatic Mac enrolment, the ability to deploy OS X system images, OS X patch management, and built-in remote assistance via VNC (a remote desktop system) and SSH.

Other dedicated tools available include the Casper Suite from Jamf Software (which also has System Center integration), ADmitMac from Thursby, and Centrify Identity Service.


Doing business on a Mac

Will Mac users be disadvantaged when it comes to business applications? The answer of course is “it depends”. What is true is that Mac support in general has greatly improved over the last few years. Software vendors have responded to pressure to extend support beyond Windows, not only to Macs but also to tablets and mobile devices, though that may mean web applications that work cross-platform.

Microsoft Office, as mentioned above, is now very good on a Mac, though there may still be issues. Outlook on Windows, for example, uses Word as the email editor and has many more formatting options than Outlook on the Mac, including table editing. There are also extra features in Outlook for Windows including voting buttons, message recall and read receipts.

Word 2016 on the Mac does not support real-time co-authoring, unless you use the browser-based version. Excel 2016 on the Mac lacks a few features including the Watch window for formulas, PivotCharts, and the ability to customise shortcuts. However the majority of features are supported on both versions. For a detailed table of what is missing, see the post at written by a former member of the Mac Office team, now working at Parallels.

The most common source of problems is with extensions and add-ins. Office 2016 for the Mac supports both Visual Basic for Applications (VBA) and web-based add-ins, though the built-in VBA IDE is highly simplified compared to the Windows version, and Microsoft suggests developing VBA macros on Windows. Some VBA keywords are not available on the Mac though. Further, if you have a solution that uses COM add-ins, including those developed using Visual Studio Tools for Office, it will not work on the Mac. COM automation, a common technique for applications that create Office documents, is a Windows-only technology. On the Mac you can automate Office using AppleScript or create workflows using the Automator application, so a developer may be able to create a Mac version of an application, but a Windows-based Office solution will not ‘just work’. Any Office add-in that calls into native code will not function on the Mac without porting work.

Microsoft has not ported Access, Visio, Project or Publisher to the Mac.

Adobe’s Creative Cloud is cross-platform on Windows and Mac. Adobe maintains a similar user interface look and feel on both platforms, which means that its applications work in the same way, and the features on offer are nearly identical.

The key applications in Creative Cloud are Photoshop for image editing, Illustrator for vector graphics, InDesign for desktop publishing, Acrobat Pro DC for creating, editing and signing PDF documents, Premiere Pro for video editing, Animate (formerly Flash Professional) for creating interactive web animations, Dreamweaver for web design, and Audition for audio editing. Developers can use either PhoneGap or Flash Builder to create mobile or desktop applications. There are additional applications as well as cloud services for collaboration, image sourcing, fonts and colour schemes, making this a near-essential subscription for professionals in design, multimedia and web development.

Photoshop screenshot

Photoshop, part of Adobe’s Creative Cloud, is equally feature-rich on both Mac and Windows.

Nuance Dragon Naturally Speaking is a range of speech recognition products which have remarkable accuracy. Historically the Windows versions have been more advanced than their Mac cousins, but recently released for the Mac is Dragon Professional version 6, updated to support Microsoft Office 2016. This has outstanding voice recognition, powered by advances in machine learning, as well as additional features such as opening and controlling applications through voice, and transcribing voice recordings automatically.

Mindjet’s MindManager is another application that supports both Windows and Mac, though unfortunately the Mac version is not the equal of its Windows cousin. MindManager lets you create charts and diagrams representing business projects or processes. The Mac version supports organisation charts, information maps, tree diagrams, presentations either standalone or via export to PowerPoint, and basic project planning. On Windows you get many more features, such as guided brainstorming, calculations and formulae, task dependencies, and import and export from Microsoft Project. That said, the key features are there on both versions.

What about security? Comparisons with Windows are difficult. Most malware targets Windows, and Microsoft’s operating system still suffers from a history of badly behaved applications which make it hard to lock down, though the company has made huge progress in making Window more secure. Apple’s OS X is based on the Unix-derived BSD which separates applications and data.

Nevertheless, OS X does have vulnerabilities, and the security industry has responded with software to protect it. Note too that OS X supports File Vault encryption, a technology similar to BitLocker on Windows. File Vault 2, introduced with OS X 10.7 (Lion), encrypts entire volumes rather than just user directories, with an option to store the key with Apple for recovery.

Norton Security covers the current and previous two versions of OS X, as does the business-oriented Symantec Endpoint Protection, with the latter including a single management console across Windows and Mac, as well as remote deployment and client management.

Kaspersky Internet Security for the Mac includes anti-malware protection, anti-phishing features, network attack blocking and more. Endpoint Security for Business includes centralised management, file server protection, and the ability to defend any combination of Mac, Windows and Linux desktops and laptops.

BitDefender is another anti-virus product with strong Mac support, including Time Machine Protection which is designed to ensure Time Machine recovery still works in the aftermath of a ransomware attack. The company’s GravityZone Security for Endpoints is a business version which supports Mac, Windows and Linux managed from a central console.


When only Windows works

No matter how well a Mac integrates with Windows PCs, there are still times when users have to run PC software. There are essentially three reasons:

  1. The required software does not exist on the Mac. The long-standing dominance of the PC in business means that many applications have no Mac version available, including Microsoft’s Access, Visio and Project as mentioned above.
  2. The Windows version has additional features or works better than the Mac equivalent. If the application was born on PCs, vendors may not always port all the features, or it may integrate with other Windows software.
  3. There may be custom line-of-business Windows applications. These are often the hardest to work around, since they are likely to be critical to your business and the organisation may lack the resources necessary to port them, or not want to invest in recreating software that already works well.

In these cases, Mac users will need to run Windows. There are several approaches. One is to use remote sessions to Windows, either running on a desktop PC or using a server-based solution like Microsoft’s Remote Desktop Services. This is technically an excellent solution, since users can stay in the Mac environment while still running the software they need, but has some disadvantages. It requires the PC or server to be accessible over the network, which can be inconvenient for remote users, and needs careful configuration.

Another option is to run Windows in a virtual machine (VM) on the Mac itself. This solves the mobility issue, provided that the Mac is sufficiently well specified to run a second operating system. The main pressure is on RAM, with 8GB a sensible minimum.

There are several options for running VMs on a Mac, including Oracle’s open source Virtual Box, VMware’s Fusion product, and Parallels Desktop, now at version 12. The fact that Macs run on Intel CPUs, including VT (Virtualisation Extensions) support, allows these to perform well. You can install Windows, join it to a domain, and generally run all the same software that you would on a desktop machine, but remember that from Microsoft’s point of view it is a separate PC and must be licensed in the normal way.

Parallels virtual machine screenshot

A Parallels virtual machine is a complete and deeply integrated solution to running Windows software on a Mac.

Differentiation between VM solutions comes in performance, the level of integration between Mac and Windows, and in a business context, the management tools. Integration using Parallels Desktop 12, for example, is remarkable, going far beyond clipboard support. You can have Safari on the Mac open when you click links in Windows, for example, or have Internet Explorer open when you click links on the Mac. Windows applications appear in the Mac dock and applications menu. You can store and manage passwords in the Mac keychain across both Windows and Mac. Display support includes smart resizing, so resolution changes automatically as you resize the Windows application from the Mac desktop. These features are optional, so if for some reason you need a more isolated Windows environment you can configure this as well.


Cross-platform coding

Businesses creating new applications should consider a cross-platform approach, particularly in cases where there is extensive Mac and/or mobile use. Microsoft’s Visual Studio is now a one-stop solution for cross-platform coding, following the company’s acquisition and bundling of Xamarin tools. Other options include Java; using web technologies on the desktop via tools like Adobe Phonegap or its open source version, Apache Cordova; or building web applications.

Microsoft’s open source TypeScript project is a superset of JavaScript which adds static typing and other features. The thinking behind the project is to make large JavaScript programs more robust and maintainable. A further benefit is that it makes an easier transition for C# or Java developers. TypeScript is cross-platform and works well with Cordova. Version 2.0 of TypeScript has just been released.

The Xamarin option is especially attractive for Microsoft-platform developers since you can continue to work with C# or F# and .NET. A Mac is required for development, with the IDE being Xamarin Studio rather than Visual Studio. Xamarin’s recommended approach is to build the user interface in Apple’s Xcode and Interface Builder, while sharing non-visual code across Mac and Windows.

If you need a greater level of code sharing, another option is Mono Winforms, which replicates the .NET Windows Forms 2.0 API on the Mac using custom drawing. Applications have a Windows look and feel, but if the goal is simply getting an essential business application to run, this is a good solution.

Another option is the open source XWT project, which uses Gtk# alongside native Windows and Mac GUI frameworks in order to present a unified API across both platforms, while still using native controls in order to get the correct look and feel for each platform.

Xamarin Studio is licensed with Visual Studio, so if you purchase Visual Studio Professional or Enterprise edition, you get full use of Xamarin Studio as well.

Find Out More

To find out more about integrating the Macintosh into your business, see the Grey Matter website at Alternatively call 01364 654100 or email