Correct way to provision multiple laptops?

I work as a Linux system administrator but I also wear many hats. One of those hats is Apple laptop provisioning and maintenance.

In my naiveté with the Apple Way of doing things, I've been using the same Apple ID to provision new laptops. This has caused some problems, such as users not being able to perform software updates on their own laptop.

Using a separate apple ID for each laptop is untenable: it doesn't scale, isn't manageable, and is tied to users (i.e. owned by people), not to a central, shared management resource. Which is why using the same Apple ID made sense to me.

What is the recommended way to provision and update multiple laptops?

EDIT: I realized that this question doesn't quite address my real concern, which is the initial provisioning of Macbooks.

  • Does the Apple Volume Purchase Program help with intial "imaging" of laptops?

  • How is imaging and initialization of laptops handled in the Apple world? Does Apple have tools for this or third parties are better?

  • How do people handle the installation of required software and then hand that off to end users? I want my end users to perform their own updates. Does VPP do this? (Example: I build a laptop with software XYZ on it, but I don't have access to the end user's Apple ID to install it, so I install it with my corporate Apple ID. How does the end user then update package XYZ?)

I am primarily a Linux sysadmin, so this whole notion of having software maintained by an actual person vs maintained by a system user seems bonkers to me. So that's where my disconnect is.

Linux example:

  • Root installs package XYZ via Apt or Yum. The packages come from a package repository which is similar in many respects to Apple Store.

  • Root is a system user

  • Root access is granted to a real user. But there's no direct tie between the actual user, the system, and the package repository. i.e. Any user with root access can install and upgrade any package on the system. You never get these Apple messages that the wrong Apple ID was used to install software XYZ and you can't upgrade it.


The Apple suggested solution is to use volume purchase and let your users manage their AppleID and you manage the licenses.

  • https://www.apple.com/business/vpp/

There is a program for business and another for education. Past that, you might use MDM like jamf now to push those codes to the Macs and manage them remotely for security, password compliance and data protection.