(Re)install Mac OS and install default needed apps

Solution 1:

I'd recommend looking into an MDM system, that is the way Apple expects fleets of Macs to be administered. There is a bare-bones version available in Apple's Server app, but there are also commercial solutions from companies like Jamf, Mosyle, or Cisco's Meraki.

With an MDM system you can have settings (including VPN and email) and application installs based on the individual machine or user, or groups of machines or users. Any changes you make are pushed over the network.

When a new person comes on board, you should be able to just wipe the old employee's device, give the new person a user name and password and let them go through the Apple system setup, which for a managed device includes any settings you have defined for that user or device.

Anything available in the App Store is easy to manage, Apple has a volume purchase program that allows you to assign App Store apps to either machines (no Apple ID required by user) or to the user (the user will need an Apple ID). It looks like Apple is going to start offering managed Apple IDs for businesses in the near future.

The commercial MDMs usually have a solution for non App Store apps, but I think Adobe Creative Cloud can be a problem for MDM systems (you may not be surprised to hear that). The solution for me has been to move to CC for Teams which gives you a admin account and a license pool that you can assign users to and then Adobe sends them an invite to install the software. It is more expensive, but is the best option for managing CC licenses in a business.

Getting setup with an MDM can be a little involved, but the commercial MDM providers should be able to assist you with all of the steps.