Apple MDM Cost Savings Calculator

Calculate the value Kandji delivers by helping you secure your Apple fleet and create a great user experience on all devices.

General Details

Number of Mac computers¹

Average platform engineer salary² $

Employee Onboarding

Employees you expect to onboard over the next year

Percentage of new computers you will deploy with no physical touch³ %

Average time to configure a Mac computer for a new employee⁴ min

Configurations and Hardening

Benchmark that is closest to your desired security posture⁵ Read about CIS Benchmarks to learn more.

CIS Level 1 CIS Level 2

Patch Management

Total number of apps that your employees need for work on Mac⁶ Example: Zoom, Chrome, Adobe, Slack, Docker, 1Password, see more apps here. apps

Enforcement window for patching critical software vulnerabilities⁷ days

Enforcement window for OS updates to macOS⁸ weeks

Initial Savings

To bring devices into desired state for security, software patching, and management.

Annual Management Savings

To maintain desired state for security, software patching, and management.

Annual Support and Troubleshooting Savings

Cycles spent waiting for support and problem solving.⁹

Total Year 1 Savings

Learn more about the methodology and the inputs that power the calculations.

METHODOLOGY

To streamline cost calculations when there are a multitude of variables and differences unique to each situation, we use certain conservative assumptions as a baseline before factoring in inputs. Those assumptions are based on industry averages, data from Apple platform engineers, and interviews with customers of other MDM products. Our calculations also assume that your company is either building or is maintaining a mature security program, manages all devices, and patches all software, while striving to provide a good employee experience on Apple devices.

Total costs do not take into account the potential costs of failing to maintain a strong security posture, which is beyond the scope of this calculator.

The questions and inputs provided in this calculator assume that your organization is using an MDM solution that does not provide the many automations, prebuilt workflows, and employee experience components that are built into Kandji.

How and why various inputs in the calculator affect the total cost:

1.
The number of Mac computers (or a percentage of the total) is used with other outputs from the calculator. This is an input to costs or activities that scale based on the number of computers.
2.
The annual salary is converted into a cost per hour. This is multiplied by other outputs from the calculator to feed into the total cost.
3.
This percentage is multiplied by the number of new computers projected to be deployed in the coming 12 months. Each new computer that the IT team has to physically interact with takes additional time and shipping expense. This step allocates a $20 shipping cost and additional 20 minutes of labor for the handling and logistics.
4.
This step multiplies the cost of a platform engineer’s time by the time it takes to configure a new computer. The product is multiplied by the number of new computers that will need to be deployed.
5.
There are over 90 security controls for Mac that match to corresponding CIS Level 1 and CIS Level 2 benchmarks. 40 to 50 of these cannot be enforced via Apple’s MDM profiles. This step takes into account the initial time it would take to find the appropriate controls for Mac to meet CIS Level 1 or CIS Level 2, and to test and deploy the scripts or profiles needed. For ongoing cost, this calculator assumes you enforce 70 percent of the selected benchmark’s controls, and that it would take several hours of a platform engineer’s time every month to check on these and take action where needed.
6.
Most Mac apps that employees use at work are updated at least once per month and should be no more than 2 to 4 weeks out of date. A mature app-patching system must have package hosting, QA, end-user messaging on Mac computers, and update enforcement within the given deadlines. This calculator assumes a platform engineer is using a mix of third-party tooling and scripting to enable these updates. The initial build time for this is several weeks with an additional 30 minutes added for each app to be deployed. An ongoing time commitment of 1 hour for QA and implementation is calculated for monthly app updates that need to be rolled out.
7.
The calculator assumes that each app you have may need one critical update per year. Critical updates require additional implementation time to make the update available and enforce it across the fleet in an accelerated time frame. The calculator uses a range of 2 to 3 hours of additional implementation time when there are critical updates.
8.
The calculator assumes 12 macOS updates per year and that 1 hour is needed to deploy updates and 15 minutes for communication with any users who do not upgrade within given deadlines. This calculator assumes a platform engineer is using third-party tooling to QA and then deploy each OS update. MDM commands on their own can enforce updates most of the time, but rolling out a forced OS upgrade solely via MDM commands risks a negative employee experience and inconsistent results. A mature OS update program will not only automate the updates and upgrades, but also handle end-user messaging—providing intelligent prompts that let users delay updates while eventually enforcing it. It must be flexible enough to work with a user while keeping them compliant.
9.
Device management involves working with systems that are interconnected: Apple’s MDM protocol, operating systems, devices, configuration profiles, scripts, third-party apps, identity providers, integrations, and more. Those many moving parts can make troubleshooting tricky, and make it challenging to discover the best way to accomplish an organizational goal.

Common practice for MDM vendors is to connect customers to tiered support teams with SLAs, which can let hours of time slip by before those customers get a response. Anything beyond the most basic questions must typically be escalated to higher tiers. All of this adds to operational overhead. Kandji support engineers, on the other hand, are all expert-level Mac admins and platform engineers.

Cost savings for this category are calculated based on a baseline of 18 support interactions per year that scale with the number of computers, and 50 minutes saved with each. Time savings come from Kandji’s average 2-minute response times 24 hours a day, 5 days a week, and by getting help and advice directly from experienced Apple platform engineers—such as Kandji’s support engineers.

Share the results

Get a link to this page with all your inputs in place, or download PDF.

Copy Sharable Link Download PDF

Time and Effort Assumptions

Section	Item	Initial Time (hrs/year)	Annual Management Time (hrs/year)
Configuration & Hardening	Hours to Build CIS Level 1	48	28
Configuration & Hardening	Hours to Build CIS Level 2	60	35
Patch Management	Hours to Build App Updates	120	20^* x each app
Patch Management	Hours to Build Mac OS Updates	24	5^** x each update
Support & Troubleshooting	Hours for Support Tickets		18^***

* Assumes flat rate of 20 hours for each App, independently from the number of Apps updates x year

** Includes time to follow up with non-compliant employees. Assumes 12 OS updates / year

*** Assumes flat rate of 18hrs for support tickets per year, These may vary, based on number of systems, number of employees and number of apps

Methodology

Total costs do not take into account the potential costs of failing to maintain a strong security posture, which is beyond the scope of this calculator.

How and why various inputs in the calculator affect the total cost:

The number of Mac computers (or a percentage of the total) is used with other outputs from the calculator. This is an input to costs or activities that scale based on the number of computers.
The annual salary is converted into a cost per hour. This is multiplied by other outputs from the calculator to feed into the total cost.
This percentage is multiplied by the number of new computers projected to be deployed in the coming 12 months. Each new computer that the IT team has to physically interact with takes additional time and shipping expense. This step allocates a $20 shipping cost and additional 20 minutes of labor for the handling and logistics.
This step multiplies the cost of a platform engineer’s time by the time it takes to configure a new computer. The product is multiplied by the number of new computers that will need to be deployed.
There are over 90 security controls for Mac that match to corresponding CIS Level 1 and CIS Level 2 benchmarks. 40 to 50 of these cannot be enforced via Apple’s MDM profiles. This step takes into account the initial time it would take to find the appropriate controls for Mac to meet CIS Level 1 or CIS Level 2, and to test and deploy the scripts or profiles needed. For ongoing cost, this calculator assumes you enforce 70 percent of the selected benchmark’s controls, and that it would take several hours of a platform engineer’s time every month to check on these and take action where needed.
Most Mac apps that employees use at work are updated at least once per month and should be no more than 2 to 4 weeks out of date. A mature app-patching system must have package hosting, QA, end-user messaging on Mac computers, and update enforcement within the given deadlines. This calculator assumes a platform engineer is using a mix of third-party tooling and scripting to enable these updates. The initial build time for this is several weeks with an additional 30 minutes added for each app to be deployed. An ongoing time commitment of 1 hour for QA and implementation is calculated for monthly app updates that need to be rolled out.
The calculator assumes that each app you have may need one critical update per year. Critical updates require additional implementation time to make the update available and enforce it across the fleet in an accelerated time frame. The calculator uses a range of 2 to 3 hours of additional implementation time when there are critical updates.
The calculator assumes 12 macOS updates per year and that 1 hour is needed to deploy updates and 15 minutes for communication with any users who do not upgrade within given deadlines. This calculator assumes a platform engineer is using third-party tooling to QA and then deploy each OS update. MDM commands on their own can enforce updates most of the time, but rolling out a forced OS upgrade solely via MDM commands risks a negative employee experience and inconsistent results. A mature OS update program will not only automate the updates and upgrades, but also handle end-user messaging—providing intelligent prompts that let users delay updates while eventually enforcing it. It must be flexible enough to work with a user while keeping them compliant.
Device management involves working with systems that are interconnected: Apple’s MDM protocol, operating systems, devices, configuration profiles, scripts, third-party apps, identity providers, integrations, and more. Those many moving parts can make troubleshooting tricky, and make it challenging to discover the best way to accomplish an organizational goal.
Common practice for MDM vendors is to connect customers to tiered support teams with SLAs, which can let hours of time slip by before those customers get a response. Anything beyond the most basic questions must typically be escalated to higher tiers. All of this adds to operational overhead. Kandji support engineers, on the other hand, are all expert-level Mac admins and platform engineers.
Cost savings for this category are calculated based on a baseline of 18 support interactions per year that scale with the number of computers, and 50 minutes saved with each. Time savings come from Kandji’s average 2-minute response times 24 hours a day, 5 days a week, and by getting help and advice directly from experienced Apple platform engineers—such as Kandji’s support engineers.

INITIAL SAVINGS
To bring devices into desired state for security, software patching, and management.	$
ANNUAL MANAGEMENT SAVINGS
To maintain desired state for security, software patching, and management.	$
ANNUAL SUPPORT AND TROUBLESHOOTING SAVINGS
Cycles spent waiting for support and problem solving.⁹	$
TOTAL YEAR 1 SAVINGS	$

Apple MDM Cost Savings Calculator

General Details

Employee Onboarding

Configurations and Hardening

Patch Management

Cost Savings Calculator

ASSUMPTIONS

RESULTS

Time and Effort Assumptions

METHODOLOGY

Share the results

Time and Effort Assumptions

Methodology

General Details
Number of Mac computers¹
Average platform engineer salary²	$
Employee Onboarding
Employees you expect to onboard over the next year
Percentage of new computers you will deploy with no physical touch³	%
Average time to configure a Mac computer for a new employee⁴	min
Configurations and Hardening
Benchmark that is closest to your desired security posture⁵	CIS Level
Patch Management
Total number of apps that your employees need for work on Mac⁶	apps
Enforcement window for patching critical software vulnerabilities⁷	days
Enforcement window for OS updates to macOS⁸	weeks