Scaling Mobile Device Management
Article Summary
Uber's Client Platform Engineering team faced a massive challenge: rolling out MDM to 20,000+ employees across hundreds of global offices where standard Apple enrollment wouldn't work everywhere.
The CPE team at Uber needed to supplement their Chef-based endpoint management with MDM to support new macOS security features. But global procurement realities meant some employees could use DEP while others couldn't, creating a fractured enrollment experience that threatened to leave thousands of devices unmanaged.
Key Takeaways
- Built UMAD tool to unify DEP and non-DEP enrollment workflows into one experience
- Enrolled 16,000 employees in 6 weeks, fixing 4,000 misconfigured machines
- Created Nudge wrapper to standardize OS updates across all macOS versions
- Reached 87% adoption of latest macOS within 90 days with zero support tickets
- Open sourced API-driven Chef cookbooks to manage MDM without hardcoded values
By building custom wrappers around MDM enrollment and OS updates, Uber achieved 92% MDM enrollment in 10 weeks and near-universal OS standardization with minimal support burden.
About This Article
Uber's macOS fleet had update problems across different device types. FileVault devices would time out during upgrades, T1 chips needed internet access at the LoginWindow, and T2 chips required a shutdown instead of a reboot. Munki couldn't manage these issues at scale.
Erik Gomez and the CPE team implemented Nudge, an open-source tool that handles macOS upgrades and minor updates. Instead of custom installation procedures, it links directly to Apple's binaries.
After 90 days of using Nudge, over 87% of Uber's systems were running the latest macOS version. The team received zero service desk tickets about upgrade failures.