Mac-First Environment, Windows-First Tools

Solv operates with a remote workforce and little to no on-premise infrastructure. It’s a small physical footprint, but a massive online presence serving urgent care providers across the country. Jake manages it all solo: 81 full-time employees, with a strict regiment of HIPAA requirements, SOC 2 audits, and partner compliance assessments to manage too.

Before Jake, Solv wasn’t using an MDM solution at all; everything ran through Google Workspace with manual processes. So Jake implemented Hexnode MDM to put some basic device workflows in place. And while Hexnode worked, it was built for a different world than the one Jake was dealing with.

"Hexnode was definitely more geared towards a Windows environment," Jake explained. "The feature set was much more Windows-heavy versus what the Mac offerings were."

A perfect example: macOS update management. "You could either prohibit or allow macOS updates. That was it. There was no major updates, minor updates, deferment, anything. That granularity wasn't there before.”

For a company whose devices were 95% Mac, that amounted to a fundamental mismatch. Jake needed the ability to get specific and defer major OS updates while allowing security patches, critical for testing compatibility with Solv's other products before rolling out changes. 

The Two-Vendor Problem

Hexnode also didn't include what some vendors refer to as “privileged access management”: the ability to regulate admin access on devices while still allowing users to elevate permissions when needed.

"I had to use a separate vendor called BeyondTrust, formerly Bomgar," Jake said. Again, the product was solid, but he ran into a similar issue. "It was geared more towards Windows users, not Mac users."

Managing two separate vendors for MDM and privilege management meant double the portals, double the overhead, and gaps in the overall experience for Jake and his users. 

It also led to acute pain points. When Jake's users forgot their local passwords on their Macs – which happened frequently, as people got used to logging in with Touch ID – the process to recover access was hugely annoying for Jake to manage. 

"When somebody forgot their password to their local account on the Mac, it was beyond a nightmare to get them back into it with those two solutions in place, Jake said.”

For an IT director wearing every hat — compliance, vendor management, daily operations — every inefficiency compounds.

Jake Frese

Director of IT

Mac-First MDM

Jake evaluated Rippling IT with two clear criteria: better Mac compatibility and built-in access management. What he found was a platform that could replace two vendors with one unified solution, even solving some problems that he didn’t realize he had. 

First came the higher degree of control over macOS updates.

"The update granularity control for macOS – Rippling now allows me to defer major macOS updates for up to X amount of time, which helps me test them out to make sure that our other products are compatible," Jake explained.

And that granularity has helped from a compliance standpoint as well. "The Rippling update mechanism does not let people defer forever. You get to a certain point where you have to update your device, and that's been huge in regards to compliance, because in the past, we've had some stragglers who wouldn't update their machines for a year or so. That’s a thing of the past now.”

With Hexnode, it was all-or-nothing for Mac. With Rippling, Jake could enforce security while maintaining operational flexibility.

Consolidated Access Management

By moving to Rippling, Jake eliminated the separate Beyond Trust solution entirely. Rippling's built-in identity & access management capabilities do exactly what he needs them to do: set a standard baseline that allows for easy elevation and logs it all for compliance.

"By default, every user on the machine is a standard user. And there's no way for an end user to roll their user to a power user," Jake said. "But it does allow them to easily elevate permissions whenever they need to on the device, with a caveat that everything they do is logged for my purposes."

Those readily available logs are a critical time-saver come audit time. "I want people to be able to do that kind of thing, but I also want to be able to report on it. Rippling logs those activities, which makes that easy to report on."

Two vendors became one, with a solution set that worked better for the Mac-heavy environment 

Manual → Automated

Remember the "beyond a nightmare" password reset process? Gone.

"A huge benefit to me with Rippling has been Rippling's availability to communicate with the device as long as it's online," Jake said. "Because that allows me to reset someone's password if they request it, if they just can't get in."

Now when someone forgets their password, Jake just tells them to make sure their laptop's online. "Boom, I'll help you through Rippling."

"I know this sounds ridiculous, but that has been a huge time saver for me," Jake said.

The level of administrative management that you can do on a machine through Rippling has made my life that much easier.

Jake Frese

Director of IT

Beyond that, Jake says he’s found Rippling much more polished when it comes to Apple Automated Device Enrollment.

"Device enrollment, especially on the Mac side – the Rippling solution is just a much more smooth experience, in my opinion."

Policy enforcement got easier too. "I have a couple of Wi-Fi policies where I can assign SSIDs that the devices can automatically attach to once they're present within the area. That was really easy."

Application deployment transformed for the better as well. "I've got Slack, Zoom, OnePassword configured during the enrollment process for Mac devices, and it has worked every time. Those applications, the updates are managed via Rippling. So our users don't have to worry about 'my Zoom has to update, but I need to get on this important meeting and now it's broken.' It's already being handled and managed on the back end by Rippling."

HIPAA, SOC 2, and the Daily Visibility That Matters

Solv operates in a heavily regulated healthcare environment. They're both HIPAA and SOC 2 compliant and subject to regular partner security assessments. Compliance audits are an outsize part of Jake’s responsibilities.

To get a sense for where his environment stands, he checks his devices dashboard within Rippling IT on a running basis. 

"One of the things I do daily is I check out the device list and I look at which devices are showing green status – online and compliant – versus yellow status," Jake explained.

Green means good. Yellow means… time to ask a few more questions. "I need it to be easily accessible to me so that way I can report on it, collect evidence if I'm in the middle of an audit. And the Rippling portal provides me that easy access."

He’s able to enforce and monitor device encryption at all times. 

"Device encryption is a huge one. There's a multitude of reasons why people might not want their device to be encrypted," Jake said. "With Rippling, it's not negotiable. It's just always on. And then I get reports or I get alerts if it's somehow turned off."

It’s much the same with privilege logging, which he’s now able to do through the same view in Rippling instead of using a separate software. And that makes compliance documentation all the more convenient come audit time. 

Last year’s SOC 2 report drew heavily from Rippling, from the device management side of the platform on down to the Learning Management modules.

"A lot of those courses, our partners want to see that we are actually having people take them once a year.” 

Jake can pull up one user and see if they’ve completed their mandatory coursework, their device encryption status, and whether SentinelOne is running properly on their device, all from the same place.

Everything they do is logged, and that was huge in regards to the reporting I needed to do for SOC 2, because in Rippling, it gives me all one portal to get it all.

Jake Frese

Director of IT

Finally, Rippling gives Jake an easy-to-use killswitch for a worst-case scenario: a device getting lost or stolen. 

"I know that if that device is stolen, it's enrolled in Apple Business Manager. It's assigned to us. It's encrypted. It's trackable. I can remotely lock it with Rippling. I can report on it," Jake explained. 

“I know not just anybody's going to be able to crack it open and start going through Solv data. I'm confident because we have these policies and this mechanism set up through Rippling, where I've already tested it myself. That’s huge for peace of mind.”