Musings

New IT Rules at the Office Prompts Me to Revisit My Mac Usage at Home

Corporate security rules can have deep impacts on home office setup.

JF Martin

JF Martin

— 4 min read
New IT Rules at the Office Prompts Me to Revisit My Mac Usage at Home
Image generated by Dall-E.

I started writing this article while tinkering with new rules imposed by the IT guys at work. These rules state that everyone must ensure that personal information is not stored on computers used for work purposes. The opposite is true: users must not store work-related data on their home computers. The problem is that I use my personal Mac mini professionally because my work computer, an old 2017 MacBook Pro, is slow and has a bad keyboard. Oops. I knew this was coming. The company is forced to impose this policy because of new provincial regulations regarding personal information protection. Let’s restate the rules I must respect or consider.

Mandatory rules to comply with

To guide my reflection about how I should tweak my updated work environment at home, I must comply with the following rules.

  1. No personal data must be present on the Mac used for my work. If I use my Apple ID to sign in with this Mac, iCloud Documents and iCloud Photos library must stay disabled.
  2. I must keep a stand-alone Mac for my creative hobbies (good at peak performance — it must be a Mac that includes a fan or, even better, a Mac Studio).
  3. I must limit the money to invest. Apple will announce new devices (Macs and iPad Pro) in the first half of 2024 and I’ll need to spend wisely.
  4. Accessing the latest macOS release would be useful (I depend on Freeform for my work).
  5. Having an Intel-based Mac allows me to run a Windows VM and get access to Microsoft Visio, which I need from time to time for my work. It’s a plus that I cannot get with an Apple Silicon Mac.
  6. My home office is also where I record my podcasts and my YouTube videos (usually done on the Mac mini). I must limit the physical reconfiguration of my workspace when I need to record a new episode.
  7. When running Windows, a TPM module 2.0 must be present or emulated.

Current setup at home and some facts

My home office while setting up a recording session for a YouTube video.
My home office while setting up a recording session for a YouTube video.

Now, let me share details about the devices I depend on for my creative work and professional life.

  • My main home computer is an M2 MacBook Air sitting on its stand on the right side of my desk.
  • Secondary home computer for more demanding tasks: M1 Mac mini sitting right in the middle of my desk.
  • Apple Studio Display connected to the M1 Mac mini.
  • An aging and rather slow 2017 Intel MacBook Pro with the dreaded keyboard provided by the company I work for. Only used when I go to the office downtown.
  • A 2018 11-inch iPad Pro on its stand on the left, besides the Apple Studio Display. I don’t use the iPad as much as I could. It could be removed to make some room (not shown on the picture).
  • An aging 2013 Mac Pro (Model 6,1) for use as my home lab, mainly for work-related activities.
  • An aging but perfectly fine LG UltraFine 4K Display connected to the cylinder Mac Pro (not shown on the picture).

Keep using my personal Mac mini

Next, I present the possible scenarios to meet the new office security rules.

It’s the cheapest solution that meets rule #3, but it goes against rule #1. In the long run, it’s not possible. The IT department will eventually deploy a device management software and push some utility on my Mac mini for management purposes, which I don’t want. Obviously, with this scenario, I’m trying to buy some more time to think about my strategy.

Use the 2017 MacBook Pro when working from home

It’s the cheapest option (rule #3). It’s probably the most obvious one. The MacBook Pro is for when I visit the office downtown about once a week. But to be workable, I need to rethink my device arrangement on my desk at home. My Apple Studio display is centered on my desk and connected to my Mac mini. On the right, the MacBook Air sits on its angled stand. I could use the MacBook Pro in clamshell mode with either the LG UltraFine 4K or Apple Studio display. The former poses an ergonomic problem by being positioned at the left. The latter would need to be disconnected each time from my Mac mini and connected to my office Mac. One thing is also clear: this 2017bMac must be replaced in the next 24 months. Finally, some apps I use on my personal Mac will need to be installed on this MacBook Pro because they are so helpful (Raycast, MacGPT, PopClip, CleanShots, etc.). This scenario allows me to run Windows and Visio (rule #5) via a virtual machine with VMware Workstation. It might be the best scenario.

Use my unused Mac Pro (Model 6,1)

This scenario requires a similar redesign of my home office desk setup but is also cheap (rule #3). I’ll need to plug in and use one of my unused webcams (probably the Logitech one). I won’t be able to take advantage of the latest release of macOS (Ventura being the last supported version for this Mac Pro) and won’t be able to use Apple Freeform. TPM 2.0 isn’t available on this Mac (rule #7). Finally, the company is considering providing virtual desktops to some employees, which would make the ability to use a virtual machine for Windows on the Mac Pro become unnecessary.

Buy a dedicated Mac mini with the M2 chip

The most expansive option breaks rule #3, but at the same time, it would help repurpose my aging M1 Mac mini for the office and use the new M2 Max Mac mini instead for my personal use. But I wouldn’t be meeting rule #5. Oh well. This scenario would be more acceptable if the company goes ahead with the Cloud PC thing. I’ll have to check with the IT department if a decision is due soon.

I’m still undecided as to what I should do. I’ll wait a little bit longer.🤫

Read more