Welcome to vendor lock-in.
Does OS X have a built-in equivalent to group policy that will centrally manage the hardware settings of the computers, and the software settings of the users, or centrally manage the IPSEC policies of all the machines on the network?
Yes, down to the devices and software they can use, and it'll even work if the user has a disconnected laptop. Remember, this is UNIX. It even automates creation of custom images for your clients and will install them over the network (with a filter to make sure images go to the right hardware). It will net boot all your clients, for example if you're running a classroom and don't want anybody touching the local OS. It runs software update server with local cache just like Windows.
MS didn't do it (unless they managed to bribe all the developers). That's the only platform that software that met the specs we needed was available on. And I'm still waiting on the open source Exchange Killer app.
It’s starting to sound like it’s cheaper as long as you can convert virtually everything to Mac/*nix. If you have to keep enough Windows OS’s to need centralized management then you have to buy it for both. If that’s the case, what’s the big advantage to being able to run Windows on the Mac if it’s only cheaper if you don’t run Windows at all?