Posted on 12-04-2023 03:29 AM
I work for a small organisation with a dozen or so Macs and a couple of Windows machines. I think it's likely we could go all Mac soon as I hate having the mix.
I need the facility to remote lock/wipe if a device is lost or stolen. I know that there is functionality in the AppleID but use of the AppleID is not universal. Most devices we own but some are BYOD.
Our MSP is pushing us hard to adopt Intune which means a licensing uplift and a 'project cost' to set up the policies. We already have patch management through NinjaRMM.
I'm thinking we could just use Jamf Now, licensed at $4 per device per month. Even if the MSP doesn't want to manage it, I could manage it myself.
Does that sound like a sensible suggestion?
Posted on 12-04-2023 05:38 AM
JAMF Now is not really an enterprise product, but it masquerades as one. Moving from JAMF Now to JAMF Pro is the same process as moving from Intune to JAMF Pro down the road. I would wager your MSP is more familiar with MS products and in turn Intune, and they only want to manage one platform for both your Windows and macOS environments.
If you guys have 50 Apple devices (iOS, macOS, tvOS), absolutely force your MSP to JAMF Pro. If you have less then 50 devices, let your MSP do what you are paying them for and stay out of it. Ultimately its their problem to figure out how to manage macOS with Intune, which is not a pleasant experience.
Posted on 12-04-2023 12:11 PM
You may consider reaching out to an MSP that is well versed in managing Apple devices. As an MSP, we see far too often clients who have struggled with getting the right support and services from their MSP because the MSP wasn't willing to invest in the skills, or they were less than transparent about their skills, and figured "how hard could it be?". A good MSP owes their clients the right tools and services, and if they don't play in the Apple sandbox, they have an ethical obligation to tell the client they're not really skilled in this area. Pushing for Intune, especially if you say "it's likely we could go all Mac soon", would be the square peg in the round hole.
Jamf Pro is, hands down, the best solution for Apple management, but without the right skills, your Apple experience can/will suffer. Those skills could be something that you, Welma, bring to the table, or your MSP, but experience with Jamf Pro and Apple management are the keys to success here, not the tools.
I know that there is functionality in the AppleID but use of the AppleID is not universal. Most devices we own but some are BYOD.
This statement already speaks to the familiarity, or lack thereof, in managing a fleet of Apple devices (even if the fleet is 10 devices). Apple ID is not the solution for company-owned or BYOD lock/wipe workflows. For the BYOD devices, I'd venture a guess that those devices are not managed with Account Driven User Enrollment, so the Apple ID's you think are helping are going to cause a mess down the road. BYOD has matured nicely over the past few years, and doing it the right way can be challenging.
If your current MSP does not have the expertise to help with your Apple devices, find an MSP that can. The Jamf Partner page has a filter for MSPs, and you can also leverage Apple Consultants Network locator. My company is on those lists, but make your own informed decision. Fee free to DM me if you need a brain to pick!
Posted on 12-04-2023 01:40 PM
To add to @B_Hanson's response. . .
Another consideration for you will be that with a dozen or so Macs, you're likely under Jamf's minimums for purchasing direct (which is 25 IIRC). So if you're set on Jamf Pro, leveraging a Jamf MSP may well be your best path. And in many cases, they can provide the Jamf licensing and administration as part of their monthly service (though each MSP handles this in their own way). Additionally, a Jamf MSP should be able to look at your environment holistically, looking not just at your management needs, but security, networking, etc as well.
The Jamf Partner page is one place to start, but note that many Jamf MSPs are not listed there. The Apple Consultants Network locator is another great place to start, as it does display a company's Jamf certifications - which should reflect their level of Jamf expertise.
Best of luck.
Posted on 12-04-2023 04:22 PM
@wildfrog Excellent point on the license minimums, that's how we do it (no minimums, include licensing as part of the service). Also, an ethical MSP will "detach" itself and assist with the administrative transfer of the server if your organization eventually meets the minimums and you want to take everything in-house (ie, a small startup that has grown and onboarded a capable IT team), which means you don't need to setup everything and re-enroll devices into a different MDM. Not all MSP's are able to do this, particularly those who spin up their own Jamf servers vs Jamf Cloud.