Just wanted some opinion and advice on this.
We have been Using JAMF Pro to manage our Mac OS and iPad OS since 2017. We just had a change of management and the IT Head wants to implement Microsoft Intune to manage all devices including macs and iPads.
We currently use SCCM to manage windows devices and JAMF Pro for apple Macs/iPads
His idea is to get rid of both and just use Intune to mange all devices.
Can Intune do everything that JAMF can?
Any feedback on this would be appreciated.
I recommend using Jamf for macOS. It is far and away a better MDM, MAM.
Intune is a heavy-weight product that will give you headaches, lower your productivity, and keep you up at night. That is my real-life experience and time.
And to answer your question Intune cannot do everything Jamf Pro can.
No ability to connect extension attributes to smart groups to enable better more concise policies.
No ability to manage software updates or OS updates in a deferred fashion and also set end dates for users to install.
No ability to leverage Jamf Pro Mac Apps repository. You can use third-party sources like Intune Pckgr but Jamf has this built in!
No ability to create Prestage enrollments. Yes, you can use DEP with Intune. You cannot also leverage enrollment customizations.
Managing FileVault is more clumsy in Intune.
No ability to group computers or devices in smart groups.
No ability to scope policy to smart groups.
There is no URL-based user enrollment capabilities. Jamf is also improving this as I type.
No smart group capabilities. Intune has dynamic groups but they are far and way less configurable and useful.
Management of the laptop or iOS device is more robust and acts in a more real-time fashion.
The Jamf Pro flexibility is superior to Intune in policy creation, scoping, grouping, and targeting. And I think the use of the Jamf self-service is more useful and allows for more admin or engineer creativity.
Do not even get me talking about using Jamf Connect... :-)
Management also needs to realize that changing MDMs can be incredibly labor-intensive, aka 'touch all the things.' List every setting, app and restriction that Jamf has deployed across your fleet - what stops working once the device is unenrolled? If you deployed the org's wireless via Jamf, do those devices go offline? What's the workflow implication of having devices potentially unable to access internal resources for the amount of time required to change?
Intune is nothing but headaches if you're accustomed to Jamf Pro's functionality and polish.
For iPads it really does not matter, Intune is fine. However, for macOS you want to use JAMF. Microsoft is doing a horrible job at keeping up with changes in the macOS World. Things like Rapid Security Responses still aren't supported with Intune (iPadOS or MacOS) to give an idea of the investment MS has with MacOS.
If your plan is to push back, you will need to do it from a cost perspective. Make sure to point out the cost of training and retooling, as well as the fact you will need to reprovision your entire fleet (yes wipe and reload, don't listen to the sales guys). Also take an account of the automation you get with JAMF that you will lose with Intune, as well as any tasks that will take longer to perform with Intune. Make your employer know that in the long run Intune costs more than JAMF. If you need help with this, reach out to your JAMF reps, they don't want to lose the client and should help.
I was in the same boat 5 years ago. We had a change in management and he wanted to ditch Jamf from the moment he walked through the door on his first day....This is when MacOS support in inTune was in its infancy. To put it bluntly, it was dreadful.
App deployment was slow and clunky - you had to use a 'wrapper' on the installer packages before you could upload them to inTune. That process could take hours, of larger apps. Deployment could take hours to install really small apps.
No support for FileVault, Config profiles, VPP apps, pushing updates etc etc...
DEP workflows were pathetic as well.
I guess there have probably been a few developments with the product, over the years. But I haven't had any opportunity to revisit inTune and take a look - (not sure I would want to, TBH!)
I ended up leaving and moving jobs to a Jamf-focussed company.... and i've lived happily ever after...
No, it can't do EVRYTHING, at least not in the same way. I would say as a generalization, that if you have modest management needs and don't want to micro-manage and script heavily with complex MDM workflows, then Intune is probably good enough. The most appealing part of Intune is cost and unified vendor/invoicing if you manage non-Apple devices as well. You could consider Intune "free" if you have to pay for A3/E3 plans anyway. One thing that I think Intune does better than JAMF currently are OS software updates - with Intune you can "fire and forget" a policy. With JAMF, you still need to have a human click stuff on a regular basis.
Bottom line is: It really depends on your management size and workflows. But based on what you describe above, you probably have already licensed all your users for Intune, so from a cost perspective it's a tough argument. So you'd better have very specific needs instead to motivate the extra cost - which is pretty steep too.
It has gotten better, helping a friend with this now, but you are comparing JAMF with almost 20 years in the game to Intune with about 3, it's not as mature. if you spend more time around you will continue to hear about the single pane (mac admins call it pain) of glass. just trying to arm you as this will not be the last time you will have to deal with this