Outgrowing Jamf Now

New Contributor
Hi, Curious for recommendations for our fleet of ~50 Mac devices. We're currently using Jamf Now which is great for enforcing basic security policies, but we are staring to outgrow it. Specifically in terms of what we are looking for: Support for Apple VPP. We are using that now via. Jamf, I noticed Fleetsmith surprisingly does not support this - this is probably a dealbreaker unless there are workarounds? Better security features, including ability to automate/enforce OS and software updates, logging/alerting on security events (authentication etc.). We are already doing malware detection so that is not necessary. Ability to deploy custom packages, scripts & resources (fonts come to mind here) as necessary. Reporting/Alerting/Automation - we don't have an IT team, I'd love a simplified view of which machines are in compliance and which need follow-ups, in addition to anything else which makes administration easier. Any integration with email/slack for messaging users would be a positive. Straightforward migration experience. Ideally our end-users would just need to install the application and thats it. We are G Suite users so any integrations here would be interesting, but not essential. I like how Fleetsmith can import your user list. Mostyle's login window sounds interesting, but some of the feedback I've seen indicate it can be problematic? (MFA requirement, confusing to users etc.) The other thought I had, and not sure how viable this is, would be to look for something which offers some of the security features I'm looking for and upgrade to Jamf Now Plus (?) - that would fill most of our short term needs, and would save migrating users/devices. Thanks in advance for any recommendations!

New Contributor II

Jamf Pro would satisfy that. But you really should to try multiple products to make an informed decision. Some products integrate with some MDM products.  Example being Okta and Jamf Connect. Just remember regardless of your choice you will have to unenroll your current devices and re-enroll to the new system. If you don't have time or headcount for that, hire a consultant and go from there. Also pro-tip don't make MFA an option to disable, rather find a way to make it work to your advantage (again consultant might be the best route). You can get really screwed without it. Plus NIST and compliance usually requires it regardless of what your bosses prefer.