My boss is looking for options regarding Mac MDM.
I am looking for a comparison of Intune Vs jamf for MacOS.
- As of 2021, what are intunes limitations regarding mac device management?
- What can jamf improve in mac MDM?
- What are the benefits of integrating jamf with intune for mac MDM than using intune alone?
There was a Microsoft Ignite about this a year or so ago. I found a reference to this here;
My take away from all of this is Intune will give you simple management, although my experience with Microsoft systems is they generly are very complex to do simple task.
JAMF + Intune will give you complex management with some interesting conditions access that Intune brings to the table. If you don't have a robust Intune deployment that you are currently using to Manage you windows devices I wouldn't consider using Intune to do simple management.
Intune is fairly new to the MDM management and they have a few issue to work out, and a lot of refinement.
That link is about a good basic overview as I have seen for a comparison. Although I think it is a little too kind to Intune. (I think Simple Management is generous for Intune and still would be considering Jamf). I also feel you "get what you pay for" with Intune. Most companies I have worked with look at Intune because they already get it included with M365 licenses they already pay for. Microsoft will say Intune is fine as an MDM for Macs, so CIOs & CFOs wonder why should they pay for Jamf licenses as well.
I posted this on the MacAdmins slack last week, so I might as well post it here as well...
I have used both Jamf and Intune (granted my Intune experience is mostly testing and validation.) Here are some of the limitation that I see immediately when I start to talk about Intune for Macs:
- Application Installation - Intune does not allow direct upload of .pkg files. You have to repackage the installer using a special tool. Also, reporting of installation success or failure is very limited. Be prepared to see a lot of failures unless your installation packages are pretty simple. (I have heard that people have looked at Munki to support application installation if they are forced to use Intune)
- Extension Attributes - Intune has recent introduced their own version of Extension Attributes, but they are very limited
- Scripts - Same as EA’s, you can run scripts through Intune, but their usefulness is limited. You can only get output one time, regardless of how many times the scripts run.
- Enrollment - Microsoft is VERY behind on updating their Automated Enrollment profiles. If you use any form of MFA for your users, you would have to disable it for enrollment via ADE. Intune does not have the Enrollment customization that Jamf has. The other option is a non-authenticated enrollment and have the users log in to Company Portal after enrollment.
- Computer do not check in very often (every 8 hours I think.)
- Most “scoping” is user based. For example, you can not scope an Application to be in Company Portal (for user installation) to a group of computers. You can only use user groups. (You can, however, automatically install applications to computer groups.)
- No Restricted Software. No Patch Management built in. Most of what you configure in a Jamf Policy does not exist in Intune.
Though, to be fair, Intune does have some really nice integration with Office & Edge management.
In all honestly, i would have a hard time recommending anyone going to Intune for macOS management at this point. I feel it would be a such a struggle and require some much effort, any cost savings would be negated by the extra management effort. (Now, using Intune for compliance management in conjunction with Jamf is pretty slick.)