Jamf Pro vs Intune

New Contributor II

Hello All!


Looking for some advise from anyone who has had experience with Microsoft Intune for macOS MDM.  I feel every organization gets the question, "Why are we paying for Jamf when we could use Intune?"  Well that conversation has finally come around at my organization.  Everything I am reading and heard from others screams don't drop Jamf Pro for Intune, but looking to get some specific reasons why.  Anything that could be shared regarding this would be awesome!


New Contributor III

Quite frankly, Intune can't manage even 10% of what Jamf Pro does on Macs. Period

Legendary Contributor III

The biggest drawback to products like InTune is that it treats Macs as if they are iOS devices, meaning it really only does MDM related stuff. Now, granted, Apple has added a lot of capabilities over the years to what pure MDM can do, now even able to install applications, but it's still a lot more limited than what you can do with a product like Jamf Pro, that came from, and was designed during the legacy macOS management days. So things like custom packages, scripts and script parameters, Extension Attributes and lot more is possible, some, or all of which may not be possible using InTune.

When we were pushed on this about a year and a half ago, I did a comparison document that helped quell this discussion. I can't post that here because it's a company document, but I can tell you a few of the findings from it. I can't say if any if this is still accurate, since I haven't had the need to revisit this, thankfully. It's possible Microsoft added some capabilities to the product since then.

What I found at the time was:

  • Limited support for custom Configuration Profiles compared to Jamf
  • Limited scripting support. It can run scripts, but getting the script output more than once was complicated or not possible.
  • Packages had to be repackaged with a wrapping tool from Microsoft to get it into an .intunemac format (cannot use straight up .pkg's from vendors)
  • Check-in frequency of devices was limited to every 8 hours, as opposed to Jamf Pro, which can be configured for as little as every 5 minutes.
  • Scoping was only available to Users and User Groups, not Computer Groups
  • Enrollment customizations were limited compared to Jamf Pro
  • Extension Attributes were limited (I can't recall now exactly how they were limited, but I remember finding it lacking compared to Jamf Pro)
  • NO script parameter support
  • NO Restricted Software capability
  • NO complex policies (think chaining policies together using custom triggers)
  • NO custom triggers for any deployments
  • NO Patch Management functions

Again, you'll need to do some research to figure which of the above items is still true today, but hopefully this gives you something to work off of.

Good luck!