Stay with JAMF Pro or switch to Kandji?

New Contributor III

I currently find myself serving the role of interim (it's a contract-to-hire role) IT director at a 300 person company.  There are three people in my department currently (however the headcount is currently at 2, with the 3rd person being a contractor who they'll only want around while we get the helpdesk under control).  The company is just now exiting their "startup phase" and trying to shift to a more structured corporate culture.


We use G Suite as our Identity Provider, we also have a grossly underutilized Okta implementation.  There are a handful of PCs (~10), but the rest of the endpoints are Macs.


Currently, we have a JAMF Pro instance (running on JAMFCloud) that is also grossly underutilized.  We have part of a prestage enrollment configuration set up, but it's still missing a few things.  We do not have anything else set up in terms of policies or profiles.  Our Self Service is somewhat of a joke.  The tl;dr of it is that our JAMF Pro setup is grossly under-utilized.  If we stick with JAMF Pro, I almost want to start it all over.


We're considering switching to Kandji.  The primary thing enticing me (other than the $1K per month in savings) is that it sounds like it will free me from having to be both a dedicated JAMF Pro admin and an IT director.  I have formal training in JAMF (I have the CCT for Casper 9, and 2018 JAMF 200 and 300 certifications for...well...2018 era JAMF Pro 10.  I haven't had hands-on experience with JAMF Pro since then.  While there's a ton of familiarity with it and while a lot of it is kind of like riding a bike, I'm absolutely rusty.


That said, I love and revere JAMF Pro.  I'm just not sure if, given both the nature of our staffing, and the nature of the company at its current state (and our G-Suite and Okta affinity) that we're going to be able to get JAMF Pro to where we want to be given that there are only going to be 2 1/2 of us for the foreseeable future; Kandji sounds like it fits the bill.


That said (and I seriously apologize for how long this is already), regardless we still want to deploy something like JAMF Connect to enable users to log in with either their Okta and/or GSuite credentials rather than a local account password, and we'll still use JAMF Composer for Package creation.


Thoughts?  Again, sorry about the length.  I didn't expect to find myself conflicted here.


Contributor III

I have no experience with Kanji.  The only advice I can give is that no matter what MDM solution you use, someone in the organisation will be the dedicated MDM Admin (unless you're going to outsource that workload.)  I would ask Kanji support for a 30 day trial to see what it can do, or for them to show you what it can do, compared to your current MDM platform.  Make them sell it to you.

Kanji would have to do everything Jamf can do + Automate a lot more of it.

It would also have to support your current iDP provider/s.

Whether it's Jamf or another MDM, someone will have to role up their sleeves and put the work in to learn the platform pros and cons.

At the end of the day all MDM platforms work off the back of the same Apple technologies and MDM framework.

It just depends how slick a new offering is over an existing platform.

Again, sales pages can sell snow to eskimos and so can sales reps.

Take any platform for a test drive and write down the observed pros and cons before making a decision.

If there are more pros than cons on the page, your decision should be easy.

Valued Contributor

You can set up G-Suite to provide logins on the Macs directly. There is an article on it in the G-Suite manual. I have not yet tried this approach, but will be testing it later in the year, when my workload dies down a bit.

I have to say, having used several different MDM solutions, and we still are using more than several here, that of them all I prefer JAMF. But whatever flavour of MDM you use, in my experience it will fall to one person to be the "expert" to manage it. However with the setup you have there it sounds like an opportunity to simply start fresh with JAMF and set it up how you want.
One more thing to look for in addition to the ones listed by @snowfox would be the support, and community support you will get from any of the MDM solutions. Where will your help come from, and will it be you sorting this out with suggestions from a place like JAMF Nation, or will it be support calls and waiting for the Zoom meeting?

Contributor II

Stay with Jamf and evaluate Kandji if you believe its best fit for your org.

  • You may also need to consider what added value Kandji is going to give you.
  • At the end of the day if you are not leveraging Jamf or Kandji to their optimum then you will not get that value from the solution.
  • Do not trust any sales guys
  • Make sure you have an MDM expert with you to either start from scratch on Kandji or enhance Jamf utilisation
  • Check what Cloud iDP Kandji supports
  • You may or may not find a community like this but we will be always here to help you