Using JAMF Pro with a separate MDM solution

Jae
New Contributor III

Hey all,

How can we utilize JAMFs features with another MDM solution (airwatch) installed on a mac? Just want to use the JAMF binary to install software if possible.

9 REPLIES 9

alv2015591
New Contributor III

First why would you want to use AirWatch over Jamf Pro ( as a former AirWatch customer) the product suites are Night and Day. Even if you chose to use AirWatch only for IOS the feature set for Jamf Pro vs AirWatch is superior. Either way its your call but why negate the power of the JSS to use MDM command from another MDM. You can be enrolled in as many MDMs as you want BUT you can only do DEP/ASM from one of those MDM's. Which means in all versions of Mac OS After 10.13.5 you will have to Approve the additional MDM Profiles for which ever MDM is not Registered in DEP/ASM. If you need more clarification email me Alvin.bridges.iii@mesacc.edu

Jae
New Contributor III

Thank Alvin,

We are not allowed to remove the AirWatch MDM from these particular machines but I am able to implement the JAMF profile if I can. I was under the impression that you can only use 1 MDM per machine.

blackholemac
Valued Contributor III

this type of setup is only going to get more difficult given Apple’s ever increasing macOS security.

It used to be that there was a healthy way to be able to use both, but given the demise of imaging, T2 security chips, heavy emphasis on DEP, it may be that one day we get to the point where app installation and settings management becomes the exclusive purview of an MDM InstallApplication command or mobile config profile. With App Store apps, we almost are there.

Essentially it becomes hard to decouple MDM management functions from your package and policy repo. We aren’t there totally yet, but we get closer with each os version release.

zachary_fisher
New Contributor III

If you want to just install software why not get munki?

ferrispd
New Contributor III

I 100% agree with Alvin. We are using JAMF and now some execs want us to test out using AirWatch/Workspace One. Not to get rid of Jamf (yet), just to add to the long list of security/management agents running on our stuff.

After doing this POC for 3-4 weeks, I can say that JAMF is in a whole different league that Workspace One. No competition. There are some additional features in Workspace One for collecting data on the users and what they are doing. There isn't a reasonable business case for us doing that. Jamf is a great balance of function and security without becoming a jealous spouse stalker type of app.

I have also seen that the two MDM profiles do not work well or even install together on a device. So yes, they do need to pick one.

wyip
Contributor

If you're stuck with AirWatch, you should just look into setting up Munki for installing applications. It's a supported configuration by VMware. so it'll save you from the headache of trying to make these two solutions coexist, and it'll save your company on licensing too.

jared_f
Valued Contributor

I agree with all the above. I would bring this argument back to management: you are paying a Jamf license & an AirWatch license for one device. That is double the money for what one of those can do... in this case Jamf Pro... much better than AirWatch.

Jae
New Contributor III

I appreciate the input.land I agree 100% with the arguments of using JAMFs MDM. In this situation we can’t change it over so we are looking to see if the option is available with JAMF to work without the MDM profile. Would this be the same as an unmanaged client or a bring your own device config?

alv2015591
New Contributor III

The Jamf binary will work without MDM commands but the combination of the two is what makes the JSS So powerful. No matter what the reason is you can't remove Airwatch from the devices you can install the jamf binary and have that level of control of the devices but to truly manage them your going to have to choose one MDM over the other. Something of note Airwatch has 0 security features that Jamf does not already implement. Jamf is the MDM Apple uses to manage the Macs in their own enterprise. No product has more integration with IOS & Mac OS from a security perspective from then Jamf. You should have your security folks ( who I am assuming are the ones making the mandate do a demo and ask all their questions.). If you can do it in airwatch you can do it in Jamf easier and faster.