Work wants to replace Jamf Pro with Intune

tenukenol
New Contributor

We currently use LANDesk/Ivanti for Windows management, but they're moving towards Intune. With that, they want to have one MDM for all devices. In the meeting I was just in, I explained briefly that when we tried that years ago pre-Jamf it was an awful experience for us and the users. Remote only worked 50% of the time, no ability to push software, etc.

There's another meeting next week to discuss that more in-depth, and I'm currently writing up a justification for what we use Jamf for as I don't know if Intune can do all of it. They also mentioned that Ivanti might now be able to do better software packaging/remote access for Macs now compared to 6 years ago before we got Jamf. I really want to convince them to not go the Ivanti route, and only go with Intune if it can actually replace Jamf properly. We have about 450 Mac clients, plus at least 50 iPads, various iPhones, and a few Apple TVs we're managing through Jamf. Anyone who can speak on experience with this would be appreicated.

9 REPLIES 9

nelsoni
Contributor III

Microsofts recommendation for deploying software is to use Munki. Not saying that Munki is bad, in fact I would say that it has far more capabilities then Jamf, but the fact that Microsoft is suggesting people go with a free open source solution says allot.

scottlep
Contributor II

We use Intune for over 10,000 iOS devices, but use Jamf for our Macs. Intune is so buggy it is ridiculous. Not saying that Jamf isn't without flaws, but compared to Intune it is awesome. We open a minimum of 10-12 tickets a month with MS just for the bugs. Jamf I doubt we open 10-12 tickets a year. Intune does it's job for the iOS devices for the most part once you get past the bugs. Also, be sure to mention the nightmare it will be moving all Macs and other devices currently enrolled in Jamf to another MDM. If you are using ADE/DEP then that further adds to the mess of moving existing devices. To move you are either going to have to wipe and enroll the devices in the new MDM, or at the very least have to rely on user interaction during the move to approve the new MDM profile, etc.

bmcintire
New Contributor III

We have a similar situation with Workspace One. It comes down to this:

We get it from a high level. Single pane of glass. Blah blah blah. The reality is you can't take mass action on all devices on all platforms. So single pane of glass is a misnomer. Also, MDM is NOT a book of record. You should have a different tool for that (ServiceNow, etc). Lastly, you want the best tool for the job. You don't use a wrench to drive a nail. 

This is a fight we have been going through for years and will continue to do so. If WS1 gets better than Jamf on all levels to where it is worth the lift (and literally rewriting our entire environment), then we will move. Otherwise, there is no real value in it (other than condensing contracts - which is a WHOLE different conversation). 

I would love to see turnover numbers of companies coming back to Jamf after switching away from it. Not to mention, look at Jamf customers. Cisco, SAP, Apple, etc. If it's good enough for the big players - it's good enough for us. Doesn't Microsoft use Jamf too? That would be a trip lol. 

spesh
New Contributor III

Some of my experience with Intune could be from company-specific security policies, but it has been absolute purgatory for me. Simply trying to enroll a single device in Intune in my organization is a process in and of itself, with many of our users not even fully enrolling properly. I am incredibly glad we switched over to Jamf as it is so much easier and efficient to accomplish what we need. In terms of an actual MDM platform, I personally have found Jamf to be much more intuitive regarding deployments, pushing software updates/upgrades, etc. than the Intune interface, but that could just be personal preference. 

Keeping my fingers crossed for you!

DBrowning
Valued Contributor II

Leadership and security keep coming to us with the same thing.  Why can't we do this in Intune.  Our stance is that just because one product says it can do it all, doesn't mean its right.  Use the tools that are designed for the platform.  And yes, Microsoft uses Jamf.  That right there should tell you something.  

obi-k
Valued Contributor III

Very curious about this. Went through similar experiences for macOS and iOS for Intune. Had similar experiences with Android and InTune.

@bmcintire Curious about your Workspace One experience? I used Airwatch back in 2013-2014. Just wondering if they improved. 

That single glass pane jargon, lol.

bmcintire
New Contributor III

Yeah I mean they implement MDM commands. It's an attractive GUI from a high level - so the flash pulls in the people who spend the money. Their best feature is the virtualization stuff through the hub - which it BETTER be. 

I guess it comes down to the little stuff. Couldn't enroll M2 devices when they were released - for like quite a bit of time. They have not been zero day for point updates before, which is catastrophic - especially when critical CVEs are getting patched. 

Best way I could put it - it's gotten WIDE but has not gotten DEEP.

DBrowning
Valued Contributor II

With my company we have use cases to use WS1, Jamf and Intune.  WS1 has not gotten any better (@obi-k).

AJPinto
Honored Contributor III

Managing Macs with Microsoft Endpoint Manager is an after thought at best. We have both MEM (Intune) and JAMF, MEM manages iOS and Windows, JAMF Manages Mac. Every time we review MEM's macOS capabilities it leaves a lot of hols in management that we simply dont have with JAMF. Not saying JAMF is perfect, but its a heck of a lot better then MEM. 

 

If we pushed for MEM over JAMF for Macs, I would probably resign. I am the one who would need to make it work, not the crack pots making the calls.