Jamf Nation Community

sayr01 · ‎11-07-2023

Hi Everyone,

Just wanted some opinion and advice on this.

We have been Using JAMF Pro to manage our Mac OS and iPad OS since 2017. We just had a change of management and the IT Head wants to implement Microsoft Intune to manage all devices including macs and iPads.

We currently use SCCM to manage windows devices and JAMF Pro for apple Macs/iPads

His idea is to get rid of both and just use Intune to mange all devices.

Can Intune do everything that JAMF can?

Any feedback on this would be appreciated.

dvasquez · ‎11-07-2023

I recommend using Jamf for macOS. It is far and away a better MDM, MAM.

Intune is a heavy-weight product that will give you headaches, lower your productivity, and keep you up at night. That is my real-life experience and time.

And to answer your question Intune cannot do everything Jamf Pro can.

Good luck

sayr01 · ‎11-08-2023

Hi dvasquez

can you please elaborate on "Intune cannot do everything Jamf Pro can"

Need some examples please.

dvasquez · ‎11-08-2023

No ability to connect extension attributes to smart groups to enable better more concise policies.

No ability to manage software updates or OS updates in a deferred fashion and also set end dates for users to install.

No ability to leverage Jamf Pro Mac Apps repository. You can use third-party sources like Intune Pckgr but Jamf has this built in!

No ability to create Prestage enrollments. Yes, you can use DEP with Intune. You cannot also leverage enrollment customizations.

Managing FileVault is more clumsy in Intune.

No ability to group computers or devices in smart groups.

No ability to scope policy to smart groups.

There is no URL-based user enrollment capabilities. Jamf is also improving this as I type.

No smart group capabilities. Intune has dynamic groups but they are far and way less configurable and useful.

Management of the laptop or iOS device is more robust and acts in a more real-time fashion.

The Jamf Pro flexibility is superior to Intune in policy creation, scoping, grouping, and targeting. And I think the use of the Jamf self-service is more useful and allows for more admin or engineer creativity.

Do not even get me talking about using Jamf Connect... :-)

pete_c · ‎11-07-2023

Management also needs to realize that changing MDMs can be incredibly labor-intensive, aka 'touch all the things.' List every setting, app and restriction that Jamf has deployed across your fleet - what stops working once the device is unenrolled? If you deployed the org's wireless via Jamf, do those devices go offline? What's the workflow implication of having devices potentially unable to access internal resources for the amount of time required to change?

Intune is nothing but headaches if you're accustomed to Jamf Pro's functionality and polish.

AJPinto · ‎11-07-2023

For iPads it really does not matter, Intune is fine. However, for macOS you want to use JAMF. Microsoft is doing a horrible job at keeping up with changes in the macOS World. Things like Rapid Security Responses still aren't supported with Intune (iPadOS or MacOS) to give an idea of the investment MS has with MacOS.

If your plan is to push back, you will need to do it from a cost perspective. Make sure to point out the cost of training and retooling, as well as the fact you will need to reprovision your entire fleet (yes wipe and reload, don't listen to the sales guys). Also take an account of the automation you get with JAMF that you will lose with Intune, as well as any tasks that will take longer to perform with Intune. Make your employer know that in the long run Intune costs more than JAMF. If you need help with this, reach out to your JAMF reps, they don't want to lose the client and should help.

Will-Kriel-Hart · ‎11-08-2023

I was in the same boat 5 years ago. We had a change in management and he wanted to ditch Jamf from the moment he walked through the door on his first day....This is when MacOS support in inTune was in its infancy. To put it bluntly, it was dreadful.

App deployment was slow and clunky - you had to use a 'wrapper' on the installer packages before you could upload them to inTune. That process could take hours, of larger apps. Deployment could take hours to install really small apps.

No support for FileVault, Config profiles, VPP apps, pushing updates etc etc...

DEP workflows were pathetic as well.

I guess there have probably been a few developments with the product, over the years. But I haven't had any opportunity to revisit inTune and take a look - (not sure I would want to, TBH!)

I ended up leaving and moving jobs to a Jamf-focussed company.... and i've lived happily ever after...

sayr01 · ‎11-08-2023

Thanks for this information!

foobarfoo · ‎11-08-2023

No, it can't do EVRYTHING, at least not in the same way. I would say as a generalization, that if you have modest management needs and don't want to micro-manage and script heavily with complex MDM workflows, then Intune is probably good enough. The most appealing part of Intune is cost and unified vendor/invoicing if you manage non-Apple devices as well. You could consider Intune "free" if you have to pay for A3/E3 plans anyway. One thing that I think Intune does better than JAMF currently are OS software updates - with Intune you can "fire and forget" a policy. With JAMF, you still need to have a human click stuff on a regular basis.

Bottom line is: It really depends on your management size and workflows. But based on what you describe above, you probably have already licensed all your users for Intune, so from a cost perspective it's a tough argument. So you'd better have very specific needs instead to motivate the extra cost - which is pretty steep too.

sayr01 · ‎11-09-2023

Thanks foobarfoo

efil4xiN · ‎11-13-2023

It has gotten better, helping a friend with this now, but you are comparing JAMF with almost 20 years in the game to Intune with about 3, it's not as mature. if you spend more time around you will continue to hear about the single pane (mac admins call it pain) of glass. just trying to arm you as this will not be the last time you will have to deal with this

ScottyBeach · Monday

I'll be happy to stand corrected, but an InTune "single pane" which you look through and see... not much, vs. Jamf, which isn't set up all that well for reporting but has lots of data and whose inventory is customizable with EAs seems makes it look like a "second pane" might show a clearer view.

Pomeroy21 · 2 weeks ago

Education (K-12) customers are asking about Intune vs. Jamf (pro or school). With school I can definitely see the benefits for the teachers and parents with the teacher and parent app. But If a school or district is using pro for macs/iPads today they really want to now the specifics of what makes Intone a worse choice for the schools. I am not familiar with intune but from what I've heard about intune is:

- deploying apps is not an instant process and difficult to get granular to individuals or groups of classes

- Mac and iOS only checks in twice a day? So changes to devices could take time and not as instant as with jamf

- no support for prestage enrollment

- admin privilages - only one level - super admin or none. Which means you can't give admins specific privileges as you can with jamf.

- smart groups and extensions attributes aren't available which helps when creating policies, remediation and inventory.

- no support for rapid security response

- cumbersome procedure of deploying third party apps on mac - Jamf has a lot of third party apps and the list is growing with the Mac app catalog. And apps get updated automatically.

I'd love some feedback if this is correct and if there is anything specific that I've missed. Many schools are considering switching to intune and the simple answer that Jamf is better. But they need more specific details in the discussion with IT.

Jamf Nation Community

JAMF or INTUNE