Jamf vs Airwatch

KRIECCO
Contributor

Just talked to someone who recommended airwatch for mac management. I looked through the video´s and it looks interesting - but of course most of those sales video´s does :)

Do anyone has experience with airwatch. Looks like the features are the same with setting policies and also being able to push out software updates etc.

28 REPLIES 28

awginger
Contributor

Funnily enough, I came on here to post a very similar question...

I am looking to put together a relatively high level 'Why Jamf?' presentation. I know people say if you're going to manage Macs then use Jamf, but I'd like to understand a bit more about why.

I know a lot of our customers will be big Windows houses, and may have Intune and therefore ask 'why do we need a second MDM/EMM?
Now I think you cannot do the following with InTune:
-Deploy/patch software (no VPP/DEP support, no pkg deployment)
-Run scripts
-Customize inventory
-remote lock/wipe a device

AirWatch doesn't have these restrictions though, and offers support for non-Apple products so again the question is 'Why Jamf?'

Hope you don't think I have hi-jacked your thread, it wasn't my intention.

blackholemac
Valued Contributor III

I will point out that specifically on Macs, Jamf is the best choice. I could go on the marketing side and point out who all uses it, but you're wanting a technical.

For one, not all software is MDM deployed. For instance, Microsoft Office and Adobe still ship on an ISO that needs to get out to your fleet. Most MDM-only Mac management products don't handle that quite as well.

Then we'll move into the realm of scripting. I don't know about you, but MDM doesn't achieve all customization I want with the Mac environment. Sometimes I want to make sure each and every user that logs in gets a plist or a document or something in their home folder. Jamf has excellent facilities for that.

I would point out its imaging capabilities but the industry is moving away from imaging.

One final thing to note is that Jamf makes it their number one priority to know what Apple is up to and be able to support it from day 1. They maintain relationships with all the major vendors in the Apple realm and test their stuff to make sure it works with them. They aren't perfect, but they give you the best foundation tools I've found to maintain your Mac fleet.

ejculpepper
Contributor

Building on what @blackholemac stated about Jamf staying on top of their support and providing day 1 functionality, when we had Airwatch they failed to support device based app assignments for months after the release from Apple. This forced us to go through the deployment of our shared iPad cart fleet using Apple Configurator 2 to deploy the apps...which was a nightmare. Meanwhile, Jamf supported device based app assignments as soon as Apple released the functionality. I know this doesn't have to do with Macs...but figured it was a good example.

Another issue we had with Airwatch in our Mac environment is the iMacs would randomly just stop communicating with Airwatch...I had several tickets in with them, but a resolution was never found. So I found myself constantly having to wipe and re-enroll our iMacs to go through DEP enrollment.

Also, being able to store your software install packages in Jamf's cloud distribution point has made it much easier to deploy software to our iMacs. With Airwatch, you need to stand up your own distribution point, using your own storage, and configure it to work with Airwatch. I have policies/smart groups setup to detect iMacs missing software, this way they automatically reach out to Jamf and install the software without me having to do anything.

I was also able to customize our user experience more using Jamf by using login/logout hooks and policies. I have scripts that run at login/logout based on the users LDAP group membership that customize the restrictions on the iMac, as well as dock items and other functionality.

gachowski
Valued Contributor II

Support.

Jamf support is seriously good. Code42 and Jamf I don't think there is any better support.

C

Look
Valued Contributor III

I don't the know exact capabilities of the competitors out there but a couple of things worth noting.
If it doesn't do VPP and you want mass machine level deployment of App Store applications you basically cannot comply with Apples licensing requirements while doing so (You can deploy, just not with proper compliance).
If you have a requirement to package and deploy none App Store applications and you choose a platform that this is dificult on your walking into a world of unneccessary work and pain just for the sake of having a one size fits all solution.
If it properly supports scripting most other issues can be dealt with one way or another, but proper zero day supported MDM really does make a difference when dealing with certain things like authenticated Wi-Fi, certificate deployment, security and required machine settings etc...
Oh and if you want to deal with iOS in any way then really good MDM is mandatory!

ndeangelis
New Contributor III

I have been using AirWatch for almost 3 years in a very large school district. Recently our district purchased JAMF Pro. JAMF Pro is vastly better than AirWatch in my opinion. AirWatch has not been reliable, they lag behind for months with regard to new features, macOS management is horrible and their support is terrible.

awginger
Contributor

Hi ndeangelis,

I'd be interested to hear more about what is terrible about AirWatch's Mac Management if you had time, please?

I am very much in the Jamf camp for this, just trying to weigh the argument effectively.

FastGM3
Contributor

@awginger

We went from Jamf to Airwatch and back to Jamf. I can tell you even when we dropped Jamf for a short time, we left our OSX devices out of Airwatch and used it primarily for iPads. Our district at the time made the switch because of "great" pricing or 1st year startup prices through Airwatch. Don't ever fall for great pricing, because the following year you'll get slammed with a bill you probably won't renew which then means all the iPad work has to be done all over again to get them back into a reliable better supported MDM such as Jamf.

The biggest problem I had with AirWatch Mac management was the lack of a silent enrollment package at the time, like Jamf's quickadd. To enroll macOS devices it required user input. We setup our devices bind them to AD and enroll them into Jamf, before a user even gets the machine. It's essentially handed off ready to go, with Airwatch it wasn't that easy.

Support was an absolute nightmare, we routinely had 3 or 4 bot replies prior to a live body and then when we spoke to that live body typically the problems were out of their realm which meant waiting even longer for help.

I see a lot of people saying the same thing. Granted this is JamfNation and the folks here love them some Jamf. I can honestly say I'd rather do without an MDM than go back and pay for any Airwatch service.

Chuck

Shaunie
New Contributor

I've used it in the past found it very cumbersome. Worst part was the password expired and I couldnt reset it.

I tried following their steps to reset didnt work. Then I got a mail from one of the sales guys trying to sell me some crap.
I replied asking him to get my account unlocked and I'd consider it.

Still waiting over 2 years later. I eventually dumped Airwatch in favour of Meraki.

jcurrin
New Contributor III

As someone who used both at a previous employer. AirWatch does a lot of things...extremely poorly. AirWatch advertises that they are the Swiss army knife of MDM's. As someone that used both, you will quickly learn AirWatch's knife will fall apart before you can blink. My favorite issue with AirWatch is they have an external bug sheet (which is a couple 100 items long) and an internal bug sheet. They won't tell you about an internal bug until you actually have the issue in your environment. 90% of the time we felt like we were QA'ing their product for them, because we don't know if they actually have a QA dept. Do yourself a favor and trust jamf to be THE mdm for apple products. Not only are they more reliable, you would have to wait months, years, or a decade for product features with AirWatch. I wouldn't wish AirWatch on my worst enemies...

bpavlov
Honored Contributor

@jcurrin The fact that AirWatch has an external bug list I think is great. How searchable is it? What you're describing is similar to what Jamf except they have no such list that's easily referenced except what they decide to show on the release notes. And you basically have to figure out whether something has been fixed in a previous release or the latest release. See this Feature Request here: https://www.jamf.com/jamf-nation/feature-requests/1699/implement-a-bug-reporting-and-tracking-system...

That's not to invalidate your points about AirWatch's quality and/of feature set. Just that bugs aren't exactly a topic I'd point at to make Jamf look good. All software vendors have their bugs.

lashomb
Contributor II
The fact that AirWatch has an external bug list I think is great.

This would prevent many headaches for sure if Jamf did this. I know Airwatch is working on a better Mac product so I'd expect them to get closer eventually. Their API is good. But Jamf will always be specialized on Mac and iOS management, where Airwatch is also doing Windows, Android and maybe even Chrome as well.

jwojda
Valued Contributor II

We also had the Airwatch dog and pony show with their engineers and sales people onsite and taking the decision makers out to lunch, seems like they are making a concentrated push into enterprises.

In the 8ish years we've been with jamf, I think jamf has been onsite once. Would be nice if jamf could find a way to do more FaceTime with their customers to give the decision makers that warm fuzzy feeling. The time that jamf is the only game in town is gone and the new kids on the block are snatching up territory.

gabester
Contributor III

Two words: JAMF API.

Longer answer: I've used both to manage a significant number of devices. Unfortunately, the Jamf Pro 10 upgrade make the web console much more "airwatchy" and that's not a good thing - it's less responsive and gives that annoying "we're processing something while not displaying any useful content" animation that other providers seem to think is so useful (and which really means the web front-end to DB connection and querying is so slow that you can't display meaningful content in the amount of time a human could normally be expected to wait.) For Macs, Airwatch won't allow the same degree of flexibility that Jamf does; for example the ability to chain multiple actions via triggers in policies, or to run scripts, unix commands; lastly extension attributes! Airwatch is an MDM - a pretty robust one with support for just about every platform an entity might use, but it's limited to the things an MDM would do, and let's face it, the expectation of the capabilities of a dgitial appliance are just less than a full fledged general purpose computer. Airwatch support isn't as well-rounded and certainly not Mac-specialized to the degree that Jamf is.

Oh, and the fact that Jamfnation is indexed by search engines and publicly available, whereas Airwatch is behind a login and not indexed, means that your going to get a lot more community support with Jamf.

Jamf isn't going to be the answer for every organization; but for those that care about delivering the best quality of service to their Mac (and iOS) customers, it will be the one they select. I believe no other vendor provides the degree of pursuit of excellence that Jamf does when it comes to Apple's platforms. With that said, they aren't perfect (see my Jamf Pro 10 redesign complaint above) and they're also hamstrung by what the mothership allows them to do these days, and that's a big concern as it seems to be increasingly limiting the viability of these platforms unless your organization is willing to accept all the tradeoffs of such a closed ecosystem; many organizations will never willingly cede so much control.

If you need a single pane of glass to manage all your devices, AW is the best effort I think you will find. But that single pane of glass comes with compromises; its developed with a rigor that reflects the popularity of different platforms and as such, it'll support Android, iOS, and Windows 10 best (in that order.) Macs, Blackberries, sure, it can support those too, but there's less attention given those platforms as they aren't revenue drivers.

awginger
Contributor

Thanks for all the input people, much appreciated!!

cmakinsi
New Contributor II

We used AirWatch to manage our macs and pulled them out. We use AirWatch to manage our fleet of iOS devices and JAMF for our Macs. We had HUGE issues with binding to AD in AirWatch, and we simply don't have those issues in Jamf.

scottb
Honored Contributor

Good to see this as we're seeing a push for AW too possibly.
Hoping to find more technical examples I can layout to fight this fight as I've not used AW and am not that familiar with it.
Good thread.

jshamp
New Contributor II

As a network manager for 3 high schools, (2200+Users/ 1800+ devices) I was excited when the District decided to use Airwatch as the MDM and all of the things promised. Ugh, 2 years later I am relieved that we have begun the switch to Jamf Pro.

AW always seemed a little clunky and what seemed to be numerous clicks and awkward set ups that had to be done, just for basic services. Trying to be objective, it may work well for a group that only has to learn this software and its nuances. We dropped everything but iPads and Apple TV’s shortly after the start.

The manual enrollment is time consuming especially on iPads. Often devices stop responding or checking in and again you have to wipe and set up. Many times after purchasing apps VPP it may take a day or 3 to show up and then another 24-48 hrs to populate to the devices.

emily
Valued Contributor III
Valued Contributor III

If you're going to go with AirWatch, you'll also want a secondary tool ready to do the real heavy lifting. I'm not sure if anyone else has mentioned this yet (tl;dr) but AirWatch introduced the ability to deploy your own custom bootstrap package because they basically were like "yes, we suck at package deployment and Mac management, we'll let you use us PLUS something else to get the job done." You can see some documentation about custom bootstrap packages here. They mention Munki, Chef, and Puppet as examples of things you'd installed on enrollment with the custom bootstrap.

This really indicates two things:
1. Even AirWatch knows they can't adequately manage Macs without relying on another tool.
2. If you want to use AirWatch you can get the MDM and DEP pieces from it, then use Munki (or something else) to really do the heavy lifting.

That being said, Munki's third party patch updating/catalogs and Managed Software Center blow Jamf's "Patch Management" and Self Service out of the water, so maybe it's worth it for that. But if you want something that does everything holistically (but maybe not the most effectively) Jamf is the top choice. (But not always the best choice for everyone.)

scottb
Honored Contributor

Thanks, @Emily. Sad to hear that the Munki bits blow away the Jamf bits though. To me, the complexity of having to have more than one product in place to make something work detract from the overall solution. With fewer bodies doing more, having to support something like Munki too is not all that appealing to me.
And we've begun looking at a test spin-up of AW. The enrollment process is horrendous. More to come...

emily
Valued Contributor III
Valued Contributor III

I think it's in every organization's best interest to regularly explore other tools to make sure you're not missing out on a management solution that may better fit your needs. That being said, yeah, the fact that Munki has handled third party patching so well for so long and Jamf's attempt here isn't all that useful for most orgs (I'd imagine, due to the limited title offerings and the overly manual process of generating and maintaining external patch titles) is a little disappointing. But you take the good with the bad with any management framework. For anyone wanting to evaluate AirWatch I'd recommend checking out Erik Gomez's posts about configuring custom DEP with AirWatch.

Worth noting that the pricing for AirWatch + Munki might make it very tempting. Jamf Cloud is hella expensive and really not all that competitive in pricing imho.

gregneagle
Valued Contributor

wmateo
Contributor

One thing about JAMF is this community. I Am sure AW has same but you can literally find anything you are looking for here.

danielleitcs
New Contributor

You might also find this direct comparison between Jamf and AirWatch on IT Central Station to be helpful. Users interested in these solutions also read reviews for BlackBerry Enterprise Mobility Suite, which is included for your reference as well.

jhuls
Contributor III

@danielleitcs It's tough to take that seriously when there is a max of 12 reviews on one product and the others have much less. Not to mention the ratings seem to include those from all reviews over a span of two years which can be a few different versions. It's an option for people to reference though if they need it I guess.

TS6845
New Contributor

i managed macs, ipads and iphones in airwatch for about 6 years before we switched to jamf. I used munki to do heavy deploying, ARD to do some light tasks, used custom scripts in airwatch and automatically bound to AD no issues... Testing sure, lots of testing but never had horrible issues that made me say i want to get rid of airwatch. We recently switched over to jamf about 6 months now and personally i wish i could go back to airwatch. We had airwatch on premise, maybe that's the difference i have between everyone else's experience of airwatch. It had its quirks sure but so does jamf.. I always had great customer service, they always called me in a matter of a few hrs and a delivered solution within hours or a few days max. The reason im here reviving this old thread is because im absolutely annoyed with jamfs product (jamf cloud) and customer service. I call them but i cant get through to anyone, its taking way to long to get someone to help me out.. i can only get 1 email response from them a day and they dont know how to pick up a phone. i say call me, they ignore it.. Im not sure why jamf is considered any type of industry standard.. i had features in airwatch that jamf does not and i miss them.. airwatch was so much more automatic, and yes it required much more setup and was more complex but the features and ability i had before... i wish i could go back but its not my call. All this back end api stuff and the spreadsheets now i have to do with jamf is super annoying.. Im not sure why others have had such a difficult time with airwatch, again maybe they had a cloud version and we had on premise? maybe thats why im not liking jamf now because we have a cloud version and the people on here dont? i dont know, but i had airwatch running like a Swiss watch, smooth and constant, didnt need to do much to it after setup was done.. just set it and forget it, jamf on the other hand is a daily headache to me.

diradmin
Contributor II

KyleEricson
Valued Contributor II

I had used AirWatch for over 6 years and I would say it worked ok. Then about a year ago a bug in AirWatch unenrolled all 1,200 devices and AirWatch couldn't even tell me why. AirWatch does everything just ok. Jamf does Apple great and AirWatch can't come close to that. Just the support alone and the community makes Jamf the clear and easy choice. Try this in AirWatch deploy a PKG then try to do the same thing in Jamf. In AirWatch this simple task can take double the amount of time. I will never recommend AirWatch. If you need Windows management and Mac then do Jamf + Intune and then you can even send Azure conditional access from Jamf to Intune for Macs. A big win-win.

Read My Blog: https://www.ericsontech.com