I am an Assistant Manager at a small manufacturing company.
I am currently researching MDM solutions. Which MDM solution do you prefer? Should we get Jamf MDM?
Thank you for your help.
Systems Engineer III Apple Devices (JAMF Engineering) at Tesco
May 24, 2023
If you need an Apple device management MDM, then JAMF is one of the MDMs to consider. There are two variations, JAMF Now for small enterprises and JAMF Pro for a much larger fleet of devices.
JAMF simplifies the management of Apple devices and automation of device management, software provisioning, and security management. There are other MDM solutions such as Kanji and Microsoft Intune, however, the Zero-Day support you will get with JAMF, whose focus is purely Apple devices puts it way above the competition and as your estate grows and you seek more tools and management options then JAMF is your MDM choice for Apple device management. You will also need to register with Apple for Apple Business Manager or Apple School Manager depending on if you are a business or education.
Hello community members,
I work for a large Retailer company and I've been exploring these 2 products: Jamf Pro and Microsoft Intune.
Can anyone share the latest feature comparison list between Jamf Pro and Microsoft Intune for Mac management?
I appreciate your help.
Apple Consultant at State Compensation Insurance Fund
Apr 26, 2022
In my view there is no comparing the two. JAMF is far superior if your talking about managing APPLE MAC machines and devices only. Jamf, previously known as Casper. Has been providing MDM solutions for years while Intune may be owned by big money and an even bigger name in MicroSoft. InTune is not nearly as easy to use in my view. Although some may disagree with my view or opinion. I would question ones experience in regards to all things Apple Mac. As there are many familiar with all things MicroSoft & Windows related. But still far FEWER even today. With the experience, background as well as familiarity with Apple Mac and cross platform support as I have been blessed with. With that I would still say, do your due diligence and research and always get a second opinion. Embrace all technology and be willing to engage in what others may deem less worthy. Had I been like most and adhered to the majority in I.T claiming Apple Mac products had no place in corporate America. I would not be the Engineer I am today. Cheers, Peace and good luck.
We would like to have some of the extension attributes configured so that those extension attributes can be part of the core structure. They can make some of the extension attributes the actual attributes. They shouldn't be like add-ons. It's a great product. It would be great if the training was a little less expensive, or they could break it up into less expensive modules so that it's easier for people to get through. When they're between $2,000 to $2,500 for each course, depending on if you are an educational institute or not, it's hard for somebody if they're paying it out of their own pocket. I know that not everyone pays for it on their own, and they try to get it from their employer, but it's a big investment even for employers. It makes it harder for some people to get their necessary training. They can either make it a little less expensive or break it up into smaller modules so that people could go along, and it'll be easier for them to afford. If they break it up in half, it would be a thousand dollars or a little bit less. That would be a little easier for people to manage if they had to do it on their own or for an employer to commit to putting somebody in a class. You also wouldn't take as much time off from work because it could be done in two or three days versus four days. I still like the environment or the way they're doing it, but I'm just trying to think of things that would help people.
The solution needs cheaper training. Some companies don't have that much budget to invest in training. They need integrations with known/other services out of the box. Reports for execs could be more colorful/attractive. The documentation for the API is still confusing. Until this day, I still don't know what's the best way to securely run your API in an end-user endpoint. Some documentation could also be updated or created in cases where a large population uses the same environment (like Jamf + Google + Okta) or something like that.
Tool tip-type information would be helpful. Sometimes, when creating a configuration profile or policy, I'm unsure about a specific choice. It would be great to have a pop-up with links for more information on a feature. It would be great for Jamf to provide templates for commonly used tasks like updating an operating system, packaging commonly used apps like Office 365, or enabling FileVault. I envision a standard setup template where you could make simple choices. Since all the hardware is Apple, I don't see why that can't be provided.
Jamf needs to get an inbuilt remote support tool to allow the admin to remote into machines. At present, you can use third-party remote apps, however, a Jamf one would be better. Currently, Jamf allowed for TeamViewer integration, however, TeamViewer is very expensive these days and not worth the money they now charge.
Jamf could be improved such that, in the icon selection box where you choose the icon to be displayed for a policy in self-service, it could be made to be more easily navigable. Currently, you need to scroll through pages and pages of icons (we have many icons that have been uploaded), and it can be tedious. It should be possible to make it so it can be sorted by upload date. It should be possible to add a "Force Software Update" button to the Management section of Apple TVs. Currently, it seems like the only way to update Apple TVs remotely is to do so via a smart group mass command.
We need better reporting options. We would like the ability to see all software applications that are inventoried fleet-wide, and deeper integrations for OS updating.
The areas of the product I would like to see improved are: - The universal searching with filters. It would be nice to be able to search smart groups and/or filter them. We'd like search packages or be able to categorize them a bit better by leveraging tags. Right now, searching is only on certain pages in Jamf and it is inconsistent. - Better reporting. It would be nice if Jamf could build out a reporting pane within Jamf to see better data. This can include patch management, smart group criteria, and so on. This would help when reporting to higher-ups.
It's really hard to figure out anything that needs to be improved in Jamf. They do everything so well and they are constantly updating the system. Since we are in the cloud, it just updates automatically and little bugs/glitches are always being fixed. Apple does block certain actions from happening or disallows Jamf from making certain changes. This is the only true issue I can see, which is not truly a Jamf issue. I would just hope that one day Apple will allow Jamf to make changes to the screen sharing changes so that way we can fully support remote employees.
The dashboard needs to be customizable. The SelfService design should be customizable as well or at least should look like the actual OS. There should be some UX designers to take a look and work on the usability and the picture Jamf is looking like for customers (SelfService Design) and the Admins (Jamf Dashboard). We'd like to have a map where we can spot where Smart or Static Groups are set as Scope. Scripts should have a check before you can upload them or put them into a policy - to check if there is no endless loop inside or some dangerous code.
We would love to see the ability to have settings apply to mobile devices on a time schedule. This would allow us to plan some tasks ahead of time. For example, we often have testing needs throughout the school year and the ability to do things like set a date to install an app and a date to remove an app would help us schedule upcoming tasks better. The same would go for things like web clips; we often share links with students for accessing content and being able to have this appear/disappear on a date would be helpful.
I really hate updating certificates and I would love to see more integration with ASM and ABM.
Every Product line or service has some issue. What is important for me is how soon they can provide a fix as this will reduce the overall impact in my environment. At times we see Product Issues (PI) in Jamf Pro - namely bugs - however, Jamf support is good at fixing the issue, and if they do not have any immediate fix then at least they provide a workaround until we have a fix available from Jamf. The patch management needs improvement in Jamf Pro. That said, I can see it in the roadmap.
An easier way to deploy Full OS upgrades would be a great start. For use to deploy Big Sur we needed a bunch of scripts and two different ways to deploy. Once Monterey came out our script no longer worked. If Jamf could work with Apple to get the App Store deployment of the OS upgrades to work that would be great. Another feature that would be great would be a way for an App Store Application deployed by self-service to be forced to update to the latest on the App Store. Many apps, especially Office, lag behind and an uninstall and reinstall is required to fix the issue. They need to scale the self-service header.
As far as what Jamf does for a partner like us, we are happy with it. Single sign-on was something which was not there before. They have it now. The product is quite mature. What we look forward to is for Jamf to go beyond Apple. But I don't think they will go that way, because that is a differentiator for them.
The mass update management tool could be better. We need the ability to tell Macs on next check-in to run all software updates that are pending and authenticate this via bootstrap and root. It should offer a run-on login window so no client needs to be logged in. There needs to be a mass policy change tool. We would like the ability to make changes to multiple policies at the same time. For example, 50 Printer policies for different printers. We'd like to be able to change the scope or change the driver on the policy en-masse.
In some places, GUI could be more reactive. For our timezone, support could be much more reachable and reactive. For some time, support was quite fast; now we see some delays. Configuration Profiles are currently reworked by Jamf, so it's a work in progress, there's no need to worry about it. Recovery Boot password protection on an M1 device is currently only available as Pre-stage, however, a strong need to put recovery password via MDM command to already enrolled devices is a must for us, so it has to be implemented fast.
I am always complaining about the reporting side of things. I love how reporting lets us create custom reports, however, I also feel like it could use some updating. For example, when I need to create a report which has 20 conditions, I cannot simply choose one and then copy it 19 times. I need to search for the condition 20 times, then change the operators, etc. In terms of additional features, I would be blown away if Jamf could add a force check-in button. We have a huge on-premises environment and our check-in is set to once per hour.
I would like to see Jamf add more training tutorials and documentation.
Jamf Pro currently is only used on Mac computers and could improve by having compatibility with other operating systems. We have to use other tools to manage our Windows and Android devices. There could be other improvements but I am still exploring and learning more about the features.
The reporting with PowerBI could be improved.
The self Service UI needs some real improvement; they recently revamped the app, but I don't know if those changes have been for the better. The App Store deployments are incredibly unreliable, however, I think this might be more of an Apple issue than a Jamf issue. The patch feeds are quite extensive. I would like to see the ability to create custom patch definitions and host those directly in Jamf Pro. It's not specific to the product, however, I wish Jamf was more communicative/responsive to the feature requests section of Jamf Nation. They don't need to approve all of the requests, but offering response/feedback/status would be greatly appreciated by the community.
Every once in a blue moon, we wind up with a rarely-seen superbug that takes support weeks to months to solve. The good news is that they are rare and not across the platform. Just us.
One of the big areas in need of improvement is automated device naming for computers. You can do this via mobile devices in the pre-stage but not for computers. Having the ability to assign devices to a specific pre-stage enrollment group, and having said group identify all of the systems via a specific prefix/suffix, would benefit us a lot and keep better consistency when it comes to users' machine names. Improved Patch Management is something that is in the works, I know, but having access to more applications or even improving the method to organizing/configuring patch management will be beneficial. Currently, setting it up is a painful process.
The patch management is not automated in any way, and you have to do a lot of manual work to upload the current version of applications. In some cases, you have to repackage it before uploading it. This means that it's a lot of manual work before you can apply the patch policies to clients.
The on-going improvements & innovation that Jamf provides over time is something that needs to be maintained, as it is what is needed to fulfill a business & team need at the right time.
I believe they should be able to add touch IDs for the admin, which would allow for adding the IT team's fingerprints to the scope and set it up to get into the computers quicker. It will be very helpful if we could restore users after they have been removed from Jamf because I have some cases of deleting a computer before unlocking it.
I would like to see tighter integration with Jamf Protect in the future releases of Jamf Pro. It has been a great system that allows us to know what is happening on all of our OS X Devices. Jamf as a whole has come a long way and maybe more of an integration between the entire suite of Jamf products would be helpful. Login info from Jamf Connect in the Jamf dashboard could be helpful but for the most part, we have nothing to complain about with our Jamf system.
Knowledgebase articles should be introduced in Jamf Pro. Light and dark background features should be included while logging in to Jamf Pro. The Jamf training curriculum needs to be revisited, especially 400. Jamf should give the option to download individual device policy logs, as this capability would really help to diagnose issues. NoMAD is a really powerful tool and Jamf should have a dedicated support queue for NoMAD issues. Jamf should create an inbuilt policy in case the user obtains a device, it should enroll the device automatically. The Jamf Reset app is helpful but it’s only available only for iOS. Likewise, we should have the Jamf Reset app on macOS.
The integrated patch feature is good but needs some tweaking. As of now, there is no option for the user to defer the installation of a patch. You can either give them the option to install the patch through self-service, which needs an active part of the user to do it, or you can force the installation. However, with the force of the installation, there is potential data loss, because an App that you want to patch needs to be closed for it to work. The information explaining that the app will be closed for patching is almost not noticeable for the user. Therefore we do no use the integrated patch management technology and build our own logic to work around it.
I would like to see more robust reporting options for data. Right now there are data points you can configure on your login screen to monitor system health, device health, battery charge, OS versions, lost devices, etc., but there are no real reports you can run about device updates, maintenance, user metrics, etc. I would like to see either a report section or an integration with a new reporting module to allow us to pull real metrics from the system easily. This will facilitate IT's ability to say, hey, budget people, here's why we need this.
The reporting needs to be improved so that generating them is more user-friendly. The reporting should have more of a graphical interface. For example, if you want to create a report on how many computers have been checked in the past 30 days you can produce it. However, it is not something that you'd like to give to a CIO. It will export data into a spreadsheet, but executives don't want to look at spreadsheets. Rather, they want to look at bar graphs, charts, and visuals with percentages. The prices are expensive and should be reduced. When we paid for training, we could not have all five people training at one time. I thought that if we were paying $18,000 USD then we could have everybody training at once. However, this is not the case and it doesn't make sense to me. The response time for technical support could be better.
The product is pretty good as-is, but if anything could be improved I would say the UI could perhaps be a bit simpler. A mobile app to complement the web-based version, to perform specific tasks, would be nice to have - a good example of what I mean is the "Pulseway" MDM for Windows, they have a very useful and user-friendly mobile app. I use that mobile app to do simple things like reboot/update user machines, push out policies, etc. Other than all that, a little more person to person training when onboarding, included with the purchase perhaps.
Patch Management needs work to be efficient. Cost is also a factor, given Jamf has a full feature set; however, it's pricey.
I wish the inventory would have its own pane without having to do it as a search. Hopefully coming soon! Sometimes, I would just like to browse our fleet and can feel that the extra step of doing a clean search is a bit unnecessary. With that said, it's not hard to do it the way it is now. Maybe this is just as good of a solution for this and I just need some time to get used to it. The same goes for the user inventory. I would also appreciate even more included attributes, and this is probably something you could never get enough of.
It would be great if we get an email notification when the Mac users install any apps, so IT can be alerted.
One of the included Jamf Applications, Jamf Remote, is somewhat flaky. It's never worked for me when I've tried to access a remote device that is not on the same network, so the one thing that I would like to see improved/implemented is remote support and I believe Jamf have something in the pipeline. The ability to provide remote support access to end user devices, preferably in a similar manner to Apple Remote Desktop (ARD), Desktop Central's solution or Teamviewer.
The solution should offer beta testing for new products. The solution needs more demos for when new releases come out to help us understand the changes and how to use new features.
I've been thinking about improvement and I think it would be much advantageous to have some sort of remote desktop application that could be implemented to help the remote workforce during the Work From Home times. Also, I think that there should be some sort of mobile app that will help you manage the devices from an iOS device quickly in case some times you cannot be at your computer. I think that there should also be more integrations with Jamf that could better the intelligence-gathering when making business decisions.
Sadly, my environment is closed off from the internet so I cannot benefit from all the tools, but with what I can use, I can only say that I would love to see a more customizable dashboard. In my agency and department, I use tons of tools for scanning, remediation, and reporting. Tools like ACAS and McAfee HBSS have very detailed dashboards if you wish to view more. As stated prior, with reporting being vital, having more detailed, customizable reports that offer graphs, percentages, etc can be useful when looking for quick glance of status when you may not have the time for generating a detailed report. I would love a bit more of government customer support and reach out. There is a ton of support for the educational fields, understandably, but I would love to see a small team also dedicated to government support.
I think that some of the feature requests on Jamf Nation have been sitting out there for a long time with no movement, showing as 'planned' for a really long time, and nothing seems to ever become of them. That is disheartening, but if it is an easy fix it gets done, and if it would benefit a wide variety of users they work to get it done. Technical support is in need of improvement.
The only thing I sometimes struggle with is file management of our packages which resided on the Cloud instance of the file repository. Jamf doesn't make the Cloud file system visible so there are rare occasions where the local repository and Cloud repository get out of sync. This is a minor issue, however. The few times that this has ever caused problems for me, I was able to reach out to Jamf support and during a quick phone call, the tech support team was able to identify my issue and offer a quick solution.
Some improvement can be made in the customer service realm, while also making additional training level courses available for online study and exam-taking. For example, exams at the 200 level.
I would like to be able to see what policies and configuration profiles are tied to what Smart/Static groups. I would like some of the management features available for mobile devices to also be available for computers using the web interface. I would also like to go back to the days where I had one dedicated support rep to contact.
I would love to see an integrated ticketing system built-in, better reporting templates to help analyze the data (software usage, etc.), and integration with FREE SSL Cert (letsencrypt.org) with auto-renewal. Wishful thinking on that last one because Jamf recently acquired DigiCert. One can only hope.
An in-house chat room would be a great way to communicate with your team when you aren't physically present with them. Also, the ability to add notes on devices, so that a history can be shown as to why a user has done certain things, such as their troubleshooting process or just general thoughts.
I can think of only two ways that Jamf could be improved for us at the moment. Primarily by adding the ability to schedule policies for devices. The ability to ask a device to run a policy regularly would be a real advantage. The other thing would be the ability to brand the Jamf admin portal to match the rest of the organization.
A more modern UI in the next release will make the product absolutely perfect.
The cloud version sometimes gets a little slow and https:// is always required when entering the URL. There is still no feature for properly patching T2 Security Chip-enabled Macs. Admins must set up custom-built scripts to get around this functionality miss. Apart from that, it's good.
This solution would benefit from more focus on Self Service, such as Office 365 and GSuite integration. At the moment, if you want to display cloud-hosted content in the Self Service app for distribution to all staff then you have to add it as a web link (it’s a little clunky). Direct integration would make this better.
I would love for it to be able to be the only management tool of my organization. If it could do ticketing and non-Apple devices then that would be huge. The setup could be made a lot easier, too. Currently, it takes a full day of work to troubleshoot database issues.
I think that the zero-touch enrolment could be improved. I would like to have the ability to push scripts using MDM commands.
There are known issues with the mobile configs that need to be fixed.
I wish there was a profile that could be created for configuring Apple software updates on a global basis for our devices, via a configuration profile.
I would like to see more features for application patch management. The list of applications for patch management isn't sufficient. The Catalog of application is limited and if you want to expand it you must expose your endpoints to 3rd party application sources or build the packages in house.
They are always improving the product and have great customer and technical services. One thing I wish is if JNUC could be twice a year in different cities to get more amount of techs.
I would love to see a way to screen share to a Mac using the Jamf Pro web interface instead of Jamf Remote.
More software titles in the patch management updates, this will help reduce creating packages for software updates.
I'd like to see better reporting features.
I would like to see a separate reports area where an actual report is compiled and able to be printed. Currently, you have to create a Smart Group and set criteria to compile an exportable list (txt or csv) of devices that match the set criteria. A report function would eliminate having to create a formal report yourself with the exported data.
Jamf Pro does everything it is supposed to well. The user interface received a huge overhaul with version 10, and there are still some parts that could be improved, but it is still an easy to use yet powerful tool.
I would love to see GSX (Apple Global Service Exchange) integration populate purchasing data during the enrollment process. Currently, data does not populate during enrollment of a device. I would prefer the ability to have this data pull automatically if set up via prestige enrollments
Screen time setup is so required. I want to set time up for screen times for categories. I should be able to choose time and set a password.
We would really like to be able to separate managed computers by the role they're used for, but Jamf Pro only has limited functionality for this with the "sites" feature.
Sometimes the Jamf's cloud-hosted servers feel like they could be a little more powerful. We've never run into an issue, but some of the things that have been said from other customers we have contact and a good working relationship with or during a couple of support calls with Jamf have just made it seem that the cloud instances can't quite hold up to requirements for larger deployments and more resources need to be allocated to each instance during setup.
There are some layout things that could be done to make it easier. For instance, allow us to go to a smart group and see what policies have been assigned to the group, then be able to assign and unassign them right there instead of going into each individual policy.
* More reporting functionalities on mail/export basis with a schedule. * A remote tooling functionality for Windows devices (Jamf Remote).
There are some small but clunky UI elements — things like bulk editing of certain information and settings.
* Patch management is lacking greatly; more options are needed in order for us to consider using it at all. * An overhaul of how configuration profiles are needed, there are too many issues associated with the current mechanism. * I would also say that configuration profile payloads need updating to remove old ones and add new ones. * I would love to see any update on Jamf admin; it's very much in need.
Patch management is an area that still needs focus and attention. We find a problem with this because as others have reported, other solutions can do more with patch management. But as with any solution, there are other ways around it, and we have our existing solution to work around any shortcomings there might be.
Conditional access for iOS devices is a thing they need to add. It's on the roadmap, and it would be nice to have that now.
Patch management: Software patching has fallen by the wayside for newer versions of Jamf as most users are implementing open source alternatives for keeping installed software patched.
I would like to see MFA integration added to the SSO feature, as well as having it expanded to accommodating multiple servers (meaning specifically that SSO, Jamf Pro runs in a cluster just fine).
Pricing needs to be better for smaller businesses who need cloud-based products over on-premise solutions. It’s even hard for some medium and even large businesses to grasp the exceptionally high cost of the service.