MDM for Linux | TheaterFire

[-]

Competitive_Ant_7620@reddit

We have around 20 linux between debian, arch linux and ubuntu but we do defense work occasionally so we need CMMC level 2 and we got swif to work there for everything. Including the guys in accounting on windows. So swif has been solid for us for about a year now. The real reason why we picked them was we didn't have to custom script it all like everything else out there. Like all of the compliance stuff was just templates so it was just easy to do and be done

[-]

Valuable-Match1849@reddit

We had the same issue with linux at our org but basically all thats out there thats even remotely close to what you describe is swif. They have pretty insane support for linux and a pretty much every distro. But they were the only ones able to get us any sort of compliance because we needed disk encryption and they have made their own bitlocker/file vault like solution. So its pretty much the only thing to get right now for linux sadly.

[-]

No_Geologist7581@reddit

I spent a lot of time trying to get Intune to work but it was so glitchy but then i tried Swif and it actually just...worked for all my ubuntu

[-]

RevolutionaryBoss332@reddit

Yeah +1 for Swif on the linux, like the difference has been crazy. I used to have to put one of the guys on coding up all of the rules or "policies" but they just had all of them done already including the disk encryption on the Linux. Which you may or may not know is a huge mess to deal with, and you need it for compliance or your dev team just cant use the Linux ecosystem in many cases.

[-]

angelokh@reddit

I recommend trying out Swif.ai. Swif supports software deployment with Package Manager Type - APT, DNF, FlATPAK, PACMAN, RPM, SNAP, YUM, ZYPPER, and management of all distributions.

[-]

Warm-Researcher-6884@reddit

Yeah we use Swif too its been great honestly.

[-]

Traditional-One6319@reddit

We migrated from intune to Swif because the amount of custom scripting required for Ubuntu was becoming a maintenance burden. It handled our OS-level compliance out of the box, which saved us from the manual overhead we saw with intune and scalefusion. It’s worked well enough that we're now looking at consolidating our Mac/Windows fleets into it as well.

[-]

blanssius_56@reddit

My company was using intune for the longest time for our devs on ubuntu but we had to do sooooo much custom scripting with it. So we started trying other stuff and what we settled on was Swif mainly because it had all of the OS support we needed and no custom scripting like what scalefusion requires. We might even switch out macs and windows over too tbh. Its been working great

[-]

Extension-Most-150@reddit

Scalefusion is a notable solution that offers comprehensive device management for Linux. Scalefusion MDM supports device enrollment, policy management, application management, remote commands, and security enforcement, making it a robust choice for managing Linux devices.

[-]

Ok-Turnover207@reddit

Sw⁤if.ai is going to be what your looking for. They have all of the major distro's like Ub⁤untu, Deb⁤ian, even Nix OS and Arch Linu⁤x. They have some zero touch deployment options via curl or package manager but the nicest thing about it tho frankly for me in my day to day, is it has all the auto deployment stuff also for mac with apple business manager. It even has Micr⁤osoft Autopilot via Az⁤ure. They are the only ones i've seen lately that really have everything without having to do a ton of custom scripting tbh

[-]

National_Display_874@reddit

Yes, SureMDM for Linux has these device management capabilities, you can sign up for trial and explore application management, OS update, device configuration, shell scripting and more
https://www.42gears.com/products/mobile-device-management/linux-device-management/

[-]

Chandan_K_R@reddit

+1 for SureMDM

[-]

Dangerous_Question15@reddit

SureMDM supports Linux management, including OS Patch management, full remote control, kiosk mode, and remote terminal access. With remote scripting one can execute virtually any bash script.

[-]

Local-Skirt7160@reddit

+1 for suremdm

[-]

mayurtalsania@reddit

Yes ,SureMDM does exist for Linux and it’s probably the closest thing to a traditional MDM experience. It provides centralized management, monitoring, and security for Linux devices from a single dashboard, supports multiple distributions, and includes remote control, app deployment, OS/kernel updates, user and policy management, troubleshooting, remote shell, kiosk mode, content distribution, remote desktop, and real-time monitoring. It also supports other platforms, including Windows, macOS, and Android, making it a single solution for managing mixed-device environments.

SureMDM For Linux

SureMDM Products

[-]

raks99832@reddit

Kitecyber Device Shield is a notable MDM software for Linux devices. Kitecyber also has a DLP.

https://kitecyber.com/product/unified-endpoint-management-uem

[-]

bearbobs@reddit

We use this: https://open-edm.github.io/landing/

on premise hosting and free for self-hosters

[-]

robinhooddrinks@reddit

Linux doesn’t have a one-stop “MDM” like Apple Business Manager or Intune. Most teams cobble together a few tools:

Inventory / compliance: osquery + FleetDM, or Canonical Landscape.
Config & policies: Ansible, Puppet, Chef, or Salt to push packages and settings.
User / disk-encryption management: JumpCloud or Kolide if you want a cloud service.
“Zero-touch” setup: PXE-boot or cloud-init scripts that auto-run Ansible the first time the machine boots.

So the pieces are there, but you have to glue them together yourself—or pay a vendor that bundles them. No built-in DEP/Autopilot equivalent yet.

[-]

scorp123_CH@reddit

At my previous employer the folks in charge of end-user device management were experimenting with these:

https://www.manageengine.com/products/desktop-central/

https://www.ninjaone.com/rmm/

[-]

Fun-Complex862@reddit

Used both products here are my two cents:
- Manage Engine Desktop Central: Only supports package deployment and patch mgmt not True MDM, in the sense like you can't get device location or remote wipe which is crucial when users are all over the world.

NinjaOne: Support for linux is just on paper only, Patch mgmt doesn't support fully yet.
btw: We're using both the products at the moment.

[-]

Rich-Mess-9089@reddit

Hey, do you plan on switching them to any product?

[-]

Stars_stuck@reddit

Here's what Scalefusion can do for you:

✨ Manage all your devices in one place ✨ Keep your data safe and secure ✨ Save money vs multiple MDM tools ✨ Update everything with one click

Why pay for multiple tools when Scalefusion does it all?

Want to see how it works? Let's talk. You can email me at : vishal.rana@scalefusion.com

[-]

DerryHuin@reddit

Yep NinjaOne Linux support is incomplete, the patch management is not fully functional yet.

[-]

Lagkiller@reddit

I cannot stress enough that Manage Engine is terrible and their support is non-existent. It's more of a problem than a solution itself.

[-]

scorp123_CH@reddit

Interesting. Thank you for your input.

[-]

UsedToLikeThisStuff@reddit

https://fleetdm.com/ might be what you need. It just can push shell scripts but I’ve used it to call out to Ansible.

[-]

Normal_Cold9106@reddit

Just came here to say +1 to Fleet - we just deployed it last year. It's been great with our linux users!

[-]

pinochio_must_die@reddit

Out of curiosity, do you automatically enroll your linux machines or you manually add fleet binary on each client?

[-]

UsedToLikeThisStuff@reddit

Fleet admins can build a package that bundles the enrollment into the package.

[-]

angelokh@reddit

If you're looking for a robust solution to manage Linux devices, I'd recommend checking out Swif.ai. It's a unified device management platform that supports Linux, along with macOS and Windows, making it ideal for organizations managing diverse environments.

Here’s why Swif is a great fit for Linux admins:

Native Linux Support: Unlike many MDM solutions that prioritize macOS and Windows, Swif treats Linux as a first-class citizen. It supports all major Linux distributions, ensuring seamless management regardless of your setup.
Compliance Automation: Swif makes it easy to enforce compliance standards like SOC 2, ISO 27001, and HIPAA by automating policy configurations and monitoring across all devices, including Linux systems.
Automated Software Deployment: You can deploy custom scripts, apps, and software packages via tools like Chocolatey (Windows) and native Linux methods. Swif ensures all devices are up-to-date and secure.
Shadow IT Management: With its browser extension, Swif helps you monitor SaaS usage and manage unauthorized applications across your fleet, giving you complete visibility.
Streamlined IT Operations: Swif’s intuitive interface allows admins to manage devices, deploy policies, and onboard/offboard employees with ease—all from a single platform.

Whether you're looking to secure your Linux systems, automate compliance, or reduce IT overhead, Swif.ai provides a modern and efficient approach. Check it out at Swif.ai and see how it stacks up to your current solution.

#LinuxMDM #DeviceManagement #LinuxAdmins #ComplianceAutomation #SwifAI

[-]

ashwanipaliwal@reddit

SecOps Solution (https://secopsolution.com) might be a good fit. It’s cost-effective, covers vulnerability and patch management, custom scripts, and software deployment without any minimum device requirements.

[-]

_BoNgRiPPeR_420@reddit

Intune can manage linux machines. We have a few developers running Ubuntu on their laptops and we have them joined.

[-]

deltashmelta@reddit

Out of curiosity, what sorts of things are you doing with the scripts?
Checking for certain packages, automatic unattended updates, host naming, etc?

[-]

Working-Doctor-1428@reddit

I have been using Apptec360 for over a year now, and I must say, it has made my job as an IT administrator much easier. The user interface is intuitive, and I can easily manage all the devices in our organization from one central dashboard. The remote-wipe feature has been a lifesaver in case a device is lost or stolen.

[-]

Rohit_survase01@reddit

Scalefusion is a notable solution that offers comprehensive device management for Linux. Scalefusion's Linux MDM supports device enrollment, policy management, application management, remote commands, and security enforcement, making it a robust choice for managing Linux devices.

[-]

marcovanbeek@reddit

It’s at the other end of the scale, but we use CFEngine to manage the settings on all of our servers. It’s a lot of programming and it’s not the easiest thing to learn, and it is entirely based on your own scripts, but we have been using it for 20 years now and it is brilliant.

[-]

HeadlessChild@reddit

We use CFEngine as well. For both servers (~1500) and laptops/desktops (~1000), running a mix of Debian and Ubuntu. It's been working quite well.

[-]

craigmontHunter@reddit

We’re bringing CFEngine online for our endpoints, we needed the agent for systems on VPN to phone home. So far I’m really liking it, there is a learning curve but it is really powerful.

[-]

Dolapevich@reddit

There is RedHat cockpit

[-]

sits-biz@reddit

Opsi?

[-]

justmirsk@reddit

We use Automox for this to a degree. We build out Worklets that evaluate endpoints based on our evaluation code (Bash scripts). If evaluation code exits with 0, device is compliant with that worklet. If the code exits with 1, device is not compliant with that policy, then remediation code is run per the policy schedule.

Most of our eval code is fairly basic, it checks for specific software, validates it is running etc. We have some patching policies for specific items too, such as NodeJS patching that automates updates to the latest minor version in an LTS major version etc.

If you can script the detection and the fix, you can use Automox to automate the remediation and report on the compliance of the worklets/policies and patching status.

[-]