InTune for Mac vs. Jamf
Posted by Numerous-Card1025@reddit | sysadmin | View on Reddit | 22 comments
To begin, we're a Windows shop that uses InTune as our MDM. We were recently informed that we needed to accommodate Macs in our environment (no choice here). We know Jamf is the number one MDM when it comes to Apple devices, but we are looking into using InTune if possible. Do any of you have experience managing Macs with InTune? Is it worth going down this road or should we just skip the headache and start off our device management with Jamf?
yehlalhai@reddit
End user here. Have a Mac.
Sys admin uses both Jamf and intune. The number of times my device has been out of compliance is not funny.
The whole drama of deleting certificates and then reinstalling them and policies …. And then magically a few days later the device is non-compliant.
I also run parallels on the Mac, and it’s always compliant
lewis_943@reddit
Start with Jamf, but get the identity connector for SSO and write devices back to Intune/Entra so you can use Jamf's compliance evaluation in your conditional access policies still.
There's so many things that Jamf just makes easier than intune. If you're not getting the extra man power to do the double-handling required to make intune "work" for mac, go with the software that expedites things.
National_Display_874@reddit
If budget isn’t a concern, Jamf is a great option for managing Apple devices. However, if you’re open to alternatives, consider SureMDM—a user-friendly and budget-friendly choice for managing your growing Mac fleet.
SpotlessCheetah@reddit
How many Macs could there be if you scale up? Intune will work but if you're going to start going beyond 100 then JAMF Pro is definitely better. I think you have to have a minimum to get JAMF Pro anyway.
Numerous-Card1025@reddit (OP)
We're hoping to domain join for policy management. I've heard there's a lot of issues with domain joining Macs. Jamf has a work around but was hoping someone was able to successfully do it.
Sasataf12@reddit
You don't need to domain join to do policy management.
The only benefit of domain joining is the ability to use your IdP credentials to sign into the Mac.
gumbrilla@reddit
The other way is platform sso, so using Mac credentials to sign into Windows stuff,which is something I'm looking at now..
baremetalrecovery@reddit
Intune and Jamf work together really well. The best answer is "Yes, both". You will find limitations with Intune, but, if budgets are limited, obviously you're going to have to decide what trade offs to make.
22MilesPorch@reddit
lol
mac easier to manage as windows machines in intune...
Sonicwall_4500@reddit
Depends on how in depth you want to get into controlling the Mac's. we use intune for our windows machines and use kandji for our Macs and iPhone, no complaints. we like to control IOS and OS pushes and alerts on our user machines and bunch of other hardening and security features. things we could not do at the time with intune with the apple ecosystem.
Numerous-Card1025@reddit (OP)
Does Kandji offer features Jamf doesn't?
Taboc741@reddit
Probably not, but it definitely offers features Intune doesn't.
Intune is last on my picks for a macOS mdm. I'm not even super impressed for windows/android even. I hate how long it takes for anything to make it out to clients.
My team was joking just this morning about a config push taking 1-3 business days before the end user will notice. It's not that long really, but it is awfully slow, versus Jamf where I push a change and seconds later the Mac is doing things for config profiles and policies are under 30 minutes usually.
jlaine@reddit
Shhhh - we just moved what was left of the ghost of SMS in SCCM over to Intune, it's part of the whole experience.
ObeseBMI33@reddit
Yes
Rohit_survase01@reddit
If you're exploring options beyond Jamf and Intune, consider checking out Scalefusion MDM. It's a versatile solution that's great for managing both Windows and macOS devices, making it ideal for mixed environments like yours. it is user-friendly and offers robust features for device management.
mikhaila15@reddit
Intune simply doesn't have the feature parity of other MDMs, such as Jamf.
You can enrol them in Intune but you'll spend a lot of time building systems around Intune to make it work in the way you expect.
Jamf can be like that as well but at least it's designed around it's flexibility with it's API.
rotoddlescorr@reddit
This might help.
https://old.reddit.com/r/macsysadmin/comments/1be2sl8/jamf_vs_intune/
clybstr02@reddit
I’ve probably got 30 or 40 Macs in Intune today. Seems like decent capability. These are lightly managed, if I had to manage hundreds or thousands I might pick a different tool though
Numerous-Card1025@reddit (OP)
Are your Macs domain joined? Any issues?
clybstr02@reddit
No, they only access cloud only resources
HellDuke@reddit
Depends on what you expect from it. Right now we have 2 solutions for 2 different entities in our company, one is indeed Jamf, but we can't just put everything on it. The rest of what we need to manage is maybe 30 or so devies. For that low a count we setup Mosyle as a solution. Works fine so far and is slightly cheaper.
As for using Intune... We don't have Intune as we don't use Azure even, but my personal expectation would be that it's something that is not designed for managing Macs but has a bolted on capability, which is rarely going to be as good as a dedicated solution.
cardrosspete@reddit
You can't do it with inTune alone ( although I understand there is a more fully featured mac option coming soon ). JAMF is worth the money in my experience ( run both at scale for a while ).