Need a Lightweight MDM
Posted by hyatt_1@reddit | sysadmin | View on Reddit | 26 comments
I'm looking for a lightweight MDM we can use for our BYOD employees.
We are a education company so basically 0 budget. Looking to see if anyone has recommendations of opensource or unlimited device plans as everything I'm finding is priced at per device per month and the cost balloons.
Requirements:
Must support 1000+ devices
Must support Windows, MacOS, iOS and Android devices
Must check:
OS is up to date,
Device Encryption is enabled,
AV is installed enabled and up to date,
Firewall is on,
Device password is enabled.
A very tall order I'm aware as I've been looking for a week or so and haven't found anyone that fits the bill.
Dry_View4398@reddit
For BYOD, most MDMs charge per device so a thousand endpoints will definitely add up. Mosyle has a free tier for business, not sure about the exact count(Apple only though). For cross-platform, Hexnode MDM is something that we use..we use it mainly to manage more than 100 of our corporate devices, it has decent BYOD policies too – from what you listed, it can check for OS updates, encryption, and firewall.. but pricing scales with device count - they have a free trial so you might have to look into that.
MentalRip1893@reddit
BYOD? MAM policies.
plump-lamp@reddit
This is about as cheap as you're gonna get https://www.manageengine.com/mobile-device-management/
Noobmode@reddit
Ew brother ew
plump-lamp@reddit
Honestly it's better than intune MDM and actually works well
jonnyutah1366@reddit
1000+ devices.
a thousand.
one thousand.
wow.
you need to re-align expectations here.
it'd be a tall order for 1 hundred devices for free.
a thousand ? you're having a laugh...
SoyBoy_64@reddit
Yeah dude is not going to find a free option. I’ve been trying out fleetdm for MDM and have been liking it so far and it’s not an arm and a leg. If m365 is being used you can also just go the Intune route and do everything through the company portal. Idk.
SevaraB@reddit
…
Some of this is going to be system access way outside any level you should legitimately be expecting into devices you don’t own.
MDM is that expensive because it’s a service they run for you keeping a constant line of sight to your managed devices.
What you need to be doing here is cutting down how much is exposed to BYOD, not blowing more money on doubling down on a terrible BYOD “design.” This sounds like you aren’t managing any ingress, and you’re complaining that using MDM to manage egress on stuff you don’t own instead is expensive.
SoyBoy_64@reddit
MDM ISNT RMM
hyatt_1@reddit (OP)
We’ve already limited the access these users have substantially but our board are set on us getting Cyber Essentials+ certified and that required that all byod devices have these minimum checks.
llDemonll@reddit
That’s more of a conditional access policy than an MDM requirement when it comes to BYOD.
unccvince@reddit
Cheapest is to put them on the vlan of shits with printers and forget they are there.
nismaniak@reddit
InTune
SpotlessCheetah@reddit
Nobody should install MDM on their BYOD devices.
shikkonin@reddit
Ok..
Hell nah.
Substantial-Fruit447@reddit
1000+ devices is Enterprise.
You're going to have to pay for Enterprise service and licensing.
If you're already using O365, you likely already have Intune included (Intune Plan 1 is included with M365 E3/E5 license plans)
clobyark@reddit
FleetDM
kaziuma@reddit
I make the assumption that you're already using O365 for communication/collaboration.
Intune is your best best for this amount of BYOD devices.
You cannot do this for free, especially for such a large amount of devices.
Get budget or you're not getting certified. The whole point of certification is that it proves your organization is investing some amount of time and money into caring about the basics.
Extension-Most-150@reddit
You might want to look into ScalefusionMDM Solution. It’s cross-platform (Windows, macOS, iOS, Android) and covers the basics like OS compliance, encryption, AV, firewall, and password checks. Not open source, but could be a lightweight option if you need something that still ticks those boxes.
davcreech@reddit
Munki is free but pretty sure it’s macOS only (maybe iOS).
davcreech@reddit
Just macOS
Ci7rix@reddit
Munki is not an MDM, more like a private AppStore.
Ok_Explanation_4366@reddit
Yeah, you're not gonna be able to find anything like that for near free prices dude.
Cheapest would probably be Intune for Windows and SOTi MobiControl self hosted for all other platforms. Expect to budget on average 7-10 dollars a year per device.
hyatt_1@reddit (OP)
That’s what I thought but sometimes there is a hidden gem only Reddit knows about so had to ask the stupid question!
Ok_Explanation_4366@reddit
Maybe it's time to make violent threats to the finance department if this is how they're expecting you to run IT.
Joestac@reddit
What you are looking for is InTune, but as you know, not free. I would be shocked if you found something that checked all those boxes at zero cost. You might need to manage some expectations here either on yourself, or whoever asked you to implement this. If you are already an O365 shop, can't hurt to get pricing on adding InTune.