MDM for Apple devices
Posted by smalltimesysadmin@reddit | sysadmin | View on Reddit | 58 comments
I'm on the hunt for a good MDM for Apple devices, primarily iPads and iPhones. The environment I inherited from the previous guy is Mosyle, primarily because of it's price. (free) It is super confusing and a pain to use. I think it's because its primary target customer market is K12 EDU, when we're corporate. Some of the primary things that come to mind that I'm looking for in an MDM include:
App deployment, per department Locking out non-approved apps Wifi configuration Lock/PIN requirements Configuration/enforcement of Cisco Umbrella content filtering policies Finding devices
We're a Microsoft house, and I know Intune has some control, but I'm not entirely sure if it's able to do what I need. TBH, I haven't played around with it a ton. I'm not looking for anything super-fancy, but functional and relatively easy to manage is needed. I'm not sure I can spend a ton per device per year, but I think I can swing more than free. Suggestions are very much appreciated.
performanceexperts@reddit
For your Apple environment (iPads/iPhones), Intune is the most natural fit if you’re already a Microsoft house it can handle app deployment, restrictions, Wi-Fi profiles, PIN policies, device tracking, and even work with tools like Cisco Umbrella via Conditional Access. If Intune feels too complex, Apple-focused MDMs like Jamf, Kandji, or Mosyle Business are simpler and more streamlined for iOS management, with Mosyle also being a budget-friendly option. For a balance of ease and control without heavy setup, solutions like AppTec360 can also be considered as a straightforward alternative for managing Apple devices efficiently.
maraley01@reddit
If you’re a Microsoft-heavy environment, Intune is usually the easiest starting point since it keeps everything in one ecosystem and covers most basics like app deployment, Wi-Fi, PIN policies, and device restrictions, even though it’s not as Apple-deep as Jamf. Jamf is the most powerful and polished option for Apple devices but comes with higher cost and complexity, while Mosyle is more budget-friendly but can feel confusing depending on your use case. If you want something simpler and more straightforward without heavy complexity, tools like AppTec360 can also be considered as they focus on core device management without overcomplicating the setup.
andrewthomas112@reddit
Perhaps your first best choice would be Microsoft Intune since you are operating in a Microsoft-based environment. It is capable of managing iPads and iPhones with features such as app deployment per department, Wi-Fi profiles, PIN/passcode policies, compliance controls, and Microsoft 365 integration. On the other hand, if you want to manage Apple devices in a more detailed way, Jamf Pro is widely regarded as the most powerful one for Apple devices and is very well complemented by the restrictions, inventory, and Apple Business Manager features but on the other hand, it is more costly. If you prefer budget and straightforwardness, there are also AppTec360-type solutions that can meet the mobile app control, security policies, device tracking, and configuration management needs without much complexity.
hangar_49@reddit
If Mosyle feels too education-focused, you’re not wrong - the free tier can be limiting in corporate environments. Since you’re already a Microsoft shop, Intune is a sensible place to start. It can handle app deployment, device restrictions, Wi-Fi profiles, passcode policies, and basic compliance without adding another vendor to manage.
For tighter Apple-specific control and a smoother admin experience, it may be worth trialing a few Apple-focused MDMs as well, especially if you need strong app control and content filtering integration. The best choice usually comes down to how much automation and visibility you want versus how much time you can spend managing it.
Dry_View4398@reddit
If you’re already using Microsoft tools, Intune fits in well and handles most iOS basics, but for more corporate-focused control, you’ll probably want to aim a bit higher. Hexnode is a strong cross-platform option that covers all the essentials you mentioned - app deployment, Wi-Fi, lock policies - and even handles cisco filtering through custom scripting, which makes it a great fit overall. Other cross platforms like JumpCloud and Miradore would also fit your requirement.
National_Display_874@reddit
You could check out SureMDM - it’s a solid option for managing iPhones and iPads without making things complicated. It lets you handle app deployments by department, push Wi-Fi settings, enforce passcodes, and restrict unapproved apps from one place. It also works well with for content filtering with the Web Content filter feature.
Thick_Yam_7028@reddit
Token > Intune.
Jamf is super easy but lack corp.
Adam_Kearn@reddit
we use intune MDM for all our iPads and iPhones and it works a treat. The only thing I can’t confirm is the filtering as we use watchguard for this instead.
But it works in all other areas - most MDMs are all the same anyway with what’s available for control so I doubt this will be a problem.
It’s nice having everything in one portal for management IMO.
hobo122@reddit
How quickly do iPads receive commands from intune? It’s usually less than a minute in Jamf. Is intune comparable?
smalltimesysadmin@reddit (OP)
In my limited testing, app installs and general config seemed to happen within a few minutes. Remote reboots seemed to happen in less than a minute.
smalltimesysadmin@reddit (OP)
I started playing with Intune today. It's looking pretty encouraging to meet the needs. I'm still working to figure out the finer points of locking out apps, but I think it is going to be the ticket. It's definitely easier for me than Mosyle.
orion3311@reddit
Yep moved from Maas360 to intune; while the initial setup and learning curve will drive you to drink, Im much happier. Theres definitely pros and cons but works for us.
Adam_Kearn@reddit
Yeah once you learn how to navigate the portal it’s pretty simple.
Makes it easy to set windows and MDM policies
dodexahedron@reddit
And re-learn every quarter when they spend a major part of the interface because reasons. 🙄
At least the Intune portal, specifically, has been more consistent than most others, while they shuffle all the other products around to optimize that sweet sweet subscription revenue and do the usual half-assed re-branding job that comes with every new name for the cloud services.
LabRepresentative777@reddit
Intune. I’ve tried many of them and they all seem the same. I think Apple only releases what a mdm can do. Apple DEP also has their own mdm. Never tried it but worth a shot if you have your devices in their dep program
No-Hippo-6388@reddit
Not intune related but we love using Apple Business Essentials as an MDM
Magic_Sea_Pony@reddit
Since you are already a Microsoft shop use In-Tune and combine it with Apple Business Manager. You’ll have to buy iPads from reputable VARs who automagically provision iPads to your Apple Business account (it’s free) and can set it up to automate profile downloads and registrations via in-tune. This is what we do and it’s honestly a set and forget type of design..
ThePegasi@reddit
You can manually enrol iPads in to ABM but I think it involves a 30 day grace period where users can unenrol which is obviously a pain. Same for M series chip Macs or Intel ones with a T2 chip.
Magic_Sea_Pony@reddit
Yeah you can manually do it too with the Apple Configurator app and you don’t need to wait 30 days? At least it’s been running so long I can’t remember ever having to do that.
ThePegasi@reddit
Oh no you don’t need to wait 30 days for it to work, it’ll be in ABM immediately. But iirc there’s a message on the lock screen basically saying this device has been manually added to device enrolment and users can undo this in settings. I guess it’s to prevent bad actors hijacking someone’s personal device by adding it to ABM, as this can potentially be done quite quickly if they leave the device unattended.
BonusAcrobatic8728@reddit
Intune isn't really amazing for mac and ios. i use primo but you're looking to spend about 7$ per month per employee more or less
SetylCookieMonster@reddit
In my experience working with mostly mid-sized and larger corporates, we're seeing a split in popularity:
Jamf has historically been, and still is, the go-to. Kandji/Iru was gaining traction, but has now changed its offering and rebranded, so not sure how that will play out. Few use Addigy (smaller company). And some customers use Intune, but of course its capabilities just aren’t as comprehensive
P1nk_D3ath@reddit
I’ve used Jamf, Mosyle and Addigy. I like Addigy the most. Best interface, flexibility in management of policies and nice feature set.
AnorexicLlama28@reddit
+1 for Addigy
AnorexicLlama28@reddit
Addigy
Yagp1@reddit
Okay, here's the lowdown on these mobile device management options:
1. Scalefusion:
* Focuses on Android-Enterprise stuff like kiosk mode, enrolling lots of devices at once, setting up virtual fences, and remote access. Costs about $2-$3 per device each month.
2. Miradore:
* Simple and good for smaller businesses and schools. Quick to get Android devices going and lets you set some basic rules. They have a free option, but the paid version is around $2.75/device monthly.
3. IBM MaaS360:
* Super secure and meant for big companies. Supports a bunch of operating systems, has some fancy AI stuff, and good features for Android. Starts at about $4/device each month, but it can change.
4. Hexnode:
* Doesn't cost a lot, but still pretty powerful. Handles Android kiosks, supports UEM, and can set up lots of devices. Starts at around $2.20/device every month.
5. ManageEngine Mobile Device Manager Plus:
* Loaded with features and won't break the bank. Helps enroll Android devices, supports BYOD, and lets you control device/app policies. Costs around $1.95-$2.25/device monthly.
tweetsangel@reddit
We've had similar experiences managing Apple devices in an enterprise environment, and, while Mosyle is perfect for education, it feels a little clunky for business purposes. Since you are already using Microsoft, Microsoft Intune may be a great option -- it integrates with Azure AD without a hitch, allows app deployment by department, allows WiFi and PIN policies, and allows for tracking of lost devices reasonably well. If you want to explore other options, Jamf Now is an easiest to manage MDM and is built for Apple devices and works great for small to mid-size businesses. Overall, it really depends on how deep into integration vs. simplicity you want to go, but Intune and Jamf Now are both solid starting points for corporate Apple fleets.
Extension-Most-150@reddit
I’m from ScalefusionMDM team, you could try Scalefusions Apple MDM, which is easy to use, affordable, and built for both business and education. It supports app deployment by department, Wi-Fi and PIN policies, app restrictions, device tracking. A solid option if you want simple and effective Apple device management.
ChromeShavings@reddit
Also look into NinjaMDM. It works great for my team. It’s policy driven but can do everything you listed. And it’s blazing fast. Completely customer-driven model. The only thing missing (in the works) is a company portal. But it’s roadmapped!
Darkhexical@reddit
We've had issues with profiles installing. It can normally be fixed by resetting the phone and installing latest iOS but that takes a little bit to do. Also have had to recreate policies for their mdm as well as it seems the old one some how got corrupted and would no longer save.
b0mfunk@reddit
It’s been said a few times already, but if your MS licensing covers Intune, it’s a no brainer…
You could even ‘play with it’ along side and get a good feel for it before making any drastic decisions.
guzhogi@reddit
Check out the r/macsysadmin subreddit, as that’s specifically Mac (and Apple) oriented.
From what I’ve seen, many people like Mosyle due to cost. Intune seems to be mainly Windows-oriented with Apple support bolted on. Jamf is probably the big name Apple MDM, albeit pricey. Jamf just got bought out by I think a private equity firm, so expect prices to go higher.
badogski29@reddit
MacOS with Intune is no go if you're deploying a lot. But iOS/iPad OS works just fine.
badogski29@reddit
If you already have access to Intune with your licensing, its no brainer to go with it. iOS/iPad OS works perfectly fine with Intune.
BWMerlin@reddit
We use Workspace ONE for all devices and I haven't found any issues with it.
Dizzy_Bridge_794@reddit
Switched from Airwatch to Intune. There is a learning curve. You also might need a Mac laptop to program the devices for MDM management. But glad we switched.
insufficient_funds@reddit
I don’t manage it but my org uses maas360 for thousands of phones. Seems to work well
Serafnet@reddit
We use Jamf for our Apple fleet and it works well.
981flacht6@reddit
Hmm Mosyle is actually considered one of the better ones, yeah it's geared towards K12 but that's where Apple products are more used historically. They should be able to do what you need and they have good customer support.
I did look at it many years ago and preferred Jamf Pro so we went w Jamf Pro but for just iOS it's nice Mosyle will let you manage it for free.
dimx_00@reddit
Give Simple MDM a try they have free trial and their pricing is available directly on the website. The documentation is available for all features and the interface is very intuitive. I know everyone mentioned Intune but for iOS I think Simple MDM is way better. We’ve used it for about 6 years now, no complaints.
Look-Here-Now@reddit
I use simple as well and have been very happy -
carcaliguy@reddit
Intume was more expensive than hexnode and works just as well.
I manage hundreds of iPads in hexnode and the support is too level. MS support sucks. I use the API to share data into an internal Database and let HR assign all the Available devices to the users. Once I setup in hexnode I'm done with one policy that adds WiFi, removes all the apple bloat and installs my work related apps.
I use it for location also so I don't have to deal with apples crap. I hate apple software but like the hardware for battery life and old non-tech field users.
I have tried others but hexnode has been great, so much that I might use it on windows desktops in the future. I don't like giving apple or MS money when other do it better or easier and cheaper.
hgst-ultrastar@reddit
Mosyle has two offerings. One is edu and is free for education. It’s very limited, but great for free. I’d recommend Mosyle (business) or Jamf. All MDMs do configuration management just fine because they’re all just Apples push service under the hood. The thing that makes MDMs worth it or not is how they handle software deployment through their binary agents. Jamf is the gold standard but Mosyle free + running your own Munki works as well—just a lot more hands on work required to set it up.
Frothyleet@reddit
Jamf has historically been the market leader for iOS but there are a million MDM solutions out there.
If you are already licensed for Intune, you should just deploy that.
Fine-Subject-5832@reddit
Probably Intune if you are already a windows shop. The new Iru MDM looks cool though too.
QuiteFatty@reddit
I have had good luck with Jamf, but they just got bought out via private equity so I expect enshitification incoming.
IDontWantToArgueOK@reddit
We have paid Mosyle and it easily does everything you've listed. Their support is also great. No real complaints other than if you add the wifi profile before the OOTBE it will get stuck.
Current_Anybody8325@reddit
We use WorkspaceOne (formerly AirWatch) - however, when it comes to iOS, it doesn't really matter what you choose. Outside of some minor functional differences - they are all just leveraging Apple's Configurator 2 profiles and all do essentially the same thing. Apple is who controls what can be configured via profile on iOS - NOT the MDM vendor. Just find one that you're comfortable with and fits in your budget.
canadian_sysadmin@reddit
None of those requirements seem terribly unique, so virtually any MDM could do what you need.
Appreciate that most MDMs are all going to control the same things, so in this sense most of them are very similar. They all hook into ABM, DEP, VPP, etc.
Instead, what you may want to look out for is all the 'other' stuff a given MDM can do, or other integration options they offer. For example, if you're in the Microsoft world for other stuff, InTune will make sense (given its tightly integrated into Entra/365).
Jamf is historically the king of Apple MDMs. Their platform is extremely mature and highly polished with a ton of functionality. They were doing Apple MDM before MDM was popular.
gsk060@reddit
These are all a piece of piss with Mosyle. How many devices do you have on it? Happy to help if you want to DM.
FatBoyStew@reddit
I haven't used heavily in our environment, but we use Sophos MDM for a handful of iPads that seems to work well. That said, I use it on like 10 iPads and don't have to make changes often.
-Racer-X@reddit
went from intune to hexnode recently, cheaper just as good
dsco88@reddit
If you're a MS house, Intune (MEM) is the way to go. It takes a little effort to get it set up properly, but just document as you go and you'll be fine.
krock31415@reddit
10 years ago there were a few players in this space a clear cut above the rest. Now it seems all the major brands are on par.
If you are a Microsoft shop then intune makes a lot of sense. Microsoft licensing is never easy to navigate but intune is likely something you already pay for.
Hatethyself69@reddit
We use Mosyle Fuse and have been happy so far. Admin on demand is my favorite feature.
FoxFired@reddit
Bit of a ballsy manoeuvre here - I work at a VAR and can definitely help you out with this. We work with Intune and other MDM solutions all the time, so we can make sure you get something that’s easy to manage and ticks all those boxes without blowing the budget. Drop me a message and we’ll sort you out!
ITMule@reddit
Maybe the issue was the setup made by the previous guy. We use Mosyle (Fuse) on a corporate environment with over 1k devices (switched years ago from Jamf) and it's great. If you're using Mosyle free, probably your account has very few devices right? First, make sure you guys are using the correct Mosyle product for corporate customers (business.mosyle.com) and NOT their education products (school.mosyle.com). If you are using their business product, I would reach out to them and ask for an account review/optimization. Tell them you inherit the account from other person and believe the implementation design wasn't ideal. They will probably be able to help you. When properly configured (what is not a complex thing to do) Mosyle products for corporate are great and in my opinion way better than competitors.
fieroloki@reddit
I've used Miradore for a few years now and like it.