The JamfNation community is really helpful and you won’t run across many issues that someone there hasn’t already.įWIW I use Jamf for macOS/iOS and Intune for Windows with BigFix CoManagement. You can do the basics easily through the gui or dig deep and really manipulate macOS through scripting.
The downside is that there is a steep learning curve because the logic is based around conditions and workflows.
with a great interface and superior device inventory. Jamf does all the things, configuration, software pushes, native scripting, account management, etc.
Documentation and support for Intune is also soarse and shitty. That being said if you have no budget but are already licensed for it it’s better than nothing. The interface is ugly and shows little information in the console for devices that you might want to see ( looking at you IP addresses ). It is also clunky, slow, and unreliable especially for updating dynamic groups and not to be trusted for anything time sensitive. Intune can enforce settings and pretty much push any config allowed in the MDM framework as well as push software and conditional access if you’re licensed for it. On Windows this isn't really a problem, you can always sign in as a backup account or Domain Admin since the machines are Azure joined. We want to avoid a situation where a user with a retail Mac forgets their logon password, and we're SOL because we didn't create/document a 2'nd local admin on that machine. I'm struggling to find an answer for user management on retail macs. You can enable Mac sign on via Azure AD if the machine was purchased through ABM, but if the device is a 'personal' Mac (either purchased retail or BYOD), the Mac logon will always be different from the Apple ID. So with that, what benefits do I have for paying for JAMF? What does it provide that Intune doesn’t?Īlso, do I understand correctly that you can't really 'Azure Join' a Mac like you can a Windows PC.
\- If you have Apple Business Manager you can federate to Azure AD, and create Managed Apple ID's, which can be used by employees to sign into a machine, if that machine was purchased from Apple or an Apple Reseller & enrolled into ABM. \- Push down required applications to the machine, offer other apps via the Company Portal App. Things like enabling FileVault, storing keys in Azure, etc are all possible. It seems like with Intune you can: \- Install the Company Portal app, and push policies to the device. I've been asked with finding a solution to manage Macs, and after some research & testing, I'm a little bit confused. Hey Mac Admins, We're a Windows shop using Office 365 E3 + EMS & Security E3, all users in Azure AD.
0 kommentar(er)
